SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1174-1)

Critical Nessus Plugin ID 84545

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues.

The following vulnerabilities have been fixed :

CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the ipv4 stack can cause crashes if a disconnect is followed by another connect() attempt. (bnc#929525)

CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bnc#928130)

CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bnc#927257)

CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (bnc#922583)

CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bnc#926240)

CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
(bnc#919463)

CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
(bnc#919018)

CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
(bnc#919007)

CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
(bnc#915577)

CVE-2015-0777: drivers/xen/usbback/usbback.c in 1 -2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bnc#917830)

CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. (bnc#918333)

CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. (bnc#912202)

CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (bnc#911326)

CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bnc#914742)

CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
(bnc#900881)

Also

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP3 for VMware :

zypper in -t patch slessp3-kernel=10717 slessp3-kernel=10740

SUSE Linux Enterprise Server 11 SP3 :

zypper in -t patch slessp3-kernel=10717 slessp3-kernel=10718 slessp3-kernel=10719 slessp3-kernel=10720 slessp3-kernel=10740

SUSE Linux Enterprise High Availability Extension 11 SP3 :

zypper in -t patch slehasp3-kernel=10717 slehasp3-kernel=10718 slehasp3-kernel=10719 slehasp3-kernel=10720 slehasp3-kernel=10740

SUSE Linux Enterprise Desktop 11 SP3 :

zypper in -t patch sledsp3-kernel=10717 sledsp3-kernel=10740

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=831029

https://bugzilla.suse.com/show_bug.cgi?id=877456

https://bugzilla.suse.com/show_bug.cgi?id=889221

https://bugzilla.suse.com/show_bug.cgi?id=891212

https://bugzilla.suse.com/show_bug.cgi?id=891641

https://bugzilla.suse.com/show_bug.cgi?id=900881

https://bugzilla.suse.com/show_bug.cgi?id=902286

https://bugzilla.suse.com/show_bug.cgi?id=904242

https://bugzilla.suse.com/show_bug.cgi?id=904883

https://bugzilla.suse.com/show_bug.cgi?id=904901

https://bugzilla.suse.com/show_bug.cgi?id=906027

https://bugzilla.suse.com/show_bug.cgi?id=908706

https://bugzilla.suse.com/show_bug.cgi?id=909309

https://bugzilla.suse.com/show_bug.cgi?id=909312

https://bugzilla.suse.com/show_bug.cgi?id=909477

https://bugzilla.suse.com/show_bug.cgi?id=909684

https://bugzilla.suse.com/show_bug.cgi?id=910517

https://bugzilla.suse.com/show_bug.cgi?id=911326

https://bugzilla.suse.com/show_bug.cgi?id=912202

https://bugzilla.suse.com/show_bug.cgi?id=912741

https://bugzilla.suse.com/show_bug.cgi?id=913080

https://bugzilla.suse.com/show_bug.cgi?id=913598

https://bugzilla.suse.com/show_bug.cgi?id=914726

https://bugzilla.suse.com/show_bug.cgi?id=914742

https://bugzilla.suse.com/show_bug.cgi?id=914818

https://bugzilla.suse.com/show_bug.cgi?id=914987

https://bugzilla.suse.com/show_bug.cgi?id=915045

https://bugzilla.suse.com/show_bug.cgi?id=915200

https://bugzilla.suse.com/show_bug.cgi?id=915577

https://bugzilla.suse.com/show_bug.cgi?id=916521

https://bugzilla.suse.com/show_bug.cgi?id=916848

https://bugzilla.suse.com/show_bug.cgi?id=917093

https://bugzilla.suse.com/show_bug.cgi?id=917120

https://bugzilla.suse.com/show_bug.cgi?id=917648

https://bugzilla.suse.com/show_bug.cgi?id=917684

https://bugzilla.suse.com/show_bug.cgi?id=917830

https://bugzilla.suse.com/show_bug.cgi?id=917839

https://bugzilla.suse.com/show_bug.cgi?id=918333

https://bugzilla.suse.com/show_bug.cgi?id=919007

https://bugzilla.suse.com/show_bug.cgi?id=919018

https://bugzilla.suse.com/show_bug.cgi?id=919357

https://bugzilla.suse.com/show_bug.cgi?id=919463

https://bugzilla.suse.com/show_bug.cgi?id=919589

https://bugzilla.suse.com/show_bug.cgi?id=919682

https://bugzilla.suse.com/show_bug.cgi?id=919808

https://bugzilla.suse.com/show_bug.cgi?id=921769

https://bugzilla.suse.com/show_bug.cgi?id=922583

https://bugzilla.suse.com/show_bug.cgi?id=923344

https://bugzilla.suse.com/show_bug.cgi?id=924142

https://bugzilla.suse.com/show_bug.cgi?id=924271

https://bugzilla.suse.com/show_bug.cgi?id=924333

https://bugzilla.suse.com/show_bug.cgi?id=924340

https://bugzilla.suse.com/show_bug.cgi?id=925012

https://bugzilla.suse.com/show_bug.cgi?id=925370

https://bugzilla.suse.com/show_bug.cgi?id=925443

https://bugzilla.suse.com/show_bug.cgi?id=925567

https://bugzilla.suse.com/show_bug.cgi?id=925729

https://bugzilla.suse.com/show_bug.cgi?id=926016

https://bugzilla.suse.com/show_bug.cgi?id=926240

https://bugzilla.suse.com/show_bug.cgi?id=926439

https://bugzilla.suse.com/show_bug.cgi?id=926767

https://bugzilla.suse.com/show_bug.cgi?id=927190

https://bugzilla.suse.com/show_bug.cgi?id=927257

https://bugzilla.suse.com/show_bug.cgi?id=927262

https://bugzilla.suse.com/show_bug.cgi?id=927338

https://bugzilla.suse.com/show_bug.cgi?id=928122

https://bugzilla.suse.com/show_bug.cgi?id=928130

https://bugzilla.suse.com/show_bug.cgi?id=928142

https://bugzilla.suse.com/show_bug.cgi?id=928333

https://bugzilla.suse.com/show_bug.cgi?id=928970

https://bugzilla.suse.com/show_bug.cgi?id=929145

https://bugzilla.suse.com/show_bug.cgi?id=929148

https://bugzilla.suse.com/show_bug.cgi?id=929283

https://bugzilla.suse.com/show_bug.cgi?id=929525

https://bugzilla.suse.com/show_bug.cgi?id=929647

https://bugzilla.suse.com/show_bug.cgi?id=930145

https://bugzilla.suse.com/show_bug.cgi?id=930171

https://bugzilla.suse.com/show_bug.cgi?id=930226

https://bugzilla.suse.com/show_bug.cgi?id=930284

https://bugzilla.suse.com/show_bug.cgi?id=930401

https://bugzilla.suse.com/show_bug.cgi?id=930669

https://bugzilla.suse.com/show_bug.cgi?id=930786

https://bugzilla.suse.com/show_bug.cgi?id=930788

https://bugzilla.suse.com/show_bug.cgi?id=931014

https://bugzilla.suse.com/show_bug.cgi?id=931015

https://bugzilla.suse.com/show_bug.cgi?id=931850

http://www.nessus.org/u?e1c8e5da

http://www.nessus.org/u?4f0219dd

http://www.nessus.org/u?15a25b8b

http://www.nessus.org/u?58b62ba1

http://www.nessus.org/u?631f6767

http://www.nessus.org/u?58f65758

http://www.nessus.org/u?ef02f47f

http://www.nessus.org/u?84917562

http://www.nessus.org/u?0db92481

http://www.nessus.org/u?f112eac1

https://www.suse.com/security/cve/CVE-2014-8086/

https://www.suse.com/security/cve/CVE-2014-8159/

https://www.suse.com/security/cve/CVE-2014-9419/

https://www.suse.com/security/cve/CVE-2014-9529/

https://www.suse.com/security/cve/CVE-2014-9683/

https://www.suse.com/security/cve/CVE-2015-0777/

https://www.suse.com/security/cve/CVE-2015-1421/

https://www.suse.com/security/cve/CVE-2015-2041/

https://www.suse.com/security/cve/CVE-2015-2042/

https://www.suse.com/security/cve/CVE-2015-2150/

https://www.suse.com/security/cve/CVE-2015-2830/

https://www.suse.com/security/cve/CVE-2015-2922/

https://www.suse.com/security/cve/CVE-2015-3331/

https://www.suse.com/security/cve/CVE-2015-3339/

https://www.suse.com/security/cve/CVE-2015-3636/

http://www.nessus.org/u?6a0a953a

Plugin Details

Severity: Critical

ID: 84545

File Name: suse_SU-2015-1174-1.nasl

Version: 2.9

Type: local

Agent: unix

Published: 2015/07/06

Updated: 2018/11/29

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-bigsmp, p-cpe:/a:novell:suse_linux:kernel-bigsmp-base, p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-pae-extra, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-xen-extra, p-cpe:/a:novell:suse_linux:xen-kmp-default, p-cpe:/a:novell:suse_linux:xen-kmp-pae, cpe:/o:novell:suse_linux:11

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/07/02

Reference Information

CVE: CVE-2014-8086, CVE-2014-8159, CVE-2014-9419, CVE-2014-9529, CVE-2014-9683, CVE-2015-0777, CVE-2015-1421, CVE-2015-2041, CVE-2015-2042, CVE-2015-2150, CVE-2015-2830, CVE-2015-2922, CVE-2015-3331, CVE-2015-3339, CVE-2015-3636

BID: 70376, 71794, 71880, 72356, 72643, 72729, 72730, 73014, 73060, 73699, 73921, 74235, 74243, 74315, 74450