Detections
Analytics
SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1174-1)
medium Nessus Plugin ID 84545
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues.The following vulnerabilities have been fixed :
CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the ipv4 stack can cause crashes if a disconnect is followed by another connect() attempt. (bnc#929525)
CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bnc#928130)
CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bnc#927257)
CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (bnc#922583)
CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bnc#926240)
CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
(bnc#919463)
CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
(bnc#919018)
CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
(bnc#919007)
CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
(bnc#915577)
CVE-2015-0777: drivers/xen/usbback/usbback.c in 1 -2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bnc#917830)
CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. (bnc#918333)
CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. (bnc#912202)
CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (bnc#911326)
CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bnc#914742)
CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
(bnc#900881)
Also
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use YaST online_update.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 11 SP3 for VMware :
zypper in -t patch slessp3-kernel=10717 slessp3-kernel=10740
SUSE Linux Enterprise Server 11 SP3 :
zypper in -t patch slessp3-kernel=10717 slessp3-kernel=10718 slessp3-kernel=10719 slessp3-kernel=10720 slessp3-kernel=10740
SUSE Linux Enterprise High Availability Extension 11 SP3 :
zypper in -t patch slehasp3-kernel=10717 slehasp3-kernel=10718 slehasp3-kernel=10719 slehasp3-kernel=10720 slehasp3-kernel=10740
SUSE Linux Enterprise Desktop 11 SP3 :
zypper in -t patch sledsp3-kernel=10717 sledsp3-kernel=10740
To bring your system up-to-date, use 'zypper patch'.
See Also
https://bugzilla.suse.com/show_bug.cgi?id=831029
https://bugzilla.suse.com/show_bug.cgi?id=877456
https://bugzilla.suse.com/show_bug.cgi?id=889221
https://bugzilla.suse.com/show_bug.cgi?id=891212
https://bugzilla.suse.com/show_bug.cgi?id=891641
https://bugzilla.suse.com/show_bug.cgi?id=900881
https://bugzilla.suse.com/show_bug.cgi?id=902286
https://bugzilla.suse.com/show_bug.cgi?id=904242
https://bugzilla.suse.com/show_bug.cgi?id=904883
https://bugzilla.suse.com/show_bug.cgi?id=904901
https://bugzilla.suse.com/show_bug.cgi?id=906027
https://bugzilla.suse.com/show_bug.cgi?id=908706
https://bugzilla.suse.com/show_bug.cgi?id=909309
https://bugzilla.suse.com/show_bug.cgi?id=909312
https://bugzilla.suse.com/show_bug.cgi?id=909477
https://bugzilla.suse.com/show_bug.cgi?id=909684
https://bugzilla.suse.com/show_bug.cgi?id=910517
https://bugzilla.suse.com/show_bug.cgi?id=911326
https://bugzilla.suse.com/show_bug.cgi?id=912202
https://bugzilla.suse.com/show_bug.cgi?id=912741
https://bugzilla.suse.com/show_bug.cgi?id=913080
https://bugzilla.suse.com/show_bug.cgi?id=913598
https://bugzilla.suse.com/show_bug.cgi?id=914726
https://bugzilla.suse.com/show_bug.cgi?id=914742
https://bugzilla.suse.com/show_bug.cgi?id=914818
https://bugzilla.suse.com/show_bug.cgi?id=914987
https://bugzilla.suse.com/show_bug.cgi?id=915045
https://bugzilla.suse.com/show_bug.cgi?id=915200
https://bugzilla.suse.com/show_bug.cgi?id=915577
https://bugzilla.suse.com/show_bug.cgi?id=916521
https://bugzilla.suse.com/show_bug.cgi?id=916848
https://bugzilla.suse.com/show_bug.cgi?id=917093
https://bugzilla.suse.com/show_bug.cgi?id=917120
https://bugzilla.suse.com/show_bug.cgi?id=917648
https://bugzilla.suse.com/show_bug.cgi?id=917684
https://bugzilla.suse.com/show_bug.cgi?id=917830
https://bugzilla.suse.com/show_bug.cgi?id=917839
https://bugzilla.suse.com/show_bug.cgi?id=918333
https://bugzilla.suse.com/show_bug.cgi?id=919007
https://bugzilla.suse.com/show_bug.cgi?id=919018
https://bugzilla.suse.com/show_bug.cgi?id=919357
https://bugzilla.suse.com/show_bug.cgi?id=919463
https://bugzilla.suse.com/show_bug.cgi?id=919589
https://bugzilla.suse.com/show_bug.cgi?id=919682
https://bugzilla.suse.com/show_bug.cgi?id=919808
https://bugzilla.suse.com/show_bug.cgi?id=921769
https://bugzilla.suse.com/show_bug.cgi?id=922583
https://bugzilla.suse.com/show_bug.cgi?id=923344
https://bugzilla.suse.com/show_bug.cgi?id=924142
https://bugzilla.suse.com/show_bug.cgi?id=924271
https://bugzilla.suse.com/show_bug.cgi?id=924333
https://bugzilla.suse.com/show_bug.cgi?id=924340
https://bugzilla.suse.com/show_bug.cgi?id=925012
https://bugzilla.suse.com/show_bug.cgi?id=925370
https://bugzilla.suse.com/show_bug.cgi?id=925443
https://bugzilla.suse.com/show_bug.cgi?id=925567
https://bugzilla.suse.com/show_bug.cgi?id=925729
https://bugzilla.suse.com/show_bug.cgi?id=926016
https://bugzilla.suse.com/show_bug.cgi?id=926240
https://bugzilla.suse.com/show_bug.cgi?id=926439
https://bugzilla.suse.com/show_bug.cgi?id=926767
https://bugzilla.suse.com/show_bug.cgi?id=927190
https://bugzilla.suse.com/show_bug.cgi?id=927257
https://bugzilla.suse.com/show_bug.cgi?id=927262
https://bugzilla.suse.com/show_bug.cgi?id=927338
https://bugzilla.suse.com/show_bug.cgi?id=928122
https://bugzilla.suse.com/show_bug.cgi?id=928130
https://bugzilla.suse.com/show_bug.cgi?id=928142
https://bugzilla.suse.com/show_bug.cgi?id=928333
https://bugzilla.suse.com/show_bug.cgi?id=928970
https://bugzilla.suse.com/show_bug.cgi?id=929145
https://bugzilla.suse.com/show_bug.cgi?id=929148
https://bugzilla.suse.com/show_bug.cgi?id=929283
https://bugzilla.suse.com/show_bug.cgi?id=929525
https://bugzilla.suse.com/show_bug.cgi?id=929647
https://bugzilla.suse.com/show_bug.cgi?id=930145
https://bugzilla.suse.com/show_bug.cgi?id=930171
https://bugzilla.suse.com/show_bug.cgi?id=930226
https://bugzilla.suse.com/show_bug.cgi?id=930284
https://bugzilla.suse.com/show_bug.cgi?id=930401
https://bugzilla.suse.com/show_bug.cgi?id=930669
https://bugzilla.suse.com/show_bug.cgi?id=930786
https://bugzilla.suse.com/show_bug.cgi?id=930788
https://bugzilla.suse.com/show_bug.cgi?id=931014
https://bugzilla.suse.com/show_bug.cgi?id=931015
https://bugzilla.suse.com/show_bug.cgi?id=931850
http://www.nessus.org/u?e1c8e5da
http://www.nessus.org/u?4f0219dd
http://www.nessus.org/u?15a25b8b
http://www.nessus.org/u?58b62ba1
http://www.nessus.org/u?631f6767
http://www.nessus.org/u?58f65758
http://www.nessus.org/u?ef02f47f
http://www.nessus.org/u?84917562
http://www.nessus.org/u?0db92481
http://www.nessus.org/u?f112eac1
https://www.suse.com/security/cve/CVE-2014-8086/
https://www.suse.com/security/cve/CVE-2014-8159/
https://www.suse.com/security/cve/CVE-2014-9419/
https://www.suse.com/security/cve/CVE-2014-9529/
https://www.suse.com/security/cve/CVE-2014-9683/
https://www.suse.com/security/cve/CVE-2015-0777/
https://www.suse.com/security/cve/CVE-2015-1421/
https://www.suse.com/security/cve/CVE-2015-2041/
https://www.suse.com/security/cve/CVE-2015-2042/
https://www.suse.com/security/cve/CVE-2015-2150/
https://www.suse.com/security/cve/CVE-2015-2830/
https://www.suse.com/security/cve/CVE-2015-2922/
https://www.suse.com/security/cve/CVE-2015-3331/
https://www.suse.com/security/cve/CVE-2015-3339/
Plugin Details
Severity: Medium
ID: 84545
File Name: suse_SU-2015-1174-1.nasl
Version: 2.12
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 7/6/2015
Updated: 1/6/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: Medium
Base Score: 4.7
Temporal Score: 4.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-bigsmp-base, p-cpe:/a:novell:suse_linux:kernel-trace-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:xen-kmp-pae, p-cpe:/a:novell:suse_linux:kernel-pae-extra, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-bigsmp, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-xen-extra, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:xen-kmp-default, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-pae-devel
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 7/2/2015
Vulnerability Publication Date: 10/13/2014
Reference Information
CVE: CVE-2014-8086, CVE-2014-8159, CVE-2014-9419, CVE-2014-9529, CVE-2014-9683, CVE-2015-0777, CVE-2015-1421, CVE-2015-2041, CVE-2015-2042, CVE-2015-2150, CVE-2015-2830, CVE-2015-2922, CVE-2015-3331, CVE-2015-3339, CVE-2015-3636
BID: 70376, 71794, 71880, 72356, 72643, 72729, 72730, 73014, 73060, 73699, 73921, 74235, 74243, 74315, 74450