New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 6.7
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe openSUSE 13.2 kernel was updated to receive various security and bugfixes.
Following security bugs were fixed :
- CVE-2015-3290: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform improperly relied on espfix64 during nested NMI processing, which allowed local users to gain privileges by triggering an NMI within a certain instruction window (bnc#937969)
- CVE-2015-0272: It was reported that it's possible to craft a Router Advertisement message which will bring the receiver in a state where new IPv6 connections will not be accepted until correct Router Advertisement message received. (bsc#944296).
- CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155).
- CVE-2015-1333: Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. (bsc#938645)
- CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (bsc#940338)
- CVE-2015-2925: An attacker could potentially break out of a namespace or container, depending on if he had specific rights in these containers. (bsc#926238).
- CVE-2015-7872: A vulnerability in keyrings garbage collector allowed a local user to trigger an oops was found, caused by using request_key() or keyctl request2.
The following non-security bugs were fixed :
- input: evdev - do not report errors form flush() (bsc#939834).
- NFSv4: Recovery of recalled read delegations is broken (bsc#942178).
- apparmor: temporary work around for bug while unloading policy (boo#941867).
- config/x86_64/ec2: Align CONFIG_STRICT_DEVMEM CONFIG_STRICT_DEVMEM is enabled in every other kernel flavor, so enable it for x86_64/ec2 as well.
- kernel-obs-build: add btrfs to initrd This is needed for kiwi builds.
- mmc: card: Do not access RPMB partitions for normal read/write (bnc#941104).
- netback: coalesce (guest) RX SKBs as needed (bsc#919154).
- rpm/kernel-obs-build.spec.in: Add virtio_rng to the initrd. This allows to feed some randomness to the OBS workers.
- xfs: Fix file type directory corruption for btree directories (bsc#941305).
- xfs: ensure buffer types are set correctly (bsc#941305).
- xfs: inode unlink does not set AGI buffer type (bsc#941305).
- xfs: set buf types when converting extent formats (bsc#941305).
- xfs: set superblock buffer type correctly (bsc#941305).
- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951195).
SolutionUpdate the affected the Linux Kernel packages.