openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)

high Nessus Plugin ID 88542

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes.

Following security bugs were fixed :

- CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075).

- CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).

- CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock.
(bsc#961509)

- CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).

- CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).

- CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).

- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).

The following non-security bugs were fixed :

- ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).

- ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439).

- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).

- ALSA: hda - Flush the pending probe work at remove (boo#960710).

- ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).

- Add Cavium Thunderx network enhancements

- Add RHEL to kernel-obs-build

- Backport amd xgbe fixes and features

- Backport arm64 patches from SLE12-SP1-ARM.

- Btrfs: fix the number of transaction units needed to remove a block group (bsc#950178).

- Btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#950178).

- Documentation: nousb is a module parameter (bnc#954324).

- Driver for IBM System i/p VNIC protocol.

- Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can't be built as a module.

- Fix PCI generic host controller

- Fix kABI breakage for max_dev_sectors addition to queue_limits (boo#961263).

- HID: multitouch: Fetch feature reports on demand for Win8 devices (boo#954532).

- HID: multitouch: fix input mode switching on some Elan panels (boo#954532).

- Implement enable/disable for Display C6 state (boo#960021).

- Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).

- Linux 4.1.15 (boo#954647 bsc#955422).

- Move kabi patch to patches.kabi directory

- Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in SLE11-SP3, now replaced with the upstream drivers.

- PCI: generic: Pass starting bus number to pci_scan_root_bus().

- Revert 'block: remove artifical max_hw_sectors cap' (boo#961263).

- Set system time through RTC device

- Update arm64 config files. Enabled DRM_AST in the vanilla kernel since it is now enabled in the default kernel.

- Update config files: CONFIG_IBMVNIC=m

- block/sd: Fix device-imposed transfer length limits (boo#961263).

- block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).

- drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).

- drm/i915/skl: Add DC6 Trigger sequence (boo#960021).

- drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).

- drm/i915/skl: Add the INIT power domain to the MISC I/O power well (boo#960021).

- drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).

- drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).

- drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS (boo#960021).

- drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).

- drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).

- drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).

- drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).

- drm/i915/skl: Make the Misc I/O power well part of the PLLS domain (boo#960021).

- drm/i915/skl: add F0 stepping ID (boo#960021).

- drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).

- drm/i915: Clear crtc atomic flags at beginning of transaction (boo#960021).

- drm/i915: Fix CSR MMIO address check (boo#960021).

- drm/i915: Switch to full atomic helpers for plane updates/disable, take two (boo#960021).

- drm/i915: set CDCLK if DPLL0 enabled during resuming from S3 (boo#960021).

- ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).

- genksyms: Handle string literals with spaces in reference files (bsc#958510).

- group-source-files: mark module.lds as devel file ld:
cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory

- hwrng: core - sleep interruptible in read (bnc#962597).

- ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).

- kABI fixes for linux-4.1.15.

- rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir

- rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere.

- rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors.

- rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs.

- rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259

- rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed

- rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file

- rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel should not be added to the bootloader nor are there any KMPs.

- rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11 (bnc#865096)

- rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now.

- thinkpad_acpi: Do not yell on unsupported brightness interfaces (boo#957152).

- usb: make 'nousb' a clear module parameter (bnc#954324).

- usbvision fix overflow of interfaces array (bnc#950998).

- x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).

- x86/microcode/amd: Extract current patch level read to a function (bsc#913996).

- xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).

- xhci: refuse loading if nousb is used (bnc#954324).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=865096

https://bugzilla.opensuse.org/show_bug.cgi?id=865259

https://bugzilla.opensuse.org/show_bug.cgi?id=913996

https://bugzilla.opensuse.org/show_bug.cgi?id=950178

https://bugzilla.opensuse.org/show_bug.cgi?id=950998

https://bugzilla.opensuse.org/show_bug.cgi?id=952621

https://bugzilla.opensuse.org/show_bug.cgi?id=954324

https://bugzilla.opensuse.org/show_bug.cgi?id=954532

https://bugzilla.opensuse.org/show_bug.cgi?id=954647

https://bugzilla.opensuse.org/show_bug.cgi?id=955422

https://bugzilla.opensuse.org/show_bug.cgi?id=956708

https://bugzilla.opensuse.org/show_bug.cgi?id=957152

https://bugzilla.opensuse.org/show_bug.cgi?id=957988

https://bugzilla.opensuse.org/show_bug.cgi?id=957990

https://bugzilla.opensuse.org/show_bug.cgi?id=958439

https://bugzilla.opensuse.org/show_bug.cgi?id=958463

https://bugzilla.opensuse.org/show_bug.cgi?id=958504

https://bugzilla.opensuse.org/show_bug.cgi?id=958510

https://bugzilla.opensuse.org/show_bug.cgi?id=958886

https://bugzilla.opensuse.org/show_bug.cgi?id=958951

https://bugzilla.opensuse.org/show_bug.cgi?id=959190

https://bugzilla.opensuse.org/show_bug.cgi?id=959399

https://bugzilla.opensuse.org/show_bug.cgi?id=960021

https://bugzilla.opensuse.org/show_bug.cgi?id=960710

https://bugzilla.opensuse.org/show_bug.cgi?id=961263

https://bugzilla.opensuse.org/show_bug.cgi?id=961509

https://bugzilla.opensuse.org/show_bug.cgi?id=962075

https://bugzilla.opensuse.org/show_bug.cgi?id=962597

Plugin Details

Severity: High

ID: 88542

File Name: openSUSE-2016-116.nasl

Version: 2.8

Type: local

Agent: unix

Published: 2/3/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pv, p-cpe:/a:novell:opensuse:kernel-pv-base, p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debugsource, p-cpe:/a:novell:opensuse:kernel-pv-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/29/2016

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-7550, CVE-2015-8539, CVE-2015-8543, CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, CVE-2015-8569, CVE-2015-8575, CVE-2015-8767, CVE-2016-0728