openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)

high Nessus Plugin ID 88542
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes.

Following security bugs were fixed :

- CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075).

- CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).

- CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock.
(bsc#961509)

- CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).

- CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).

- CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).

- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).

The following non-security bugs were fixed :

- ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).

- ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439).

- ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).

- ALSA: hda - Flush the pending probe work at remove (boo#960710).

- ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).

- Add Cavium Thunderx network enhancements

- Add RHEL to kernel-obs-build

- Backport amd xgbe fixes and features

- Backport arm64 patches from SLE12-SP1-ARM.

- Btrfs: fix the number of transaction units needed to remove a block group (bsc#950178).

- Btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#950178).

- Documentation: nousb is a module parameter (bnc#954324).

- Driver for IBM System i/p VNIC protocol.

- Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can't be built as a module.

- Fix PCI generic host controller

- Fix kABI breakage for max_dev_sectors addition to queue_limits (boo#961263).

- HID: multitouch: Fetch feature reports on demand for Win8 devices (boo#954532).

- HID: multitouch: fix input mode switching on some Elan panels (boo#954532).

- Implement enable/disable for Display C6 state (boo#960021).

- Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).

- Linux 4.1.15 (boo#954647 bsc#955422).

- Move kabi patch to patches.kabi directory

- Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in SLE11-SP3, now replaced with the upstream drivers.

- PCI: generic: Pass starting bus number to pci_scan_root_bus().

- Revert 'block: remove artifical max_hw_sectors cap' (boo#961263).

- Set system time through RTC device

- Update arm64 config files. Enabled DRM_AST in the vanilla kernel since it is now enabled in the default kernel.

- Update config files: CONFIG_IBMVNIC=m

- block/sd: Fix device-imposed transfer length limits (boo#961263).

- block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).

- drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).

- drm/i915/skl: Add DC6 Trigger sequence (boo#960021).

- drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).

- drm/i915/skl: Add the INIT power domain to the MISC I/O power well (boo#960021).

- drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).

- drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).

- drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS (boo#960021).

- drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).

- drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).

- drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).

- drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).

- drm/i915/skl: Make the Misc I/O power well part of the PLLS domain (boo#960021).

- drm/i915/skl: add F0 stepping ID (boo#960021).

- drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).

- drm/i915: Clear crtc atomic flags at beginning of transaction (boo#960021).

- drm/i915: Fix CSR MMIO address check (boo#960021).

- drm/i915: Switch to full atomic helpers for plane updates/disable, take two (boo#960021).

- drm/i915: set CDCLK if DPLL0 enabled during resuming from S3 (boo#960021).

- ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).

- genksyms: Handle string literals with spaces in reference files (bsc#958510).

- group-source-files: mark module.lds as devel file ld:
cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory

- hwrng: core - sleep interruptible in read (bnc#962597).

- ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).

- kABI fixes for linux-4.1.15.

- rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir

- rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere.

- rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors.

- rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs.

- rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259

- rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed

- rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file

- rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel should not be added to the bootloader nor are there any KMPs.

- rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11 (bnc#865096)

- rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now.

- thinkpad_acpi: Do not yell on unsupported brightness interfaces (boo#957152).

- usb: make 'nousb' a clear module parameter (bnc#954324).

- usbvision fix overflow of interfaces array (bnc#950998).

- x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).

- x86/microcode/amd: Extract current patch level read to a function (bsc#913996).

- xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).

- xhci: refuse loading if nousb is used (bnc#954324).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=865096

https://bugzilla.opensuse.org/show_bug.cgi?id=865259

https://bugzilla.opensuse.org/show_bug.cgi?id=913996

https://bugzilla.opensuse.org/show_bug.cgi?id=950178

https://bugzilla.opensuse.org/show_bug.cgi?id=950998

https://bugzilla.opensuse.org/show_bug.cgi?id=952621

https://bugzilla.opensuse.org/show_bug.cgi?id=954324

https://bugzilla.opensuse.org/show_bug.cgi?id=954532

https://bugzilla.opensuse.org/show_bug.cgi?id=954647

https://bugzilla.opensuse.org/show_bug.cgi?id=955422

https://bugzilla.opensuse.org/show_bug.cgi?id=956708

https://bugzilla.opensuse.org/show_bug.cgi?id=957152

https://bugzilla.opensuse.org/show_bug.cgi?id=957988

https://bugzilla.opensuse.org/show_bug.cgi?id=957990

https://bugzilla.opensuse.org/show_bug.cgi?id=958439

https://bugzilla.opensuse.org/show_bug.cgi?id=958463

https://bugzilla.opensuse.org/show_bug.cgi?id=958504

https://bugzilla.opensuse.org/show_bug.cgi?id=958510

https://bugzilla.opensuse.org/show_bug.cgi?id=958886

https://bugzilla.opensuse.org/show_bug.cgi?id=958951

https://bugzilla.opensuse.org/show_bug.cgi?id=959190

https://bugzilla.opensuse.org/show_bug.cgi?id=959399

https://bugzilla.opensuse.org/show_bug.cgi?id=960021

https://bugzilla.opensuse.org/show_bug.cgi?id=960710

https://bugzilla.opensuse.org/show_bug.cgi?id=961263

https://bugzilla.opensuse.org/show_bug.cgi?id=961509

https://bugzilla.opensuse.org/show_bug.cgi?id=962075

https://bugzilla.opensuse.org/show_bug.cgi?id=962597

Plugin Details

Severity: High

ID: 88542

File Name: openSUSE-2016-116.nasl

Version: 2.8

Type: local

Agent: unix

Published: 2/3/2016

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pv, p-cpe:/a:novell:opensuse:kernel-pv-base, p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debugsource, p-cpe:/a:novell:opensuse:kernel-pv-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/29/2016

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-7550, CVE-2015-8539, CVE-2015-8543, CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, CVE-2015-8569, CVE-2015-8575, CVE-2015-8767, CVE-2016-0728