openSUSE Security Update : the Linux Kernel (openSUSE-2016-629)

Medium Nessus Plugin ID 91306

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2016-2847: Limit the per-user amount of pages allocated in pipes (bsc#970948).

- CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955).

- CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors (bnc#970956).

- CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911).

- CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970).

- CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bnc#974418).

- CVE-2016-3140: digi_acceleport: do sanity checking for the number of ports (bnc#970892).

- CVE-2016-2186: powermate: fix oops with malicious USB descriptors (bnc#970958).

- CVE-2016-2185: usb_driver_claim_interface: add sanity checking (bnc#971124).

- CVE-2016-3689: ims-pcu: sanity check against missing interfaces (bnc#971628).

- CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev destroy (bsc#971360).

The following non-security bugs were fixed :

- ALSA: timer: Call notifier in the same spinlock (bsc#973378).

- ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378).

- ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378).

- ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).

- Backport arm64 patches from SLE12-SP1-ARM

- Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes.

- Revert 'drm/radeon: call hpd_irq_event on resume' (boo#975868).

- Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module.

- backends: guarantee one time reads of shared ring contents (bsc#957988).

- ext4: fix races between buffered IO and collapse / insert range (bsc#972174).

- ext4: fix races between page faults and hole punching (bsc#972174).

- ext4: fix races of writeback with punch hole and zero range (bsc#972174).

- ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174).

- net: thunderx: Use napi_schedule_irqoff()

- netback: do not use last request to determine minimum Tx credit (bsc#957988).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=957988

https://bugzilla.opensuse.org/show_bug.cgi?id=970892

https://bugzilla.opensuse.org/show_bug.cgi?id=970911

https://bugzilla.opensuse.org/show_bug.cgi?id=970948

https://bugzilla.opensuse.org/show_bug.cgi?id=970955

https://bugzilla.opensuse.org/show_bug.cgi?id=970956

https://bugzilla.opensuse.org/show_bug.cgi?id=970958

https://bugzilla.opensuse.org/show_bug.cgi?id=970970

https://bugzilla.opensuse.org/show_bug.cgi?id=971124

https://bugzilla.opensuse.org/show_bug.cgi?id=971360

https://bugzilla.opensuse.org/show_bug.cgi?id=971628

https://bugzilla.opensuse.org/show_bug.cgi?id=972174

https://bugzilla.opensuse.org/show_bug.cgi?id=973378

https://bugzilla.opensuse.org/show_bug.cgi?id=974418

https://bugzilla.opensuse.org/show_bug.cgi?id=975868

Plugin Details

Severity: Medium

ID: 91306

File Name: openSUSE-2016-629.nasl

Version: 2.3

Type: local

Agent: unix

Published: 2016/05/24

Updated: 2019/04/11

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.9

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 6.2

Temporal Score: 5.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pv, p-cpe:/a:novell:opensuse:kernel-pv-base, p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debugsource, p-cpe:/a:novell:opensuse:kernel-pv-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/05/23

Reference Information

CVE: CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-2847, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3689, CVE-2016-3951