openSUSE Security Update : the Linux Kernel (openSUSE-2016-629)

Medium Nessus Plugin ID 91306

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 4.4

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2016-2847: Limit the per-user amount of pages allocated in pipes (bsc#970948).

- CVE-2016-3136: mct_u232: add sanity checking in probe (bnc#970955).

- CVE-2016-2188: iowarrior: fix oops with malicious USB descriptors (bnc#970956).

- CVE-2016-3138: cdc-acm: more sanity checking (bnc#970911).

- CVE-2016-3137: cypress_m8: add endpoint sanity check (bnc#970970).

- CVE-2016-3951: cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (bnc#974418).

- CVE-2016-3140: digi_acceleport: do sanity checking for the number of ports (bnc#970892).

- CVE-2016-2186: powermate: fix oops with malicious USB descriptors (bnc#970958).

- CVE-2016-2185: usb_driver_claim_interface: add sanity checking (bnc#971124).

- CVE-2016-3689: ims-pcu: sanity check against missing interfaces (bnc#971628).

- CVE-2016-3156: ipv4: Do not do expensive useless work during inetdev destroy (bsc#971360).

The following non-security bugs were fixed :

- ALSA: timer: Call notifier in the same spinlock (bsc#973378).

- ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378).

- ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378).

- ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).

- Backport arm64 patches from SLE12-SP1-ARM

- Fix kABI additions for pipe: limit the per-user amount of pages allocated in pipes.

- Revert 'drm/radeon: call hpd_irq_event on resume' (boo#975868).

- Update config files. Enable RTC_HCTOSYS, build I2C_XGENE_SLIMPRO as a module.

- backends: guarantee one time reads of shared ring contents (bsc#957988).

- ext4: fix races between buffered IO and collapse / insert range (bsc#972174).

- ext4: fix races between page faults and hole punching (bsc#972174).

- ext4: fix races of writeback with punch hole and zero range (bsc#972174).

- ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174).

- net: thunderx: Use napi_schedule_irqoff()

- netback: do not use last request to determine minimum Tx credit (bsc#957988).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=957988

https://bugzilla.opensuse.org/show_bug.cgi?id=970892

https://bugzilla.opensuse.org/show_bug.cgi?id=970911

https://bugzilla.opensuse.org/show_bug.cgi?id=970948

https://bugzilla.opensuse.org/show_bug.cgi?id=970955

https://bugzilla.opensuse.org/show_bug.cgi?id=970956

https://bugzilla.opensuse.org/show_bug.cgi?id=970958

https://bugzilla.opensuse.org/show_bug.cgi?id=970970

https://bugzilla.opensuse.org/show_bug.cgi?id=971124

https://bugzilla.opensuse.org/show_bug.cgi?id=971360

https://bugzilla.opensuse.org/show_bug.cgi?id=971628

https://bugzilla.opensuse.org/show_bug.cgi?id=972174

https://bugzilla.opensuse.org/show_bug.cgi?id=973378

https://bugzilla.opensuse.org/show_bug.cgi?id=974418

https://bugzilla.opensuse.org/show_bug.cgi?id=975868

Plugin Details

Severity: Medium

ID: 91306

File Name: openSUSE-2016-629.nasl

Version: 2.4

Type: local

Agent: unix

Published: 2016/05/24

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 4.4

CVSS v2.0

Base Score: 4.9

Temporal Score: 3.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 6.2

Temporal Score: 5.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pv, p-cpe:/a:novell:opensuse:kernel-pv-base, p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-debugsource, p-cpe:/a:novell:opensuse:kernel-pv-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/05/23

Reference Information

CVE: CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-2847, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3156, CVE-2016-3689, CVE-2016-3951