New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 7.4
Synopsis
The remote openSUSE host is missing a security update.
Description
The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes.
The following security bugs were fixed :
- CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143).
- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
(bsc#979548)
- CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. (bsc#980371).
- CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel did not verify socket existence, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. (bsc#981058).
- CVE-2016-5244: An information leak vulnerability in function rds_inc_info_copy of file net/rds/recv.c was fixed that might have leaked kernel stack data.
(bsc#983213).
- CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.
(bsc#981267).
- CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867).
- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).
- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).
- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).
- CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).
- CVE-2016-4482: A kernel information leak in the usbfs devio connectinfo was fixed, which could expose kernel stack memory to userspace. (bnc#978401).
- CVE-2016-4485: A kernel information leak in llc was fixed (bsc#978821).
- CVE-2016-4486: A kernel information leak in rtnetlink was fixed, where 4 uninitialized bytes could leak to userspace (bsc#978822).
- CVE-2016-4557: A use-after-free via double-fdput in replace_map_fd_with_map_ptr() was fixed, which could allow privilege escalation (bsc#979018).
- CVE-2016-4565: When the 'rdma_ucm' infiniband module is loaded, local attackers could escalate their privileges (bsc#979548).
- CVE-2016-4569: A kernel information leak in the ALSA timer via events via snd_timer_user_tinterrupt that could leak information to userspace was fixed (bsc#979213).
- CVE-2016-4578: A kernel information leak in the ALSA timer via events that could leak information to userspace was fixed (bsc#979879).
- CVE-2016-4581: If the first propogated mount copy was being a slave it could oops the kernel (bsc#979913)
The following non-security bugs were fixed :
- ALSA: hda - Add dock support for ThinkPad X260 (boo#979278).
- ALSA: hda - Apply fix for white noise on Asus N550JV, too (boo#979278).
- ALSA: hda - Asus N750JV external subwoofer fixup (boo#979278).
- ALSA: hda - Fix broken reconfig (boo#979278).
- ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines (boo#979278).
- ALSA: hda - Fix subwoofer pin on ASUS N751 and N551 (boo#979278).
- ALSA: hda - Fix white noise on Asus N750JV headphone (boo#979278).
- ALSA: hda - Fix white noise on Asus UX501VW headset (boo#979278).
- ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m (boo#979278).
- ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294 (boo#979278).
- ALSA: hda/realtek - New codec support of ALC225 (boo#979278).
- ALSA: hda/realtek - Support headset mode for ALC225 (boo#979278).
- ALSA: pcxhr: Fix missing mutex unlock (boo#979278).
- ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2) (boo#979278).
- bluetooth: fix power_on vs close race (bsc#966849).
- bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).
- bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).
- bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).
- btrfs: do not use src fd for printk (bsc#980348).
- btrfs: fix crash/invalid memory access on fsync when using overlayfs (bsc#977198)
- drm: qxl: Workaround for buggy user-space (bsc#981344).
- enic: set netdev->vlan_features (bsc#966245).
- fs: add file_dentry() (bsc#977198).
- IB/IPoIB: Do not set skb truesize since using one linearskb (bsc#980657).
- input: i8042 - lower log level for 'no controller' message (bsc#945345).
- kabi: Add kabi/severities entries to ignore sound/hda/*, x509_*, efivar_validate, file_open_root and dax_fault
- kabi: Add some fixups (module, pci_dev, drm, fuse and thermal)
- kabi: file_dentry changes (bsc#977198).
- kABI fixes for 4.1.22
- mm/page_alloc.c: calculate 'available' memory in a separate function (bsc#982239).
- net: disable fragment reassembly if high_thresh is zero (bsc#970506).
- of: iommu: Silence misleading warning.
- pstore_register() error handling was wrong -- it tried to release lock before it's acquired, causing spinlock / preemption imbalance. - usb: quirk to stop runtime PM for Intel 7260 (bnc#984460).
- Revert 'usb: hub: do not clear BOS field during reset device' (boo#979728).
- usb: core: hub: hub_port_init lock controller instead of bus (bnc#978073).
- usb: preserve kABI in address0 locking (bnc#978073).
- usb: usbip: fix potential out-of-bounds write (bnc#975945).
- USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982712).
- virtio_balloon: do not change memory amount visible via /proc/meminfo (bsc#982238).
- virtio_balloon: export 'available' memory to balloon statistics (bsc#982239).
Solution
Update the affected the Linux Kernel packages.