SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1672-1)

High Nessus Plugin ID 93164

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

Notable changes in this kernel :

- It is now possible to mount a NFS export on the exporting host directly.

The following security bugs were fixed :

- CVE-2016-5244: A kernel information leak in rds_inc_info_copy was fixed that could leak kernel stack memory to userspace (bsc#983213).

- CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143).

- CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725).

- CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267).

- CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).

- CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867).

- CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944).

- CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).

- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).

- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548).

- CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821).

- CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).

- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).

- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).

- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).

- CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948).

- CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).

- CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911).

- CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).

- CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).

- CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).

- CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).

- CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360).

- CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125).

- CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909).

- CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h (bnc#970504).

- CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).

- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010).

- CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacked a bulk-out endpoint (bnc#961512).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-kernel-source-12631=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-kernel-source-12631=1

SUSE Linux Enterprise Server 11-EXTRA :

zypper in -t patch slexsp3-kernel-source-12631=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-kernel-source-12631=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=676471

https://bugzilla.suse.com/show_bug.cgi?id=866130

https://bugzilla.suse.com/show_bug.cgi?id=898592

https://bugzilla.suse.com/show_bug.cgi?id=936530

https://bugzilla.suse.com/show_bug.cgi?id=940413

https://bugzilla.suse.com/show_bug.cgi?id=944309

https://bugzilla.suse.com/show_bug.cgi?id=946122

https://bugzilla.suse.com/show_bug.cgi?id=949752

https://bugzilla.suse.com/show_bug.cgi?id=953369

https://bugzilla.suse.com/show_bug.cgi?id=956491

https://bugzilla.suse.com/show_bug.cgi?id=956852

https://bugzilla.suse.com/show_bug.cgi?id=957986

https://bugzilla.suse.com/show_bug.cgi?id=957988

https://bugzilla.suse.com/show_bug.cgi?id=957990

https://bugzilla.suse.com/show_bug.cgi?id=959381

https://bugzilla.suse.com/show_bug.cgi?id=960458

https://bugzilla.suse.com/show_bug.cgi?id=960857

https://bugzilla.suse.com/show_bug.cgi?id=961512

https://bugzilla.suse.com/show_bug.cgi?id=961518

https://bugzilla.suse.com/show_bug.cgi?id=963762

https://bugzilla.suse.com/show_bug.cgi?id=963998

https://bugzilla.suse.com/show_bug.cgi?id=965319

https://bugzilla.suse.com/show_bug.cgi?id=965860

https://bugzilla.suse.com/show_bug.cgi?id=965923

https://bugzilla.suse.com/show_bug.cgi?id=966245

https://bugzilla.suse.com/show_bug.cgi?id=967863

https://bugzilla.suse.com/show_bug.cgi?id=967914

https://bugzilla.suse.com/show_bug.cgi?id=968010

https://bugzilla.suse.com/show_bug.cgi?id=968018

https://bugzilla.suse.com/show_bug.cgi?id=968141

https://bugzilla.suse.com/show_bug.cgi?id=968500

https://bugzilla.suse.com/show_bug.cgi?id=968566

https://bugzilla.suse.com/show_bug.cgi?id=968670

https://bugzilla.suse.com/show_bug.cgi?id=968687

https://bugzilla.suse.com/show_bug.cgi?id=969149

https://bugzilla.suse.com/show_bug.cgi?id=969391

https://bugzilla.suse.com/show_bug.cgi?id=969571

https://bugzilla.suse.com/show_bug.cgi?id=970114

https://bugzilla.suse.com/show_bug.cgi?id=970504

https://bugzilla.suse.com/show_bug.cgi?id=970892

https://bugzilla.suse.com/show_bug.cgi?id=970909

https://bugzilla.suse.com/show_bug.cgi?id=970911

https://bugzilla.suse.com/show_bug.cgi?id=970948

https://bugzilla.suse.com/show_bug.cgi?id=970956

https://bugzilla.suse.com/show_bug.cgi?id=970958

https://bugzilla.suse.com/show_bug.cgi?id=970970

https://bugzilla.suse.com/show_bug.cgi?id=971124

https://bugzilla.suse.com/show_bug.cgi?id=971125

https://bugzilla.suse.com/show_bug.cgi?id=971126

https://bugzilla.suse.com/show_bug.cgi?id=971360

https://bugzilla.suse.com/show_bug.cgi?id=971433

https://bugzilla.suse.com/show_bug.cgi?id=971446

https://bugzilla.suse.com/show_bug.cgi?id=971729

https://bugzilla.suse.com/show_bug.cgi?id=971944

https://bugzilla.suse.com/show_bug.cgi?id=971947

https://bugzilla.suse.com/show_bug.cgi?id=971989

https://bugzilla.suse.com/show_bug.cgi?id=972363

https://bugzilla.suse.com/show_bug.cgi?id=973237

https://bugzilla.suse.com/show_bug.cgi?id=973378

https://bugzilla.suse.com/show_bug.cgi?id=973556

https://bugzilla.suse.com/show_bug.cgi?id=973570

https://bugzilla.suse.com/show_bug.cgi?id=974646

https://bugzilla.suse.com/show_bug.cgi?id=974787

https://bugzilla.suse.com/show_bug.cgi?id=975358

https://bugzilla.suse.com/show_bug.cgi?id=975772

https://bugzilla.suse.com/show_bug.cgi?id=975945

https://bugzilla.suse.com/show_bug.cgi?id=976739

https://bugzilla.suse.com/show_bug.cgi?id=976868

https://bugzilla.suse.com/show_bug.cgi?id=978401

https://bugzilla.suse.com/show_bug.cgi?id=978821

https://bugzilla.suse.com/show_bug.cgi?id=978822

https://bugzilla.suse.com/show_bug.cgi?id=979213

https://bugzilla.suse.com/show_bug.cgi?id=979274

https://bugzilla.suse.com/show_bug.cgi?id=979347

https://bugzilla.suse.com/show_bug.cgi?id=979419

https://bugzilla.suse.com/show_bug.cgi?id=979548

https://bugzilla.suse.com/show_bug.cgi?id=979595

https://bugzilla.suse.com/show_bug.cgi?id=979867

https://bugzilla.suse.com/show_bug.cgi?id=979879

https://bugzilla.suse.com/show_bug.cgi?id=980371

https://bugzilla.suse.com/show_bug.cgi?id=980725

https://bugzilla.suse.com/show_bug.cgi?id=980788

https://bugzilla.suse.com/show_bug.cgi?id=980931

https://bugzilla.suse.com/show_bug.cgi?id=981231

https://bugzilla.suse.com/show_bug.cgi?id=981267

https://bugzilla.suse.com/show_bug.cgi?id=982532

https://bugzilla.suse.com/show_bug.cgi?id=982691

https://bugzilla.suse.com/show_bug.cgi?id=983143

https://bugzilla.suse.com/show_bug.cgi?id=983213

https://bugzilla.suse.com/show_bug.cgi?id=984107

https://www.suse.com/security/cve/CVE-2015-7566/

https://www.suse.com/security/cve/CVE-2015-8816/

https://www.suse.com/security/cve/CVE-2016-0758/

https://www.suse.com/security/cve/CVE-2016-1583/

https://www.suse.com/security/cve/CVE-2016-2053/

https://www.suse.com/security/cve/CVE-2016-2143/

https://www.suse.com/security/cve/CVE-2016-2184/

https://www.suse.com/security/cve/CVE-2016-2185/

https://www.suse.com/security/cve/CVE-2016-2186/

https://www.suse.com/security/cve/CVE-2016-2187/

https://www.suse.com/security/cve/CVE-2016-2188/

https://www.suse.com/security/cve/CVE-2016-2782/

https://www.suse.com/security/cve/CVE-2016-2847/

https://www.suse.com/security/cve/CVE-2016-3134/

https://www.suse.com/security/cve/CVE-2016-3137/

https://www.suse.com/security/cve/CVE-2016-3138/

https://www.suse.com/security/cve/CVE-2016-3139/

https://www.suse.com/security/cve/CVE-2016-3140/

https://www.suse.com/security/cve/CVE-2016-3156/

https://www.suse.com/security/cve/CVE-2016-4482/

https://www.suse.com/security/cve/CVE-2016-4485/

https://www.suse.com/security/cve/CVE-2016-4486/

https://www.suse.com/security/cve/CVE-2016-4565/

https://www.suse.com/security/cve/CVE-2016-4569/

https://www.suse.com/security/cve/CVE-2016-4578/

https://www.suse.com/security/cve/CVE-2016-4580/

https://www.suse.com/security/cve/CVE-2016-4805/

https://www.suse.com/security/cve/CVE-2016-4913/

https://www.suse.com/security/cve/CVE-2016-5244/

http://www.nessus.org/u?ea06d969

Plugin Details

Severity: High

ID: 93164

File Name: suse_SU-2016-1672-1.nasl

Version: 2.7

Type: local

Agent: unix

Published: 2016/08/29

Updated: 2018/11/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.4

Temporal Score: 7.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/06/24

Reference Information

CVE: CVE-2015-7566, CVE-2015-8816, CVE-2016-0758, CVE-2016-1583, CVE-2016-2053, CVE-2016-2143, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-2188, CVE-2016-2782, CVE-2016-2847, CVE-2016-3134, CVE-2016-3137, CVE-2016-3138, CVE-2016-3139, CVE-2016-3140, CVE-2016-3156, CVE-2016-4482, CVE-2016-4485, CVE-2016-4486, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-4805, CVE-2016-4913, CVE-2016-5244