SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1690-1)

High Nessus Plugin ID 93165

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system called without verifying that the MNT_LOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547).

- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010).

- CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533).

- CVE-2016-0758: Fix ASN.1 indefinite length object parsing (bsc#979867).

- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).

- CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. (bnc#970504)

- CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125).

- CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).

- CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).

- CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).

- CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).

- CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948).

- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).

- CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955).

- CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).

- CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911).

- CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909).

- CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).

- CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360).

- CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).

- CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628).

- CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418).

- CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).

- CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).

- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548).

- CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).

- CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).

- CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).

- CVE-2016-5244: Fixed an infoleak in rds_inc_info_copy (bsc#983213).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2016-1001=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2016-1001=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2016-1001=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1001=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1001=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1001=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=676471

https://bugzilla.suse.com/show_bug.cgi?id=880007

https://bugzilla.suse.com/show_bug.cgi?id=889207

https://bugzilla.suse.com/show_bug.cgi?id=899908

https://bugzilla.suse.com/show_bug.cgi?id=903279

https://bugzilla.suse.com/show_bug.cgi?id=928547

https://bugzilla.suse.com/show_bug.cgi?id=931448

https://bugzilla.suse.com/show_bug.cgi?id=940413

https://bugzilla.suse.com/show_bug.cgi?id=943989

https://bugzilla.suse.com/show_bug.cgi?id=944309

https://bugzilla.suse.com/show_bug.cgi?id=945345

https://bugzilla.suse.com/show_bug.cgi?id=947337

https://bugzilla.suse.com/show_bug.cgi?id=953233

https://bugzilla.suse.com/show_bug.cgi?id=954847

https://bugzilla.suse.com/show_bug.cgi?id=956491

https://bugzilla.suse.com/show_bug.cgi?id=956852

https://bugzilla.suse.com/show_bug.cgi?id=957805

https://bugzilla.suse.com/show_bug.cgi?id=957986

https://bugzilla.suse.com/show_bug.cgi?id=960857

https://bugzilla.suse.com/show_bug.cgi?id=962336

https://bugzilla.suse.com/show_bug.cgi?id=962846

https://bugzilla.suse.com/show_bug.cgi?id=962872

https://bugzilla.suse.com/show_bug.cgi?id=963193

https://bugzilla.suse.com/show_bug.cgi?id=963572

https://bugzilla.suse.com/show_bug.cgi?id=963762

https://bugzilla.suse.com/show_bug.cgi?id=964461

https://bugzilla.suse.com/show_bug.cgi?id=964727

https://bugzilla.suse.com/show_bug.cgi?id=965319

https://bugzilla.suse.com/show_bug.cgi?id=966054

https://bugzilla.suse.com/show_bug.cgi?id=966245

https://bugzilla.suse.com/show_bug.cgi?id=966573

https://bugzilla.suse.com/show_bug.cgi?id=966831

https://bugzilla.suse.com/show_bug.cgi?id=967251

https://bugzilla.suse.com/show_bug.cgi?id=967292

https://bugzilla.suse.com/show_bug.cgi?id=967299

https://bugzilla.suse.com/show_bug.cgi?id=967903

https://bugzilla.suse.com/show_bug.cgi?id=968010

https://bugzilla.suse.com/show_bug.cgi?id=968141

https://bugzilla.suse.com/show_bug.cgi?id=968448

https://bugzilla.suse.com/show_bug.cgi?id=968512

https://bugzilla.suse.com/show_bug.cgi?id=968667

https://bugzilla.suse.com/show_bug.cgi?id=968670

https://bugzilla.suse.com/show_bug.cgi?id=968687

https://bugzilla.suse.com/show_bug.cgi?id=968812

https://bugzilla.suse.com/show_bug.cgi?id=968813

https://bugzilla.suse.com/show_bug.cgi?id=969439

https://bugzilla.suse.com/show_bug.cgi?id=969571

https://bugzilla.suse.com/show_bug.cgi?id=969655

https://bugzilla.suse.com/show_bug.cgi?id=969690

https://bugzilla.suse.com/show_bug.cgi?id=969735

https://bugzilla.suse.com/show_bug.cgi?id=969992

https://bugzilla.suse.com/show_bug.cgi?id=969993

https://bugzilla.suse.com/show_bug.cgi?id=970062

https://bugzilla.suse.com/show_bug.cgi?id=970114

https://bugzilla.suse.com/show_bug.cgi?id=970504

https://bugzilla.suse.com/show_bug.cgi?id=970506

https://bugzilla.suse.com/show_bug.cgi?id=970604

https://bugzilla.suse.com/show_bug.cgi?id=970892

https://bugzilla.suse.com/show_bug.cgi?id=970909

https://bugzilla.suse.com/show_bug.cgi?id=970911

https://bugzilla.suse.com/show_bug.cgi?id=970948

https://bugzilla.suse.com/show_bug.cgi?id=970955

https://bugzilla.suse.com/show_bug.cgi?id=970956

https://bugzilla.suse.com/show_bug.cgi?id=970958

https://bugzilla.suse.com/show_bug.cgi?id=970970

https://bugzilla.suse.com/show_bug.cgi?id=971049

https://bugzilla.suse.com/show_bug.cgi?id=971124

https://bugzilla.suse.com/show_bug.cgi?id=971125

https://bugzilla.suse.com/show_bug.cgi?id=971126

https://bugzilla.suse.com/show_bug.cgi?id=971159

https://bugzilla.suse.com/show_bug.cgi?id=971170

https://bugzilla.suse.com/show_bug.cgi?id=971360

https://bugzilla.suse.com/show_bug.cgi?id=971600

https://bugzilla.suse.com/show_bug.cgi?id=971628

https://bugzilla.suse.com/show_bug.cgi?id=971947

https://bugzilla.suse.com/show_bug.cgi?id=972003

https://bugzilla.suse.com/show_bug.cgi?id=972174

https://bugzilla.suse.com/show_bug.cgi?id=972844

https://bugzilla.suse.com/show_bug.cgi?id=972891

https://bugzilla.suse.com/show_bug.cgi?id=972933

https://bugzilla.suse.com/show_bug.cgi?id=972951

https://bugzilla.suse.com/show_bug.cgi?id=973378

https://bugzilla.suse.com/show_bug.cgi?id=973556

https://bugzilla.suse.com/show_bug.cgi?id=973570

https://bugzilla.suse.com/show_bug.cgi?id=973855

https://bugzilla.suse.com/show_bug.cgi?id=974165

https://bugzilla.suse.com/show_bug.cgi?id=974308

https://bugzilla.suse.com/show_bug.cgi?id=974406

https://bugzilla.suse.com/show_bug.cgi?id=974418

https://bugzilla.suse.com/show_bug.cgi?id=974646

https://bugzilla.suse.com/show_bug.cgi?id=975371

https://bugzilla.suse.com/show_bug.cgi?id=975488

https://bugzilla.suse.com/show_bug.cgi?id=975533

https://bugzilla.suse.com/show_bug.cgi?id=975945

https://bugzilla.suse.com/show_bug.cgi?id=976739

https://bugzilla.suse.com/show_bug.cgi?id=976868

https://bugzilla.suse.com/show_bug.cgi?id=977582

https://bugzilla.suse.com/show_bug.cgi?id=977685

https://bugzilla.suse.com/show_bug.cgi?id=978401

https://bugzilla.suse.com/show_bug.cgi?id=978822

https://bugzilla.suse.com/show_bug.cgi?id=979169

https://bugzilla.suse.com/show_bug.cgi?id=979213

https://bugzilla.suse.com/show_bug.cgi?id=979419

https://bugzilla.suse.com/show_bug.cgi?id=979485

https://bugzilla.suse.com/show_bug.cgi?id=979548

https://bugzilla.suse.com/show_bug.cgi?id=979867

https://bugzilla.suse.com/show_bug.cgi?id=979879

https://bugzilla.suse.com/show_bug.cgi?id=980348

https://bugzilla.suse.com/show_bug.cgi?id=980371

https://bugzilla.suse.com/show_bug.cgi?id=981143

https://bugzilla.suse.com/show_bug.cgi?id=981344

https://bugzilla.suse.com/show_bug.cgi?id=982354

https://bugzilla.suse.com/show_bug.cgi?id=982698

https://bugzilla.suse.com/show_bug.cgi?id=983213

https://bugzilla.suse.com/show_bug.cgi?id=983318

https://bugzilla.suse.com/show_bug.cgi?id=983394

https://bugzilla.suse.com/show_bug.cgi?id=983904

https://bugzilla.suse.com/show_bug.cgi?id=984456

https://www.suse.com/security/cve/CVE-2014-9717/

https://www.suse.com/security/cve/CVE-2015-8816/

https://www.suse.com/security/cve/CVE-2015-8845/

https://www.suse.com/security/cve/CVE-2016-0758/

https://www.suse.com/security/cve/CVE-2016-2053/

https://www.suse.com/security/cve/CVE-2016-2143/

https://www.suse.com/security/cve/CVE-2016-2184/

https://www.suse.com/security/cve/CVE-2016-2185/

https://www.suse.com/security/cve/CVE-2016-2186/

https://www.suse.com/security/cve/CVE-2016-2188/

https://www.suse.com/security/cve/CVE-2016-2782/

https://www.suse.com/security/cve/CVE-2016-2847/

https://www.suse.com/security/cve/CVE-2016-3134/

https://www.suse.com/security/cve/CVE-2016-3136/

https://www.suse.com/security/cve/CVE-2016-3137/

https://www.suse.com/security/cve/CVE-2016-3138/

https://www.suse.com/security/cve/CVE-2016-3139/

https://www.suse.com/security/cve/CVE-2016-3140/

https://www.suse.com/security/cve/CVE-2016-3156/

https://www.suse.com/security/cve/CVE-2016-3672/

https://www.suse.com/security/cve/CVE-2016-3689/

https://www.suse.com/security/cve/CVE-2016-3951/

https://www.suse.com/security/cve/CVE-2016-4482/

https://www.suse.com/security/cve/CVE-2016-4486/

https://www.suse.com/security/cve/CVE-2016-4565/

https://www.suse.com/security/cve/CVE-2016-4569/

https://www.suse.com/security/cve/CVE-2016-4578/

https://www.suse.com/security/cve/CVE-2016-4805/

https://www.suse.com/security/cve/CVE-2016-5244/

http://www.nessus.org/u?c76d1249

Plugin Details

Severity: High

ID: 93165

File Name: suse_SU-2016-1690-1.nasl

Version: 2.7

Type: local

Agent: unix

Published: 2016/08/29

Updated: 2018/11/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.4

Temporal Score: 7.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/06/27

Reference Information

CVE: CVE-2014-9717, CVE-2015-8816, CVE-2015-8845, CVE-2016-0758, CVE-2016-2053, CVE-2016-2143, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-2782, CVE-2016-2847, CVE-2016-3134, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3139, CVE-2016-3140, CVE-2016-3156, CVE-2016-3672, CVE-2016-3689, CVE-2016-3951, CVE-2016-4482, CVE-2016-4486, CVE-2016-4565, CVE-2016-4569, CVE-2016-4578, CVE-2016-4805, CVE-2016-5244

BID: 74226