SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1696-1)

High Nessus Plugin ID 93168

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.59 to receive various security and bugfixes.

Main feature additions :

 - Improved support for Clustered File System (CephFS, fate#318586).

 - Addition of kGraft patches now produces logging messages to simplify auditing (fate#317827).

The following security bugs were fixed :

 - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143).

 - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547).

 - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).

 - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).

 - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).

 - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bsc#970948).

 - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126 971793).

 - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955).

 - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).

 - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911 970970).

 - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).

 - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628).

 - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418).

 - CVE-2016-4482: Fixed information leak in devio (bnc#978401).

 - CVE-2016-4486: Fixed information leak in rtnetlink ( bsc#978822).

 - CVE-2016-4569: Fixed information leak in events via snd_timer_user_tinterrupt (bsc#979213).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP1 :

zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1004=1

SUSE Linux Enterprise Software Development Kit 12-SP1 :

zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1004=1

SUSE Linux Enterprise Server 12-SP1 :

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1004=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1004=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1004=1

SUSE Linux Enterprise Desktop 12-SP1 :

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1004=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=662458

https://bugzilla.suse.com/show_bug.cgi?id=676471

https://bugzilla.suse.com/show_bug.cgi?id=889207

https://bugzilla.suse.com/show_bug.cgi?id=897662

https://bugzilla.suse.com/show_bug.cgi?id=899908

https://bugzilla.suse.com/show_bug.cgi?id=903279

https://bugzilla.suse.com/show_bug.cgi?id=908151

https://bugzilla.suse.com/show_bug.cgi?id=928547

https://bugzilla.suse.com/show_bug.cgi?id=931448

https://bugzilla.suse.com/show_bug.cgi?id=937086

https://bugzilla.suse.com/show_bug.cgi?id=940413

https://bugzilla.suse.com/show_bug.cgi?id=942262

https://bugzilla.suse.com/show_bug.cgi?id=943989

https://bugzilla.suse.com/show_bug.cgi?id=944309

https://bugzilla.suse.com/show_bug.cgi?id=945345

https://bugzilla.suse.com/show_bug.cgi?id=951844

https://bugzilla.suse.com/show_bug.cgi?id=953233

https://bugzilla.suse.com/show_bug.cgi?id=957805

https://bugzilla.suse.com/show_bug.cgi?id=958390

https://bugzilla.suse.com/show_bug.cgi?id=959514

https://bugzilla.suse.com/show_bug.cgi?id=960857

https://bugzilla.suse.com/show_bug.cgi?id=962336

https://bugzilla.suse.com/show_bug.cgi?id=962846

https://bugzilla.suse.com/show_bug.cgi?id=962872

https://bugzilla.suse.com/show_bug.cgi?id=963572

https://bugzilla.suse.com/show_bug.cgi?id=964461

https://bugzilla.suse.com/show_bug.cgi?id=964727

https://bugzilla.suse.com/show_bug.cgi?id=965319

https://bugzilla.suse.com/show_bug.cgi?id=966054

https://bugzilla.suse.com/show_bug.cgi?id=966573

https://bugzilla.suse.com/show_bug.cgi?id=967640

https://bugzilla.suse.com/show_bug.cgi?id=968497

https://bugzilla.suse.com/show_bug.cgi?id=968687

https://bugzilla.suse.com/show_bug.cgi?id=968812

https://bugzilla.suse.com/show_bug.cgi?id=968813

https://bugzilla.suse.com/show_bug.cgi?id=969016

https://bugzilla.suse.com/show_bug.cgi?id=970604

https://bugzilla.suse.com/show_bug.cgi?id=970609

https://bugzilla.suse.com/show_bug.cgi?id=970892

https://bugzilla.suse.com/show_bug.cgi?id=970911

https://bugzilla.suse.com/show_bug.cgi?id=970948

https://bugzilla.suse.com/show_bug.cgi?id=970955

https://bugzilla.suse.com/show_bug.cgi?id=970956

https://bugzilla.suse.com/show_bug.cgi?id=970958

https://bugzilla.suse.com/show_bug.cgi?id=970970

https://bugzilla.suse.com/show_bug.cgi?id=971049

https://bugzilla.suse.com/show_bug.cgi?id=971124

https://bugzilla.suse.com/show_bug.cgi?id=971126

https://bugzilla.suse.com/show_bug.cgi?id=971159

https://bugzilla.suse.com/show_bug.cgi?id=971170

https://bugzilla.suse.com/show_bug.cgi?id=971600

https://bugzilla.suse.com/show_bug.cgi?id=971628

https://bugzilla.suse.com/show_bug.cgi?id=971793

https://bugzilla.suse.com/show_bug.cgi?id=971947

https://bugzilla.suse.com/show_bug.cgi?id=972003

https://bugzilla.suse.com/show_bug.cgi?id=972068

https://bugzilla.suse.com/show_bug.cgi?id=972174

https://bugzilla.suse.com/show_bug.cgi?id=972780

https://bugzilla.suse.com/show_bug.cgi?id=972844

https://bugzilla.suse.com/show_bug.cgi?id=972891

https://bugzilla.suse.com/show_bug.cgi?id=972951

https://bugzilla.suse.com/show_bug.cgi?id=973378

https://bugzilla.suse.com/show_bug.cgi?id=973556

https://bugzilla.suse.com/show_bug.cgi?id=973855

https://bugzilla.suse.com/show_bug.cgi?id=974418

https://bugzilla.suse.com/show_bug.cgi?id=974646

https://bugzilla.suse.com/show_bug.cgi?id=974692

https://bugzilla.suse.com/show_bug.cgi?id=975371

https://bugzilla.suse.com/show_bug.cgi?id=975488

https://bugzilla.suse.com/show_bug.cgi?id=975772

https://bugzilla.suse.com/show_bug.cgi?id=975945

https://bugzilla.suse.com/show_bug.cgi?id=976739

https://bugzilla.suse.com/show_bug.cgi?id=976821

https://bugzilla.suse.com/show_bug.cgi?id=976868

https://bugzilla.suse.com/show_bug.cgi?id=977582

https://bugzilla.suse.com/show_bug.cgi?id=977685

https://bugzilla.suse.com/show_bug.cgi?id=978401

https://bugzilla.suse.com/show_bug.cgi?id=978527

https://bugzilla.suse.com/show_bug.cgi?id=978822

https://bugzilla.suse.com/show_bug.cgi?id=979213

https://bugzilla.suse.com/show_bug.cgi?id=979347

https://bugzilla.suse.com/show_bug.cgi?id=983143

https://www.suse.com/security/cve/CVE-2014-9717/

https://www.suse.com/security/cve/CVE-2016-1583/

https://www.suse.com/security/cve/CVE-2016-2185/

https://www.suse.com/security/cve/CVE-2016-2186/

https://www.suse.com/security/cve/CVE-2016-2188/

https://www.suse.com/security/cve/CVE-2016-2847/

https://www.suse.com/security/cve/CVE-2016-3134/

https://www.suse.com/security/cve/CVE-2016-3136/

https://www.suse.com/security/cve/CVE-2016-3137/

https://www.suse.com/security/cve/CVE-2016-3138/

https://www.suse.com/security/cve/CVE-2016-3140/

https://www.suse.com/security/cve/CVE-2016-3689/

https://www.suse.com/security/cve/CVE-2016-3951/

https://www.suse.com/security/cve/CVE-2016-4482/

https://www.suse.com/security/cve/CVE-2016-4486/

https://www.suse.com/security/cve/CVE-2016-4569/

http://www.nessus.org/u?3a0779e4

Plugin Details

Severity: High

ID: 93168

File Name: suse_SU-2016-1696-1.nasl

Version: 2.7

Type: local

Agent: unix

Published: 2016/08/29

Updated: 2018/11/29

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.4

Temporal Score: 7.6

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/06/28

Reference Information

CVE: CVE-2014-9717, CVE-2016-1583, CVE-2016-2185, CVE-2016-2186, CVE-2016-2188, CVE-2016-2847, CVE-2016-3134, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140, CVE-2016-3689, CVE-2016-3951, CVE-2016-4482, CVE-2016-4486, CVE-2016-4569

BID: 74226