SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)

High Nessus Plugin ID 96603

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).

- CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).

- CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486).

- CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).

- CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).

- CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).

- CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444).

- CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).

- CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964).

- CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197).

- CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).

- CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption.
(bsc#1013531).

- CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch SUSE-SLE-WE-12-SP2-2017-87=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-87=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-87=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-87=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch SUSE-SLE-Live-Patching-12-2017-87=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch SUSE-SLE-HA-12-SP2-2017-87=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-87=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1000118

https://bugzilla.suse.com/show_bug.cgi?id=1000189

https://bugzilla.suse.com/show_bug.cgi?id=1000287

https://bugzilla.suse.com/show_bug.cgi?id=1000304

https://bugzilla.suse.com/show_bug.cgi?id=1000433

https://bugzilla.suse.com/show_bug.cgi?id=1000776

https://bugzilla.suse.com/show_bug.cgi?id=1001169

https://bugzilla.suse.com/show_bug.cgi?id=1001171

https://bugzilla.suse.com/show_bug.cgi?id=1001310

https://bugzilla.suse.com/show_bug.cgi?id=1001462

https://bugzilla.suse.com/show_bug.cgi?id=1001486

https://bugzilla.suse.com/show_bug.cgi?id=1001888

https://bugzilla.suse.com/show_bug.cgi?id=1002322

https://bugzilla.suse.com/show_bug.cgi?id=1002770

https://bugzilla.suse.com/show_bug.cgi?id=1002786

https://bugzilla.suse.com/show_bug.cgi?id=1003068

https://bugzilla.suse.com/show_bug.cgi?id=1003566

https://bugzilla.suse.com/show_bug.cgi?id=1003581

https://bugzilla.suse.com/show_bug.cgi?id=1003606

https://bugzilla.suse.com/show_bug.cgi?id=1003813

https://bugzilla.suse.com/show_bug.cgi?id=1003866

https://bugzilla.suse.com/show_bug.cgi?id=1003964

https://bugzilla.suse.com/show_bug.cgi?id=1004048

https://bugzilla.suse.com/show_bug.cgi?id=1004052

https://bugzilla.suse.com/show_bug.cgi?id=1004252

https://bugzilla.suse.com/show_bug.cgi?id=1004365

https://bugzilla.suse.com/show_bug.cgi?id=1004517

https://bugzilla.suse.com/show_bug.cgi?id=1005169

https://bugzilla.suse.com/show_bug.cgi?id=1005327

https://bugzilla.suse.com/show_bug.cgi?id=1005545

https://bugzilla.suse.com/show_bug.cgi?id=1005666

https://bugzilla.suse.com/show_bug.cgi?id=1005745

https://bugzilla.suse.com/show_bug.cgi?id=1005895

https://bugzilla.suse.com/show_bug.cgi?id=1005917

https://bugzilla.suse.com/show_bug.cgi?id=1005921

https://bugzilla.suse.com/show_bug.cgi?id=1005923

https://bugzilla.suse.com/show_bug.cgi?id=1005925

https://bugzilla.suse.com/show_bug.cgi?id=1005929

https://bugzilla.suse.com/show_bug.cgi?id=1006103

https://bugzilla.suse.com/show_bug.cgi?id=1006175

https://bugzilla.suse.com/show_bug.cgi?id=1006267

https://bugzilla.suse.com/show_bug.cgi?id=1006528

https://bugzilla.suse.com/show_bug.cgi?id=1006576

https://bugzilla.suse.com/show_bug.cgi?id=1006804

https://bugzilla.suse.com/show_bug.cgi?id=1006809

https://bugzilla.suse.com/show_bug.cgi?id=1006827

https://bugzilla.suse.com/show_bug.cgi?id=1006915

https://bugzilla.suse.com/show_bug.cgi?id=1006918

https://bugzilla.suse.com/show_bug.cgi?id=1007197

https://bugzilla.suse.com/show_bug.cgi?id=1007615

https://bugzilla.suse.com/show_bug.cgi?id=1007653

https://bugzilla.suse.com/show_bug.cgi?id=1007955

https://bugzilla.suse.com/show_bug.cgi?id=1008557

https://bugzilla.suse.com/show_bug.cgi?id=1008979

https://bugzilla.suse.com/show_bug.cgi?id=1009062

https://bugzilla.suse.com/show_bug.cgi?id=1009969

https://bugzilla.suse.com/show_bug.cgi?id=1010040

https://bugzilla.suse.com/show_bug.cgi?id=1010158

https://bugzilla.suse.com/show_bug.cgi?id=1010444

https://bugzilla.suse.com/show_bug.cgi?id=1010478

https://bugzilla.suse.com/show_bug.cgi?id=1010507

https://bugzilla.suse.com/show_bug.cgi?id=1010665

https://bugzilla.suse.com/show_bug.cgi?id=1010690

https://bugzilla.suse.com/show_bug.cgi?id=1010970

https://bugzilla.suse.com/show_bug.cgi?id=1011176

https://bugzilla.suse.com/show_bug.cgi?id=1011250

https://bugzilla.suse.com/show_bug.cgi?id=1011913

https://bugzilla.suse.com/show_bug.cgi?id=1012060

https://bugzilla.suse.com/show_bug.cgi?id=1012094

https://bugzilla.suse.com/show_bug.cgi?id=1012452

https://bugzilla.suse.com/show_bug.cgi?id=1012767

https://bugzilla.suse.com/show_bug.cgi?id=1012829

https://bugzilla.suse.com/show_bug.cgi?id=1012992

https://bugzilla.suse.com/show_bug.cgi?id=1013001

https://bugzilla.suse.com/show_bug.cgi?id=1013479

https://bugzilla.suse.com/show_bug.cgi?id=1013531

https://bugzilla.suse.com/show_bug.cgi?id=1013700

https://bugzilla.suse.com/show_bug.cgi?id=1014120

https://bugzilla.suse.com/show_bug.cgi?id=1014392

https://bugzilla.suse.com/show_bug.cgi?id=1014701

https://bugzilla.suse.com/show_bug.cgi?id=1014710

https://bugzilla.suse.com/show_bug.cgi?id=1015212

https://bugzilla.suse.com/show_bug.cgi?id=1015359

https://bugzilla.suse.com/show_bug.cgi?id=1015367

https://bugzilla.suse.com/show_bug.cgi?id=1015416

https://bugzilla.suse.com/show_bug.cgi?id=799133

https://bugzilla.suse.com/show_bug.cgi?id=914939

https://bugzilla.suse.com/show_bug.cgi?id=922634

https://bugzilla.suse.com/show_bug.cgi?id=963609

https://bugzilla.suse.com/show_bug.cgi?id=963655

https://bugzilla.suse.com/show_bug.cgi?id=963904

https://bugzilla.suse.com/show_bug.cgi?id=964462

https://bugzilla.suse.com/show_bug.cgi?id=966170

https://bugzilla.suse.com/show_bug.cgi?id=966172

https://bugzilla.suse.com/show_bug.cgi?id=966186

https://bugzilla.suse.com/show_bug.cgi?id=966191

https://bugzilla.suse.com/show_bug.cgi?id=966316

https://bugzilla.suse.com/show_bug.cgi?id=966318

https://bugzilla.suse.com/show_bug.cgi?id=966325

https://bugzilla.suse.com/show_bug.cgi?id=966471

https://bugzilla.suse.com/show_bug.cgi?id=969474

https://bugzilla.suse.com/show_bug.cgi?id=969475

https://bugzilla.suse.com/show_bug.cgi?id=969476

https://bugzilla.suse.com/show_bug.cgi?id=969477

https://bugzilla.suse.com/show_bug.cgi?id=969756

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=971989

https://bugzilla.suse.com/show_bug.cgi?id=972993

https://bugzilla.suse.com/show_bug.cgi?id=974313

https://bugzilla.suse.com/show_bug.cgi?id=974842

https://bugzilla.suse.com/show_bug.cgi?id=974843

https://bugzilla.suse.com/show_bug.cgi?id=978907

https://bugzilla.suse.com/show_bug.cgi?id=979378

https://bugzilla.suse.com/show_bug.cgi?id=979681

https://bugzilla.suse.com/show_bug.cgi?id=981825

https://bugzilla.suse.com/show_bug.cgi?id=983087

https://bugzilla.suse.com/show_bug.cgi?id=983152

https://bugzilla.suse.com/show_bug.cgi?id=983318

https://bugzilla.suse.com/show_bug.cgi?id=985850

https://bugzilla.suse.com/show_bug.cgi?id=986255

https://bugzilla.suse.com/show_bug.cgi?id=986987

https://bugzilla.suse.com/show_bug.cgi?id=987641

https://bugzilla.suse.com/show_bug.cgi?id=987703

https://bugzilla.suse.com/show_bug.cgi?id=987805

https://bugzilla.suse.com/show_bug.cgi?id=988524

https://bugzilla.suse.com/show_bug.cgi?id=988715

https://bugzilla.suse.com/show_bug.cgi?id=990384

https://bugzilla.suse.com/show_bug.cgi?id=992555

https://bugzilla.suse.com/show_bug.cgi?id=993739

https://bugzilla.suse.com/show_bug.cgi?id=993841

https://bugzilla.suse.com/show_bug.cgi?id=993891

https://bugzilla.suse.com/show_bug.cgi?id=994881

https://bugzilla.suse.com/show_bug.cgi?id=995278

https://bugzilla.suse.com/show_bug.cgi?id=997059

https://bugzilla.suse.com/show_bug.cgi?id=997639

https://bugzilla.suse.com/show_bug.cgi?id=997807

https://bugzilla.suse.com/show_bug.cgi?id=998054

https://bugzilla.suse.com/show_bug.cgi?id=998689

https://bugzilla.suse.com/show_bug.cgi?id=999907

https://bugzilla.suse.com/show_bug.cgi?id=999932

https://www.suse.com/security/cve/CVE-2015-1350/

https://www.suse.com/security/cve/CVE-2015-8964/

https://www.suse.com/security/cve/CVE-2016-7039/

https://www.suse.com/security/cve/CVE-2016-7042/

https://www.suse.com/security/cve/CVE-2016-7425/

https://www.suse.com/security/cve/CVE-2016-7913/

https://www.suse.com/security/cve/CVE-2016-7917/

https://www.suse.com/security/cve/CVE-2016-8645/

https://www.suse.com/security/cve/CVE-2016-8666/

https://www.suse.com/security/cve/CVE-2016-9083/

https://www.suse.com/security/cve/CVE-2016-9084/

https://www.suse.com/security/cve/CVE-2016-9793/

https://www.suse.com/security/cve/CVE-2016-9919/

http://www.nessus.org/u?78a2e8c9

Plugin Details

Severity: High

ID: 96603

File Name: suse_SU-2017-0181-1.nasl

Version: 3.6

Type: local

Agent: unix

Published: 2017/01/18

Updated: 2018/11/30

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/01/17

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-1350, CVE-2015-8964, CVE-2016-7039, CVE-2016-7042, CVE-2016-7425, CVE-2016-7913, CVE-2016-7917, CVE-2016-8645, CVE-2016-8666, CVE-2016-9083, CVE-2016-9084, CVE-2016-9793, CVE-2016-9919