SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)

Critical Nessus Plugin ID 97097

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258).

- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710).

- CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152).

- CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).

- CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).

- CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746).

- CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).

- CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).

- CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).

- CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832).

- CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).

- CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).

- CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).

- CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).

- CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052).

- CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).

- CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467).

- CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150).

- CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-kernel-12977=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-kernel-12977=1

SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch slexsp3-kernel-12977=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-kernel-12977=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1003813

https://bugzilla.suse.com/show_bug.cgi?id=1005877

https://bugzilla.suse.com/show_bug.cgi?id=1007615

https://bugzilla.suse.com/show_bug.cgi?id=1008557

https://bugzilla.suse.com/show_bug.cgi?id=1008645

https://bugzilla.suse.com/show_bug.cgi?id=1008831

https://bugzilla.suse.com/show_bug.cgi?id=1008833

https://bugzilla.suse.com/show_bug.cgi?id=1008893

https://bugzilla.suse.com/show_bug.cgi?id=1009875

https://bugzilla.suse.com/show_bug.cgi?id=1010150

https://bugzilla.suse.com/show_bug.cgi?id=1010175

https://bugzilla.suse.com/show_bug.cgi?id=1010201

https://bugzilla.suse.com/show_bug.cgi?id=1010467

https://bugzilla.suse.com/show_bug.cgi?id=1010501

https://bugzilla.suse.com/show_bug.cgi?id=1010507

https://bugzilla.suse.com/show_bug.cgi?id=1010711

https://bugzilla.suse.com/show_bug.cgi?id=1010713

https://bugzilla.suse.com/show_bug.cgi?id=1010716

https://bugzilla.suse.com/show_bug.cgi?id=1011685

https://bugzilla.suse.com/show_bug.cgi?id=1011820

https://bugzilla.suse.com/show_bug.cgi?id=1012183

https://bugzilla.suse.com/show_bug.cgi?id=1012411

https://bugzilla.suse.com/show_bug.cgi?id=1012422

https://bugzilla.suse.com/show_bug.cgi?id=1012832

https://bugzilla.suse.com/show_bug.cgi?id=1012851

https://bugzilla.suse.com/show_bug.cgi?id=1012852

https://bugzilla.suse.com/show_bug.cgi?id=1012917

https://bugzilla.suse.com/show_bug.cgi?id=1013018

https://bugzilla.suse.com/show_bug.cgi?id=1013038

https://bugzilla.suse.com/show_bug.cgi?id=1013042

https://bugzilla.suse.com/show_bug.cgi?id=1013070

https://bugzilla.suse.com/show_bug.cgi?id=1013531

https://bugzilla.suse.com/show_bug.cgi?id=1013542

https://bugzilla.suse.com/show_bug.cgi?id=1014410

https://bugzilla.suse.com/show_bug.cgi?id=1014454

https://bugzilla.suse.com/show_bug.cgi?id=1014746

https://bugzilla.suse.com/show_bug.cgi?id=1015561

https://bugzilla.suse.com/show_bug.cgi?id=1015752

https://bugzilla.suse.com/show_bug.cgi?id=1015760

https://bugzilla.suse.com/show_bug.cgi?id=1015796

https://bugzilla.suse.com/show_bug.cgi?id=1015803

https://bugzilla.suse.com/show_bug.cgi?id=1015817

https://bugzilla.suse.com/show_bug.cgi?id=1015828

https://bugzilla.suse.com/show_bug.cgi?id=1015844

https://bugzilla.suse.com/show_bug.cgi?id=1015848

https://bugzilla.suse.com/show_bug.cgi?id=1015878

https://bugzilla.suse.com/show_bug.cgi?id=1015932

https://bugzilla.suse.com/show_bug.cgi?id=1016320

https://bugzilla.suse.com/show_bug.cgi?id=1016505

https://bugzilla.suse.com/show_bug.cgi?id=1016520

https://bugzilla.suse.com/show_bug.cgi?id=1016668

https://bugzilla.suse.com/show_bug.cgi?id=1016688

https://bugzilla.suse.com/show_bug.cgi?id=1016824

https://bugzilla.suse.com/show_bug.cgi?id=1016831

https://bugzilla.suse.com/show_bug.cgi?id=1017686

https://bugzilla.suse.com/show_bug.cgi?id=1017710

https://bugzilla.suse.com/show_bug.cgi?id=1019079

https://bugzilla.suse.com/show_bug.cgi?id=1019148

https://bugzilla.suse.com/show_bug.cgi?id=1019165

https://bugzilla.suse.com/show_bug.cgi?id=1019348

https://bugzilla.suse.com/show_bug.cgi?id=1019783

https://bugzilla.suse.com/show_bug.cgi?id=1020214

https://bugzilla.suse.com/show_bug.cgi?id=1021258

https://bugzilla.suse.com/show_bug.cgi?id=748806

https://bugzilla.suse.com/show_bug.cgi?id=786036

https://bugzilla.suse.com/show_bug.cgi?id=790588

https://bugzilla.suse.com/show_bug.cgi?id=795297

https://bugzilla.suse.com/show_bug.cgi?id=800999

https://bugzilla.suse.com/show_bug.cgi?id=821612

https://bugzilla.suse.com/show_bug.cgi?id=824171

https://bugzilla.suse.com/show_bug.cgi?id=851603

https://bugzilla.suse.com/show_bug.cgi?id=853052

https://bugzilla.suse.com/show_bug.cgi?id=871728

https://bugzilla.suse.com/show_bug.cgi?id=901809

https://bugzilla.suse.com/show_bug.cgi?id=909350

https://bugzilla.suse.com/show_bug.cgi?id=909491

https://bugzilla.suse.com/show_bug.cgi?id=913387

https://bugzilla.suse.com/show_bug.cgi?id=914939

https://bugzilla.suse.com/show_bug.cgi?id=919382

https://bugzilla.suse.com/show_bug.cgi?id=924708

https://bugzilla.suse.com/show_bug.cgi?id=925065

https://bugzilla.suse.com/show_bug.cgi?id=953233

https://bugzilla.suse.com/show_bug.cgi?id=961589

https://bugzilla.suse.com/show_bug.cgi?id=962846

https://bugzilla.suse.com/show_bug.cgi?id=969340

https://bugzilla.suse.com/show_bug.cgi?id=973691

https://bugzilla.suse.com/show_bug.cgi?id=987333

https://bugzilla.suse.com/show_bug.cgi?id=987576

https://bugzilla.suse.com/show_bug.cgi?id=989152

https://bugzilla.suse.com/show_bug.cgi?id=989680

https://bugzilla.suse.com/show_bug.cgi?id=989896

https://bugzilla.suse.com/show_bug.cgi?id=990245

https://bugzilla.suse.com/show_bug.cgi?id=992991

https://bugzilla.suse.com/show_bug.cgi?id=993739

https://bugzilla.suse.com/show_bug.cgi?id=993832

https://bugzilla.suse.com/show_bug.cgi?id=996541

https://bugzilla.suse.com/show_bug.cgi?id=996557

https://bugzilla.suse.com/show_bug.cgi?id=997401

https://bugzilla.suse.com/show_bug.cgi?id=999101

https://www.suse.com/security/cve/CVE-2004-0230/

https://www.suse.com/security/cve/CVE-2012-6704/

https://www.suse.com/security/cve/CVE-2013-6368/

https://www.suse.com/security/cve/CVE-2015-1350/

https://www.suse.com/security/cve/CVE-2015-8962/

https://www.suse.com/security/cve/CVE-2015-8964/

https://www.suse.com/security/cve/CVE-2016-10088/

https://www.suse.com/security/cve/CVE-2016-5696/

https://www.suse.com/security/cve/CVE-2016-7910/

https://www.suse.com/security/cve/CVE-2016-7911/

https://www.suse.com/security/cve/CVE-2016-7916/

https://www.suse.com/security/cve/CVE-2016-8399/

https://www.suse.com/security/cve/CVE-2016-8632/

https://www.suse.com/security/cve/CVE-2016-8633/

https://www.suse.com/security/cve/CVE-2016-8646/

https://www.suse.com/security/cve/CVE-2016-9555/

https://www.suse.com/security/cve/CVE-2016-9685/

https://www.suse.com/security/cve/CVE-2016-9756/

https://www.suse.com/security/cve/CVE-2016-9793/

https://www.suse.com/security/cve/CVE-2017-5551/

http://www.nessus.org/u?900c1584

Plugin Details

Severity: Critical

ID: 97097

File Name: suse_SU-2017-0437-1.nasl

Version: 3.7

Type: local

Agent: unix

Published: 2017/02/10

Updated: 2018/11/30

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/02/09

Exploitable With

Core Impact

Reference Information

CVE: CVE-2004-0230, CVE-2012-6704, CVE-2013-6368, CVE-2015-1350, CVE-2015-8962, CVE-2015-8964, CVE-2016-10088, CVE-2016-5696, CVE-2016-7910, CVE-2016-7911, CVE-2016-7916, CVE-2016-8399, CVE-2016-8632, CVE-2016-8633, CVE-2016-8646, CVE-2016-9555, CVE-2016-9576, CVE-2016-9685, CVE-2016-9756, CVE-2016-9793, CVE-2017-5551

BID: 10183, 64291