SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0010-1) (Meltdown) (Spectre)

high Nessus Plugin ID 105574

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032).

- CVE-2017-5753 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel.

- CVE-2017-5715 / 'SpectreAttack': Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please also check with your CPU / Hardware vendor for available firmware or BIOS updates. As this feature can have a performance impact, it can be disabled using the 'nospec' kernel commandline option.

- CVE-2017-5754 / 'MeltdownAttack': Local attackers on systems with modern CPUs featuring deep instruction pipelining could use code patterns in userspace to speculative executive code that would read otherwise read protected memory. This problem is mitigated by unmapping the Linux Kernel from the user address space during user code execution, following a approach called 'KAISER'. The terms used here are 'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page Table Isolation'.
This is only enabled by default on affected architectures. This feature can be enabled / disabled by the 'pti=[on|off|auto]' or 'nopti' commandline options.
The following security bugs were fixed :

- CVE-2017-17806: The HMAC implementation (crypto/hmac.c) in the Linux kernel did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874).

- CVE-2017-17805: The Salsa20 encryption algorithm in the Linux kernel did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2018-12=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-12=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-12=1

SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2018-12=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2018-12=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-12=1

SUSE Container as a Service Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-12=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1005778

https://bugzilla.suse.com/show_bug.cgi?id=1005780

https://bugzilla.suse.com/show_bug.cgi?id=1005781

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1017967

https://bugzilla.suse.com/show_bug.cgi?id=1039616

https://bugzilla.suse.com/show_bug.cgi?id=1047487

https://bugzilla.suse.com/show_bug.cgi?id=1063043

https://bugzilla.suse.com/show_bug.cgi?id=1064311

https://bugzilla.suse.com/show_bug.cgi?id=1065180

https://bugzilla.suse.com/show_bug.cgi?id=1068032

https://bugzilla.suse.com/show_bug.cgi?id=1068951

https://bugzilla.suse.com/show_bug.cgi?id=1070116

https://bugzilla.suse.com/show_bug.cgi?id=1071009

https://bugzilla.suse.com/show_bug.cgi?id=1072166

https://bugzilla.suse.com/show_bug.cgi?id=1072216

https://bugzilla.suse.com/show_bug.cgi?id=1072556

https://bugzilla.suse.com/show_bug.cgi?id=1072866

https://bugzilla.suse.com/show_bug.cgi?id=1072890

https://bugzilla.suse.com/show_bug.cgi?id=1072962

https://bugzilla.suse.com/show_bug.cgi?id=1073090

https://bugzilla.suse.com/show_bug.cgi?id=1073525

https://bugzilla.suse.com/show_bug.cgi?id=1073792

https://bugzilla.suse.com/show_bug.cgi?id=1073809

https://bugzilla.suse.com/show_bug.cgi?id=1073868

https://bugzilla.suse.com/show_bug.cgi?id=1073874

https://bugzilla.suse.com/show_bug.cgi?id=1073912

https://bugzilla.suse.com/show_bug.cgi?id=963897

https://bugzilla.suse.com/show_bug.cgi?id=964063

https://bugzilla.suse.com/show_bug.cgi?id=966170

https://bugzilla.suse.com/show_bug.cgi?id=966172

https://www.suse.com/security/cve/CVE-2017-17805/

https://www.suse.com/security/cve/CVE-2017-17806/

https://www.suse.com/security/cve/CVE-2017-5715/

https://www.suse.com/security/cve/CVE-2017-5753/

https://www.suse.com/security/cve/CVE-2017-5754/

http://www.nessus.org/u?abca72d4

Plugin Details

Severity: High

ID: 105574

File Name: suse_SU-2018-0010-1.nasl

Version: 3.12

Type: local

Agent: unix

Published: 1/4/2018

Updated: 9/10/2019

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/4/2018

Vulnerability Publication Date: 12/20/2017

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2017-17805, CVE-2017-17806, CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

IAVA: 2018-A-0019, 2018-A-0020