Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2821-1) (SACK Panic) (SACK Slowness)
critical Nessus Plugin ID 130423
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
This update for the Linux Kernel 3.12.74-60_64_110 fixes several issues.The following security issues were fixed :
CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108).
CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch SUSE-SLE-SAP-12-SP1-2019-2821=1
SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2019-2821=1
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1102682
https://bugzilla.suse.com/show_bug.cgi?id=1103203
https://bugzilla.suse.com/show_bug.cgi?id=1133191
https://bugzilla.suse.com/show_bug.cgi?id=1136446
https://bugzilla.suse.com/show_bug.cgi?id=1137597
https://bugzilla.suse.com/show_bug.cgi?id=1140747
https://bugzilla.suse.com/show_bug.cgi?id=1144903
https://bugzilla.suse.com/show_bug.cgi?id=1151021
https://bugzilla.suse.com/show_bug.cgi?id=1153108
https://bugzilla.suse.com/show_bug.cgi?id=1153158
https://bugzilla.suse.com/show_bug.cgi?id=1153161
https://bugzilla.suse.com/show_bug.cgi?id=904970
https://bugzilla.suse.com/show_bug.cgi?id=907150
https://bugzilla.suse.com/show_bug.cgi?id=920615
https://bugzilla.suse.com/show_bug.cgi?id=920633
https://bugzilla.suse.com/show_bug.cgi?id=930408
https://www.suse.com/security/cve/CVE-2018-5390/
https://www.suse.com/security/cve/CVE-2019-10220/
https://www.suse.com/security/cve/CVE-2019-11477/
https://www.suse.com/security/cve/CVE-2019-11478/
https://www.suse.com/security/cve/CVE-2019-11487/
https://www.suse.com/security/cve/CVE-2019-14835/
https://www.suse.com/security/cve/CVE-2019-17133/
Plugin Details
Severity: Critical
ID: 130423
File Name: suse_SU-2019-2821-1.nasl
Version: 1.7
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/31/2019
Updated: 4/16/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-10220
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2019-17133
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_110-default, p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_110-xen, cpe:/o:novell:suse_linux:12
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/30/2019
Vulnerability Publication Date: 8/6/2018
Reference Information
CVE: CVE-2018-5390, CVE-2019-10220, CVE-2019-11477, CVE-2019-11478, CVE-2019-11487, CVE-2019-14835, CVE-2019-17133, CVE-2019-3846