Detections
Analytics

SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7811 / 7813 / 7814)

medium Nessus Plugin ID 66912

Language:

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues.

The following security issues have been fixed :

 - Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. (CVE-2013-0160)

 - The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)

 - The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223)

 - The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224)

 - The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225)

 - The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227)

 - The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3228)

 - The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3229)

 - The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231)

 - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232)

 - The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234)

 - net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3235)

 - The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. (CVE-2013-3076)

 - The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. (CVE-2013-1979)

 - A kernel information leak via tkill/tgkill was fixed.
 The following bugs have been fixed :

 - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry. (bnc#822722)

 - libfc: do not exch_done() on invalid sequence ptr.
 (bnc#810722)

 - netfilter: ip6t_LOG: fix logging of packet mark.
 (bnc#821930)

 - hyperv: use 3.4 as LIC version string. (bnc#822431)

 - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID.
 (bnc#819655)

 - xen/netback: do not disconnect frontend when seeing oversize packet.

 - xen/netfront: reduce gso_max_size to account for max TCP header.

 - xen/netfront: fix kABI after 'reduce gso_max_size to account for max TCP header'.

 - xfs: Fix kABI due to change in xfs_buf. (bnc#815356)

 - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)).

 - xfs: Serialize file-extending direct IO. (bnc#818371)

 - xhci: Do not switch webcams in some HP ProBooks to XHCI.
 (bnc#805804)

 - bluetooth: Do not switch BT on HP ProBook 4340.
 (bnc#812281)

 - s390/ftrace: fix mcount adjustment. (bnc#809895)

 - mm: memory_dev_init make sure nmi watchdog does not trigger while registering memory sections. (bnc#804609, bnc#820434)

 - patches.fixes/xfs-backward-alloc-fix.diff: xfs: Avoid pathological backwards allocation. (bnc#805945)

 - mm: compaction: Restart compaction from near where it left off

 - mm: compaction: cache if a pageblock was scanned and no pages were isolated

 - mm: compaction: clear PG_migrate_skip based on compaction and reclaim activity

 - mm: compaction: Scan PFN caching KABI workaround

 - mm: page_allocator: Remove first_pass guard

 - mm: vmscan: do not stall on writeback during memory compaction Cache compaction restart points for faster compaction cycles. (bnc#816451)

 - qlge: fix dma map leak when the last chunk is not allocated. (bnc#819519)

 - SUNRPC: Get rid of the redundant xprt->shutdown bit field. (bnc#800907)

 - SUNRPC: Ensure that we grab the XPRT_LOCK before calling xprt_alloc_slot. (bnc#800907)

 - SUNRPC: Fix a UDP transport regression. (bnc#800907)

 - SUNRPC: Allow caller of rpc_sleep_on() to select priority levels. (bnc#800907)

 - SUNRPC: Replace xprt->resend and xprt->sending with a priority queue. (bnc#800907)

 - SUNRPC: Fix potential races in xprt_lock_write_next().
 (bnc#800907)

 - md: cannot re-add disks after recovery. (bnc#808647)

 - fs/xattr.c:getxattr(): improve handling of allocation failures. (bnc#818053)

 - fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed. (bnc#818053)

 - fs/xattr.c:setxattr(): improve handling of allocation failures. (bnc#818053)

 - fs/xattr.c: suppress page allocation failure warnings from sys_listxattr(). (bnc#818053)

 - virtio-blk: Call revalidate_disk() upon online disk resize. (bnc#817339)

 - usb-storage: CY7C68300A chips do not support Cypress ATACB. (bnc#819295)

 - patches.kernel.org/patch-3.0.60-61: Update references (add bnc#810580).

 - usb: Using correct way to clear usb3.0 devices remote wakeup feature. (bnc#818516)

 - xhci: Fix TD size for isochronous URBs. (bnc#818514)

 - ALSA: hda - fixup D3 pin and right channel mute on Haswell HDMI audio. (bnc#818798)

 - ALSA: hda - Apply pin-enablement workaround to all Haswell HDMI codecs. (bnc#818798)

 - xfs: fallback to vmalloc for large buffers in xfs_attrmulti_attr_get. (bnc#818053)

 - xfs: fallback to vmalloc for large buffers in xfs_attrlist_by_handle. (bnc#818053)

 - xfs: xfs: fallback to vmalloc for large buffers in xfs_compat_attrlist_by_handle. (bnc#818053)

 - xHCI: store rings type.

 - xhci: Fix hang on back-to-back Set TR Deq Ptr commands.

 - xHCI: check enqueue pointer advance into dequeue seg.

 - xHCI: store rings last segment and segment numbers.

 - xHCI: Allocate 2 segments for transfer ring.

 - xHCI: count free TRBs on transfer ring.

 - xHCI: factor out segments allocation and free function.

 - xHCI: update sg tablesize.

 - xHCI: set cycle state when allocate rings.

 - xhci: Reserve one command for USB3 LPM disable.

 - xHCI: dynamic ring expansion.

 - xhci: Do not warn on empty ring for suspended devices.

 - md/raid1: Do not release reference to device while handling read error. (bnc#809122, bnc#814719)

 - rpm/mkspec: Stop generating the get_release_number.sh file.

 - rpm/kernel-spec-macros: Properly handle KOTD release numbers with .g suffix.

 - rpm/kernel-spec-macros: Drop the %release_num macro We no longer put the -rcX tag into the release string.

 - rpm/kernel-*.spec.in, rpm/mkspec: Do not force the '<RELEASE>' string in specfiles.

 - mm/mmap: check for RLIMIT_AS before unmapping.
 (bnc#818327)

 - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters. (bnc#792584)

 - mm: Fix add_page_wait_queue() to work for PG_Locked bit waiters. (bnc#792584)

 - bonding: only use primary address for ARP. (bnc#815444)

 - bonding: remove entries for master_ip and vlan_ip and query devices instead. (bnc#815444)

 - mm: speedup in __early_pfn_to_nid. (bnc#810624)

 - TTY: fix atime/mtime regression. (bnc#815745)

 - sd_dif: problem with verify of type 1 protection information (PI). (bnc#817010)

 - sched: harden rq rt usage accounting. (bnc#769685, bnc#788590)

 - rcu: Avoid spurious RCU CPU stall warnings. (bnc#816586)

 - rcu: Dump local stack if cannot dump all CPUs stacks.
 (bnc#816586)

 - rcu: Fix detection of abruptly-ending stall.
 (bnc#816586)

 - rcu: Suppress NMI backtraces when stall ends before dump. (bnc#816586)

 - Update Xen patches to 3.0.74.

 - btrfs: do not re-enter when allocating a chunk.

 - btrfs: save us a read_lock.

 - btrfs: Check CAP_DAC_READ_SEARCH for BTRFS_IOC_INO_PATHS.

 - btrfs: remove unused fs_info from btrfs_decode_error().

 - btrfs: handle null fs_info in btrfs_panic().

 - btrfs: fix varargs in __btrfs_std_error.

 - btrfs: fix the race between bio and btrfs_stop_workers.

 - btrfs: fix NULL pointer after aborting a transaction.

 - btrfs: fix infinite loop when we abort on mount.

 - xfs: Do not allocate new buffers on every call to
 _xfs_buf_find. (bnc#763968)

 - xfs: fix buffer lookup race on allocation failure.
 (bnc#763968)

Solution

Apply SAT patch number 7811 / 7813 / 7814 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=763968

https://bugzilla.novell.com/show_bug.cgi?id=764209

https://bugzilla.novell.com/show_bug.cgi?id=768052

https://bugzilla.novell.com/show_bug.cgi?id=769685

https://bugzilla.novell.com/show_bug.cgi?id=788590

https://bugzilla.novell.com/show_bug.cgi?id=792584

https://bugzilla.novell.com/show_bug.cgi?id=793139

https://bugzilla.novell.com/show_bug.cgi?id=797042

https://bugzilla.novell.com/show_bug.cgi?id=797175

https://bugzilla.novell.com/show_bug.cgi?id=800907

https://bugzilla.novell.com/show_bug.cgi?id=802153

https://bugzilla.novell.com/show_bug.cgi?id=804154

https://bugzilla.novell.com/show_bug.cgi?id=804609

https://bugzilla.novell.com/show_bug.cgi?id=805804

https://bugzilla.novell.com/show_bug.cgi?id=805945

https://bugzilla.novell.com/show_bug.cgi?id=806431

https://bugzilla.novell.com/show_bug.cgi?id=806980

https://bugzilla.novell.com/show_bug.cgi?id=808647

https://bugzilla.novell.com/show_bug.cgi?id=809122

https://bugzilla.novell.com/show_bug.cgi?id=809155

https://bugzilla.novell.com/show_bug.cgi?id=809748

https://bugzilla.novell.com/show_bug.cgi?id=809895

https://bugzilla.novell.com/show_bug.cgi?id=810580

https://bugzilla.novell.com/show_bug.cgi?id=810624

https://bugzilla.novell.com/show_bug.cgi?id=810722

https://bugzilla.novell.com/show_bug.cgi?id=812281

https://bugzilla.novell.com/show_bug.cgi?id=814719

https://bugzilla.novell.com/show_bug.cgi?id=815356

https://bugzilla.novell.com/show_bug.cgi?id=815444

https://bugzilla.novell.com/show_bug.cgi?id=815745

https://bugzilla.novell.com/show_bug.cgi?id=816443

https://bugzilla.novell.com/show_bug.cgi?id=816451

https://bugzilla.novell.com/show_bug.cgi?id=816586

https://bugzilla.novell.com/show_bug.cgi?id=816668

https://bugzilla.novell.com/show_bug.cgi?id=816708

https://bugzilla.novell.com/show_bug.cgi?id=817010

https://bugzilla.novell.com/show_bug.cgi?id=817339

https://bugzilla.novell.com/show_bug.cgi?id=818053

https://bugzilla.novell.com/show_bug.cgi?id=818327

https://bugzilla.novell.com/show_bug.cgi?id=818371

https://bugzilla.novell.com/show_bug.cgi?id=818514

https://bugzilla.novell.com/show_bug.cgi?id=818516

https://bugzilla.novell.com/show_bug.cgi?id=818798

https://bugzilla.novell.com/show_bug.cgi?id=819295

https://bugzilla.novell.com/show_bug.cgi?id=819519

https://bugzilla.novell.com/show_bug.cgi?id=819655

https://bugzilla.novell.com/show_bug.cgi?id=819789

https://bugzilla.novell.com/show_bug.cgi?id=820434

https://bugzilla.novell.com/show_bug.cgi?id=821560

https://bugzilla.novell.com/show_bug.cgi?id=821930

https://bugzilla.novell.com/show_bug.cgi?id=822431

https://bugzilla.novell.com/show_bug.cgi?id=822722

http://support.novell.com/security/cve/CVE-2013-0160.html

http://support.novell.com/security/cve/CVE-2013-1979.html

http://support.novell.com/security/cve/CVE-2013-3076.html

http://support.novell.com/security/cve/CVE-2013-3222.html

http://support.novell.com/security/cve/CVE-2013-3223.html

http://support.novell.com/security/cve/CVE-2013-3224.html

http://support.novell.com/security/cve/CVE-2013-3225.html

http://support.novell.com/security/cve/CVE-2013-3227.html

http://support.novell.com/security/cve/CVE-2013-3228.html

http://support.novell.com/security/cve/CVE-2013-3229.html

http://support.novell.com/security/cve/CVE-2013-3231.html

http://support.novell.com/security/cve/CVE-2013-3232.html

http://support.novell.com/security/cve/CVE-2013-3234.html

http://support.novell.com/security/cve/CVE-2013-3235.html

Plugin Details

Severity: Medium

ID: 66912

File Name: suse_11_kernel-130604.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/18/2013

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-extra, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:xen-kmp-trace

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 6/4/2013

Reference Information

CVE: CVE-2013-0160, CVE-2013-1979, CVE-2013-3076, CVE-2013-3222, CVE-2013-3223, CVE-2013-3224, CVE-2013-3225, CVE-2013-3227, CVE-2013-3228, CVE-2013-3229, CVE-2013-3231, CVE-2013-3232, CVE-2013-3234, CVE-2013-3235