SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8269 / 8270 / 8283)

high Nessus Plugin ID 70040

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to version 3.0.93 and to fix various bugs and security issues.

The following features have been added :

- NFS: Now supports a 'nosharetransport' option (bnc#807502, bnc#828192, FATE#315593).

- ALSA: virtuoso: Xonar DSX support was added (FATE#316016). The following security issues have been fixed :

- The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. (CVE-2013-2148)

- The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (CVE-2013-2237)

- The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.
(CVE-2013-2232)

- The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel made an incorrect function call for pending data, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-2234)

- net/ceph/auth_none.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.
(CVE-2013-1059)

- The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
(CVE-2013-2164)

- Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851)

- The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel did not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4163)

- Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929)

- The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel did not validate block numbers, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. (CVE-2013-1819)

Also the following non-security bugs have been fixed :

- ACPI / APEI: Force fatal AER severity when component has been reset. (bnc#828886 / bnc#824568)

- PCI/AER: Move AER severity defines to aer.h. (bnc#828886 / bnc#824568)

- PCI/AER: Set dev->__aer_firmware_first only for matching devices. (bnc#828886 / bnc#824568)

- PCI/AER: Factor out HEST device type matching.
(bnc#828886 / bnc#824568)

- PCI/AER: Do not parse HEST table for non-PCIe devices.
(bnc#828886 / bnc#824568)

- PCI/AER: Reset link for devices below Root Port or Downstream Port. (bnc#828886 / bnc#824568)

- zfcp: fix lock imbalance by reworking request queue locking (bnc#835175, LTC#96825).

- qeth: Fix crash on initial MTU size change (bnc#835175, LTC#96809).

- qeth: change default standard blkt settings for OSA Express (bnc#835175, LTC#96808).

- x86: Add workaround to NMI iret woes. (bnc#831949)

- x86: Do not schedule while still in NMI context.
(bnc#831949)

- drm/i915: no longer call drm_helper_resume_force_mode.
(bnc#831424,bnc#800875)

- bnx2x: protect different statistics flows. (bnc#814336)

- bnx2x: Avoid sending multiple statistics queries.
(bnc#814336)

- bnx2x: protect different statistics flows. (bnc#814336)

- ALSA: hda - Fix unbalanced runtime pm refount.
(bnc#834742)

- xhci: directly calling _PS3 on suspend. (bnc#833148)

- futex: Take hugepages into account when generating futex_key.

- e1000e: workaround DMA unit hang on I218. (bnc#834647)

- e1000e: unexpected 'Reset adapter' message when cable pulled. (bnc#834647)

- e1000e: 82577: workaround for link drop issue.
(bnc#834647)

- e1000e: helper functions for accessing EMI registers.
(bnc#834647)

- e1000e: workaround DMA unit hang on I218. (bnc#834647)

- e1000e: unexpected 'Reset adapter' message when cable pulled. (bnc#834647)

- e1000e: 82577: workaround for link drop issue.
(bnc#834647)

- e1000e: helper functions for accessing EMI registers.
(bnc#834647)

- Drivers: hv: util: Fix a bug in version negotiation code for util services. (bnc#828714)

- printk: Add NMI ringbuffer. (bnc#831949)

- printk: extract ringbuffer handling from vprintk.
(bnc#831949)

- printk: NMI safe printk. (bnc#831949)

- printk: Make NMI ringbuffer size independent on log_buf_len. (bnc#831949)

- printk: Do not call console_unlock from nmi context.
(bnc#831949)

- printk: Do not use printk_cpu from finish_printk.
(bnc#831949)

- zfcp: fix schedule-inside-lock in scsi_device list loops (bnc#833073, LTC#94937).

- uvc: increase number of buffers. (bnc#822164, bnc#805804)

- drm/i915: Adding more reserved PCI IDs for Haswell.
(bnc#834116)

- Refresh patches.xen/xen-netback-generalize. (bnc#827378)

- Update Xen patches to 3.0.87.

- mlx4_en: Adding 40gb speed report for ethtool.
(bnc#831410)

- drm/i915: Retry DP aux_ch communications with a different clock after failure. (bnc#831422)

- drm/i915: split aux_clock_divider logic in a separated function for reuse. (bnc#831422)

- drm/i915: dp: increase probe retries. (bnc#831422)

- drm/i915: Only clear write-domains after a successful wait-seqno. (bnc#831422)

- drm/i915: Fix write-read race with multiple rings.
(bnc#831422)

- drm/i915: Retry DP aux_ch communications with a different clock after failure. (bnc#831422)

- drm/i915: split aux_clock_divider logic in a separated function for reuse. (bnc#831422)

- drm/i915: dp: increase probe retries. (bnc#831422)

- drm/i915: Only clear write-domains after a successful wait-seqno. (bnc#831422)

- drm/i915: Fix write-read race with multiple rings.
(bnc#831422)

- xhci: Add xhci_disable_ports boot option. (bnc#822164)

- xhci: set device to D3Cold on shutdown. (bnc#833097)

- reiserfs: Fixed double unlock in reiserfs_setattr failure path.

- reiserfs: locking, release lock around quota operations.
(bnc#815320)

- reiserfs: locking, push write lock out of xattr code.
(bnc#815320)

- reiserfs: locking, handle nested locks properly.
(bnc#815320)

- reiserfs: do not lock journal_init(). (bnc#815320)

- reiserfs: delay reiserfs lock until journal initialization. (bnc#815320)

- NFS: support 'nosharetransport' option (bnc#807502, bnc#828192, FATE#315593).

- HID: hyperv: convert alloc+memcpy to memdup.

- Drivers: hv: vmbus: Implement multi-channel support (fate#316098).

- Drivers: hv: Add the GUID fot synthetic fibre channel device (fate#316098).

- tools: hv: Check return value of setsockopt call.

- tools: hv: Check return value of poll call.

- tools: hv: Check return value of strchr call.

- tools: hv: Fix file descriptor leaks.

- tools: hv: Improve error logging in KVP daemon.

- drivers: hv: switch to use mb() instead of smp_mb().

- drivers: hv: check interrupt mask before read_index.

- drivers: hv: allocate synic structures before hv_synic_init().

- storvsc: Increase the value of scsi timeout for storvsc devices (fate#316098).

- storvsc: Update the storage protocol to win8 level (fate#316098).

- storvsc: Implement multi-channel support (fate#316098).

- storvsc: Support FC devices (fate#316098).

- storvsc: Increase the value of STORVSC_MAX_IO_REQUESTS (fate#316098).

- hyperv: Fix the NETIF_F_SG flag setting in netvsc.

- Drivers: hv: vmbus: incorrect device name is printed when child device is unregistered.

- Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration.
(bnc#828714)

- ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size. (bnc#831055, CVE-2013-4163)

- ipv6: ip6_append_data_mtu did not care about pmtudisc and frag_size. (bnc#831055, CVE-2013-4163)

- dm mpath: add retain_attached_hw_handler feature.
(bnc#760407)

- scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407)

- af_key: fix info leaks in notify messages. (bnc#827749 / CVE-2013-2234)

- af_key: initialize satype in key_notify_policy_flush().
(bnc#828119 / CVE-2013-2237)

- ipv6: call udp_push_pending_frames when uncorking a socket with. (bnc#831058, CVE-2013-4162)

- tg3: fix length overflow in VPD firmware parsing.
(bnc#813733 / CVE-2013-1929)

- xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end. (CVE-2013-1819 / bnc#807471)

- ipv6: ip6_sk_dst_check() must not assume ipv6 dst.
(bnc#827750, CVE-2013-2232)

- dasd: fix hanging devices after path events (bnc#831623, LTC#96336).

- kernel: z90crypt module load crash (bnc#831623, LTC#96214).

- ata: Fix DVD not detected at some platform with Wellsburg PCH. (bnc#822225)

- drm/i915: edp: add standard modes. (bnc#832318)

- Do not switch camera on yet more HP machines.
(bnc#822164)

- Do not switch camera on HP EB 820 G1. (bnc#822164)

- xhci: Avoid NULL pointer deref when host dies.
(bnc#827271)

- bonding: disallow change of MAC if fail_over_mac enabled. (bnc#827376)

- bonding: propagate unicast lists down to slaves.
(bnc#773255 / bnc#827372)

- net/bonding: emit address change event also in bond_release. (bnc#773255 / bnc#827372)

- bonding: emit event when bonding changes MAC.
(bnc#773255 / bnc#827372)

- usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all controllers with xhci 1.0. (bnc#797909)

- xhci: fix NULL pointer dereference on ring_doorbell_for_active_rings. (bnc#827271)

- updated reference for security issue fixed inside.
(CVE-2013-3301 / bnc#815256)

- qla2xxx: Clear the MBX_INTR_WAIT flag when the mailbox time-out happens. (bnc#830478)

- drm/i915: initialize gt_lock early with other spin locks. (bnc#801341)

- drm/i915: fix up gt init sequence fallout. (bnc#801341)

- drm/i915: initialize gt_lock early with other spin locks. (bnc#801341)

- drm/i915: fix up gt init sequence fallout. (bnc#801341)

- timer_list: Correct the iterator for timer_list.
(bnc#818047)

- firmware: do not spew errors in normal boot (bnc#831438, fate#314574).

- ALSA: virtuoso: Xonar DSX support (FATE#316016).

- SUNRPC: Ensure we release the socket write lock if the rpc_task exits early. (bnc#830901)

- ext4: Re-add config option Building ext4 as the ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote that read-write module should be enabled. This update just defaults allow_rw to true if it is set.

- e1000: fix vlan processing regression. (bnc#830766)

- ext4: force read-only unless rw=1 module option is used (fate#314864).

- dm mpath: fix ioctl deadlock when no paths. (bnc#808940)

- HID: fix unused rsize usage. (bnc#783475)

- add reference for b43 format string flaw. (bnc#822579 / CVE-2013-2852)

- HID: fix data access in implement(). (bnc#783475)

- xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x.
(bnc#829622)

- kernel: sclp console hangs (bnc#830346, LTC#95711).

- Refresh patches.fixes/rtc-add-an-alarm-disable-quirk.patch.

- Delete patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-th e-first-occurrence. It was removed from series.conf in 063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file was not deleted.

- Drivers: hv: balloon: Do not post pressure status if interrupted. (bnc#829539)

- Drivers: hv: balloon: Fix a bug in the hot-add code.
(bnc#829539)

- drm/i915: Fix incoherence with fence updates on Sandybridge+. (bnc#809463)

- drm/i915: merge {i965, sandybridge}_write_fence_reg().
(bnc#809463)

- drm/i915: Fix incoherence with fence updates on Sandybridge+. (bnc#809463)

- drm/i915: merge {i965, sandybridge}_write_fence_reg().
(bnc#809463)

- Refresh patches.fixes/rtc-add-an-alarm-disable-quirk.patch.

- r8169: allow multicast packets on sub-8168f chipset.
(bnc#805371)

- r8169: support new chips of RTL8111F. (bnc#805371)

- r8169: define the early size for 8111evl. (bnc#805371)

- r8169: fix the reset setting for 8111evl. (bnc#805371)

- r8169: add MODULE_FIRMWARE for the firmware of 8111evl.
(bnc#805371)

- r8169: fix sticky accepts packet bits in RxConfig.
(bnc#805371)

- r8169: adjust the RxConfig settings. (bnc#805371)

- r8169: support RTL8111E-VL. (bnc#805371)

- r8169: add ERI functions. (bnc#805371)

- r8169: modify the flow of the hw reset. (bnc#805371)

- r8169: adjust some registers. (bnc#805371)

- r8169: check firmware content sooner. (bnc#805371)

- r8169: support new firmware format. (bnc#805371)

- r8169: explicit firmware format check. (bnc#805371)

- r8169: move the firmware down into the device private data. (bnc#805371)

- r8169: allow multicast packets on sub-8168f chipset.
(bnc#805371)

- r8169: support new chips of RTL8111F. (bnc#805371)

- r8169: define the early size for 8111evl. (bnc#805371)

- r8169: fix the reset setting for 8111evl. (bnc#805371)

- r8169: add MODULE_FIRMWARE for the firmware of 8111evl.
(bnc#805371)

- r8169: fix sticky accepts packet bits in RxConfig.
(bnc#805371)

- r8169: adjust the RxConfig settings. (bnc#805371)

- r8169: support RTL8111E-VL. (bnc#805371)

- r8169: add ERI functions. (bnc#805371)

- r8169: modify the flow of the hw reset. (bnc#805371)

- r8169: adjust some registers. (bnc#805371)

- r8169: check firmware content sooner. (bnc#805371)

- r8169: support new firmware format. (bnc#805371)

- r8169: explicit firmware format check. (bnc#805371)

- r8169: move the firmware down into the device private data. (bnc#805371)

- patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.pa tch: mm: link_mem_sections make sure nmi watchdog does not trigger while linking memory sections. (bnc#820434)

- drm/i915: fix long-standing SNB regression in power consumption after resume v2. (bnc#801341)

- RTC: Add an alarm disable quirk. (bnc#805740)

- drm/i915: Fix bogus hotplug warnings at resume.
(bnc#828087)

- drm/i915: Serialize all register access.
(bnc#809463,bnc#812274,bnc#822878,bnc#828914)

- drm/i915: Resurrect ring kicking for semaphores, selectively. (bnc#828087)

- drm/i915: Fix bogus hotplug warnings at resume.
(bnc#828087)

- drm/i915: Serialize all register access.
(bnc#809463,bnc#812274,bnc#822878,bnc#828914)

- drm/i915: Resurrect ring kicking for semaphores, selectively. (bnc#828087)

- drm/i915: use lower aux clock divider on non-ULT HSW.
(bnc#800875)

- drm/i915: preserve the PBC bits of TRANS_CHICKEN2.
(bnc#828087)

- drm/i915: set CPT FDI RX polarity bits based on VBT.
(bnc#828087)

- drm/i915: hsw: fix link training for eDP on port-A.
(bnc#800875)

- drm/i915: use lower aux clock divider on non-ULT HSW.
(bnc#800875)

- drm/i915: preserve the PBC bits of TRANS_CHICKEN2.
(bnc#828087)

- drm/i915: set CPT FDI RX polarity bits based on VBT.
(bnc#828087)

- drm/i915: hsw: fix link training for eDP on port-A.
(bnc#800875)

- patches.arch/s390-66-02-smp-ipi.patch: kernel: lost IPIs on CPU hotplug (bnc#825048, LTC#94784).

- patches.fixes/iwlwifi-use-correct-supported-firmware-for
-6035-and-.patch: iwlwifi: use correct supported firmware for 6035 and 6000g2. (bnc#825887)

- patches.fixes/watchdog-update-watchdog_thresh-atomically .patch: watchdog: Update watchdog_thresh atomically.
(bnc#829357)

- patches.fixes/watchdog-update-watchdog_tresh-properly.pa tch: watchdog: update watchdog_tresh properly.
(bnc#829357)

- patches.fixes/watchdog-make-disable-enable-hotplug-and-p reempt-save.patch:
watchdog-make-disable-enable-hotplug-and-preempt-save.pa tch. (bnc#829357)

- kabi/severities: Ignore changes in drivers/hv

- patches.drivers/lpfc-return-correct-error-code-on-bsg_ti meout.patch: lpfc: Return correct error code on bsg_timeout. (bnc#816043)

- patches.fixes/dm-drop-table-reference-on-ioctl-retry.pat ch: dm-multipath: Drop table when retrying ioctl.
(bnc#808940)

- scsi: Do not retry invalid function error. (bnc#809122)

- patches.suse/scsi-do-not-retry-invalid-function-error.pa tch: scsi: Do not retry invalid function error.
(bnc#809122)

- scsi: Always retry internal target error. (bnc#745640, bnc#825227)

- patches.suse/scsi-always-retry-internal-target-error.pat ch: scsi: Always retry internal target error.
(bnc#745640, bnc#825227)

- patches.drivers/drm-edid-Don-t-print-messages-regarding- stereo-or-csync-by-default.patch: Refresh: add upstream commit ID.

- patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
Refresh. . (bnc#824915)

- Refresh patches.suse/acpiphp-match-to-Bochs-dmi-data.patch.
(bnc#824915)

- Update kabi files.

- ACPI:remove panic in case hardware has changed after S4.
(bnc#829001)

- ibmvfc: Driver version 1.0.1. (bnc#825142)

- ibmvfc: Fix for offlining devices during error recovery.
(bnc#825142)

- ibmvfc: Properly set cancel flags when cancelling abort.
(bnc#825142)

- ibmvfc: Send cancel when link is down. (bnc#825142)

- ibmvfc: Support FAST_IO_FAIL in EH handlers.
(bnc#825142)

- ibmvfc: Suppress ABTS if target gone. (bnc#825142)

- fs/dcache.c: add cond_resched() to shrink_dcache_parent(). (bnc#829082)

- drivers/cdrom/cdrom.c: use kzalloc() for failing hardware. (bnc#824295, CVE-2013-2164)

- kmsg_dump: do not run on non-error paths by default.
(bnc#820172)

- supported.conf: mark tcm_qla2xxx as supported

- mm: honor min_free_kbytes set by user. (bnc#826960)

- Drivers: hv: util: Fix a bug in version negotiation code for util services. (bnc#828714)

- hyperv: Fix a kernel warning from netvsc_linkstatus_callback(). (bnc#828574)

- RT: Fix up hardening patch to not gripe when avg > available, which lockless access makes possible and happens in -rt kernels running a cpubound ltp realtime testcase. Just keep the output sane in that case.

- kabi/severities: Add exception for aer_recover_queue() There should not be any user besides ghes.ko.

- Fix rpm changelog

- PCI / PM: restore the original behavior of pci_set_power_state(). (bnc#827930)

- fanotify: info leak in copy_event_to_user().
(CVE-2013-2148 / bnc#823517)

- usb: xhci: check usb2 port capabilities before adding hw link PM support. (bnc#828265)

- aerdrv: Move cper_print_aer() call out of interrupt context. (bnc#822052, bnc#824568)

- PCI/AER: pci_get_domain_bus_and_slot() call missing required pci_dev_put(). (bnc#822052, bnc#824568)

- patches.fixes/block-do-not-pass-disk-names-as-format-str ings.patch: block: do not pass disk names as format strings. (bnc#822575 / CVE-2013-2851)

- powerpc: POWER8 cputable entries. (bnc#824256)

- libceph: Fix NULL pointer dereference in auth client code. (CVE-2013-1059, bnc#826350)

- md/raid10: Fix two bug affecting RAID10 reshape.

- Allow NFSv4 to run execute-only files. (bnc#765523)

- fs/ocfs2/namei.c: remove unnecessary ERROR when removing non-empty directory. (bnc#819363)

- block: Reserve only one queue tag for sync IO if only 3 tags are available. (bnc#806396)

- btrfs: merge contiguous regions when loading free space cache

- btrfs: fix how we deal with the orphan block rsv.

- btrfs: fix wrong check during log recovery.

- btrfs: change how we indicate we are adding csums.

Solution

Apply SAT patch number 8269 / 8270 / 8283 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=745640

https://bugzilla.novell.com/show_bug.cgi?id=760407

https://bugzilla.novell.com/show_bug.cgi?id=765523

https://bugzilla.novell.com/show_bug.cgi?id=773006

https://bugzilla.novell.com/show_bug.cgi?id=773255

https://bugzilla.novell.com/show_bug.cgi?id=783475

https://bugzilla.novell.com/show_bug.cgi?id=789010

https://bugzilla.novell.com/show_bug.cgi?id=797909

https://bugzilla.novell.com/show_bug.cgi?id=800875

https://bugzilla.novell.com/show_bug.cgi?id=801341

https://bugzilla.novell.com/show_bug.cgi?id=805371

https://bugzilla.novell.com/show_bug.cgi?id=805740

https://bugzilla.novell.com/show_bug.cgi?id=805804

https://bugzilla.novell.com/show_bug.cgi?id=806396

https://bugzilla.novell.com/show_bug.cgi?id=807471

https://bugzilla.novell.com/show_bug.cgi?id=807502

https://bugzilla.novell.com/show_bug.cgi?id=808940

https://bugzilla.novell.com/show_bug.cgi?id=809122

https://bugzilla.novell.com/show_bug.cgi?id=809463

https://bugzilla.novell.com/show_bug.cgi?id=812274

https://bugzilla.novell.com/show_bug.cgi?id=813733

https://bugzilla.novell.com/show_bug.cgi?id=814336

https://bugzilla.novell.com/show_bug.cgi?id=815256

https://bugzilla.novell.com/show_bug.cgi?id=815320

https://bugzilla.novell.com/show_bug.cgi?id=816043

https://bugzilla.novell.com/show_bug.cgi?id=818047

https://bugzilla.novell.com/show_bug.cgi?id=819363

https://bugzilla.novell.com/show_bug.cgi?id=820172

https://bugzilla.novell.com/show_bug.cgi?id=820434

https://bugzilla.novell.com/show_bug.cgi?id=822052

https://bugzilla.novell.com/show_bug.cgi?id=822164

https://bugzilla.novell.com/show_bug.cgi?id=822225

https://bugzilla.novell.com/show_bug.cgi?id=822575

https://bugzilla.novell.com/show_bug.cgi?id=822579

https://bugzilla.novell.com/show_bug.cgi?id=822878

https://bugzilla.novell.com/show_bug.cgi?id=823517

https://bugzilla.novell.com/show_bug.cgi?id=824256

https://bugzilla.novell.com/show_bug.cgi?id=824295

https://bugzilla.novell.com/show_bug.cgi?id=834116

https://bugzilla.novell.com/show_bug.cgi?id=834647

https://bugzilla.novell.com/show_bug.cgi?id=834742

https://bugzilla.novell.com/show_bug.cgi?id=835175

http://support.novell.com/security/cve/CVE-2013-1059.html

http://support.novell.com/security/cve/CVE-2013-1819.html

http://support.novell.com/security/cve/CVE-2013-1929.html

http://support.novell.com/security/cve/CVE-2013-2148.html

http://support.novell.com/security/cve/CVE-2013-2164.html

http://support.novell.com/security/cve/CVE-2013-2232.html

http://support.novell.com/security/cve/CVE-2013-2234.html

http://support.novell.com/security/cve/CVE-2013-2237.html

http://support.novell.com/security/cve/CVE-2013-2851.html

http://support.novell.com/security/cve/CVE-2013-2852.html

http://support.novell.com/security/cve/CVE-2013-3301.html

http://support.novell.com/security/cve/CVE-2013-4162.html

http://support.novell.com/security/cve/CVE-2013-4163.html

https://bugzilla.novell.com/show_bug.cgi?id=824568

https://bugzilla.novell.com/show_bug.cgi?id=824915

https://bugzilla.novell.com/show_bug.cgi?id=825048

https://bugzilla.novell.com/show_bug.cgi?id=825142

https://bugzilla.novell.com/show_bug.cgi?id=825227

https://bugzilla.novell.com/show_bug.cgi?id=825887

https://bugzilla.novell.com/show_bug.cgi?id=826350

https://bugzilla.novell.com/show_bug.cgi?id=826960

https://bugzilla.novell.com/show_bug.cgi?id=827271

https://bugzilla.novell.com/show_bug.cgi?id=827372

https://bugzilla.novell.com/show_bug.cgi?id=827376

https://bugzilla.novell.com/show_bug.cgi?id=827378

https://bugzilla.novell.com/show_bug.cgi?id=827749

https://bugzilla.novell.com/show_bug.cgi?id=827750

https://bugzilla.novell.com/show_bug.cgi?id=827930

https://bugzilla.novell.com/show_bug.cgi?id=828087

https://bugzilla.novell.com/show_bug.cgi?id=828119

https://bugzilla.novell.com/show_bug.cgi?id=828192

https://bugzilla.novell.com/show_bug.cgi?id=828265

https://bugzilla.novell.com/show_bug.cgi?id=828574

https://bugzilla.novell.com/show_bug.cgi?id=828714

https://bugzilla.novell.com/show_bug.cgi?id=828886

https://bugzilla.novell.com/show_bug.cgi?id=828914

https://bugzilla.novell.com/show_bug.cgi?id=829001

https://bugzilla.novell.com/show_bug.cgi?id=829082

https://bugzilla.novell.com/show_bug.cgi?id=829357

https://bugzilla.novell.com/show_bug.cgi?id=829539

https://bugzilla.novell.com/show_bug.cgi?id=829622

https://bugzilla.novell.com/show_bug.cgi?id=830346

https://bugzilla.novell.com/show_bug.cgi?id=830478

https://bugzilla.novell.com/show_bug.cgi?id=830766

https://bugzilla.novell.com/show_bug.cgi?id=830822

https://bugzilla.novell.com/show_bug.cgi?id=830901

https://bugzilla.novell.com/show_bug.cgi?id=831055

https://bugzilla.novell.com/show_bug.cgi?id=831058

https://bugzilla.novell.com/show_bug.cgi?id=831410

https://bugzilla.novell.com/show_bug.cgi?id=831422

https://bugzilla.novell.com/show_bug.cgi?id=831424

https://bugzilla.novell.com/show_bug.cgi?id=831438

https://bugzilla.novell.com/show_bug.cgi?id=831623

https://bugzilla.novell.com/show_bug.cgi?id=831949

https://bugzilla.novell.com/show_bug.cgi?id=832318

https://bugzilla.novell.com/show_bug.cgi?id=833073

https://bugzilla.novell.com/show_bug.cgi?id=833097

https://bugzilla.novell.com/show_bug.cgi?id=833148

Plugin Details

Severity: High

ID: 70040

File Name: suse_11_kernel-130828.nasl

Version: 1.6

Type: local

Agent: unix

Published: 9/21/2013

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:xen-kmp-pae, p-cpe:/a:novell:suse_linux:11:xen-kmp-default, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 8/28/2013

Reference Information

CVE: CVE-2013-1059, CVE-2013-1819, CVE-2013-1929, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2851, CVE-2013-2852, CVE-2013-3301, CVE-2013-4162, CVE-2013-4163