openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)

critical Nessus Plugin ID 74658

Synopsis

The remote openSUSE host is missing a security update.

Description

This kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues.

Following issues were fixed :

- tcp: drop SYN+FIN messages (bnc#765102).

- net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

- fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123).

- macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119).

- hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020).

- xfrm: take net hdr len into account for esp payload size calculation (bnc#759545).

- ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278).

- igb: fix rtnl race in PM resume path (bnc#748859).

- ixgbe: add missing rtnl_lock in PM resume path (bnc#748859).

- b43: allocate receive buffers big enough for max frame len + offset (bnc#717749).

- xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX.

- xenbus_dev: add missing error checks to watch handling.

- hwmon: (coretemp-xen) Fix TjMax detection for older CPUs.

- hwmon: (coretemp-xen) Relax target temperature range check.

- Refresh other Xen patches.

- tlan: add cast needed for proper 64 bit operation (bnc#756840).

- dl2k: Tighten ioctl permissions (bnc#758813).

- [media] cx22702: Fix signal strength.

- fs: cachefiles: Add support for large files in filesystem caching (bnc#747038).

- bridge: correct IPv6 checksum after pull (bnc#738644).

- bridge: fix a possible use after free (bnc#738644).

- bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644).

- bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644).

- PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455).

- ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203).

- drm/i915/crt: Remove 0xa0 probe for VGA.

- tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366).

- drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908).

- dlm: Do not allocate a fd for peeloff (bnc#729247).

- sctp: Export sctp_do_peeloff (bnc#729247).

- i2c-algo-bit: Fix spurious SCL timeouts under heavy load.

- patches.fixes/epoll-dont-limit-non-nested.patch: Don't limit non-nested epoll paths (bnc#676204).

- Update patches.suse/sd_init.mark_majors_busy.patch (bnc#744658).

- igb: Fix for Alt MAC Address feature on 82580 and later devices (bnc#746980).

- mark busy sd majors as allocated (bug#744658).

- regset: Return -EFAULT, not -EIO, on host-side memory fault (bnc# 750079 CVE-2012-1097).

- regset: Prevent NULL pointer reference on readonly regsets (bnc#750079 CVE-2012-1097).

- mm: memcg: Correct unregistring of events attached to the same eventfd (CVE-2012-1146 bnc#750959).

- befs: Validate length of long symbolic links (CVE-2011-2928 bnc#713430).

- si4713-i2c: avoid potential buffer overflow on si4713 (CVE-2011-2700 bnc#707332).

- staging: comedi: fix infoleak to userspace (CVE-2011-2909 bnc#711941).

- hfs: add sanity check for file name length (CVE-2011-4330 bnc#731673).

- cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 bnc#749569).

- drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044 bnc#740745).

- xfs: fix acl count validation in xfs_acl_from_disk() (CVE-2012-0038 bnc#740703).

- xfs: validate acl count (CVE-2012-0038 bnc#740703).

- patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_ readlink: Work around missing xfs_alert().

- xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() (CVE-2011-4077 bnc#726600).

- xfs: Fix possible memory corruption in xfs_readlink (CVE-2011-4077 bnc#726600).

- ext4: make ext4_split_extent() handle error correctly.

- ext4: ext4_ext_convert_to_initialized bug found in extended FSX testing.

- ext4: add ext4_split_extent_at() and ext4_split_extent().

- ext4: reimplement convert and split_unwritten (CVE-2011-3638 bnc#726045).

- patches.fixes/epoll-limit-paths.patch: epoll: limit paths (bnc#676204 CVE-2011-1083).

- patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi change in struct file (bnc#676204 CVE-2011-1083).

- NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279 bnc#747660).

- igmp: Avoid zero delay when receiving odd mixture of IGMP queries (bnc#740448 CVE-2012-0207).

- jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (bnc#745832 CVE-2011-4086).

- AppArmor: fix oops in apparmor_setprocattr (bnc#717209 CVE-2011-3619).

- Refresh patches.suse/SoN-22-netvm.patch. Clean and
*working* patches.

- Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671) Fix an rcu locking imbalance in the receive path triggered when using vlans.

- Fix mangled patch (invalid date) Although accepted by `patch`, this is rejected by `git apply`

- Fix mangled diff lines (leading space tab vs tab) Although accepted by `patch`, these are rejected by `git apply`

- jbd/jbd2: validate sb->s_first in journal_get_superblock() (bnc#730118).

- fsnotify: don't BUG in fsnotify_destroy_mark() (bnc#689860).

- Fix patches.fixes/x25-Handle-undersized-fragmented-skbs.patc h (CVE-2010-3873 bnc#651219).

- Fix patches.fixes/x25-Prevent-skb-overreads-when-checking-ca ll-user-da.patch (CVE-2010-3873 bnc#651219).

- Fix patches.fixes/x25-Validate-incoming-call-user-data-lengt hs.patch (CVE-2010-3873 bnc#651219).

- Fix patches.fixes/x25-possible-skb-leak-on-bad-facilities.pa tch (CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260).

- Update patches.fixes/econet-4-byte-infoleak-to-the-network.patc h (bnc#681186 CVE-2011-1173). Fix reference.

- hwmon: (w83627ehf) Properly report thermal diode sensors.

- nl80211: fix overflow in ssid_len (bnc#703410 CVE-2011-2517).

- nl80211: fix check for valid SSID size in scan operations (bnc#703410 CVE-2011-2517).

- x25: Prevent skb overreads when checking call user data (CVE-2010-3873 bnc#737624).

- x25: Handle undersized/fragmented skbs (CVE-2010-3873 bnc#737624).

- x25: Validate incoming call user data lengths (CVE-2010-3873 bnc#737624).

- x25: possible skb leak on bad facilities (CVE-2010-3873 bnc#737624).

- net: Add a flow_cache_flush_deferred function (bnc#737624).

- xfrm: avoid possible oopse in xfrm_alloc_dst (bnc#737624).

- scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249).

Solution

Update the affected Kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=466279

https://bugzilla.novell.com/show_bug.cgi?id=651219

https://bugzilla.novell.com/show_bug.cgi?id=653260

https://bugzilla.novell.com/show_bug.cgi?id=655696

https://bugzilla.novell.com/show_bug.cgi?id=676204

https://bugzilla.novell.com/show_bug.cgi?id=681186

https://bugzilla.novell.com/show_bug.cgi?id=681639

https://bugzilla.novell.com/show_bug.cgi?id=683671

https://bugzilla.novell.com/show_bug.cgi?id=689860

https://bugzilla.novell.com/show_bug.cgi?id=703410

https://bugzilla.novell.com/show_bug.cgi?id=707332

https://bugzilla.novell.com/show_bug.cgi?id=711941

https://bugzilla.novell.com/show_bug.cgi?id=713430

https://bugzilla.novell.com/show_bug.cgi?id=714455

https://bugzilla.novell.com/show_bug.cgi?id=717209

https://bugzilla.novell.com/show_bug.cgi?id=717749

https://bugzilla.novell.com/show_bug.cgi?id=721366

https://bugzilla.novell.com/show_bug.cgi?id=726045

https://bugzilla.novell.com/show_bug.cgi?id=726600

https://bugzilla.novell.com/show_bug.cgi?id=729247

https://bugzilla.novell.com/show_bug.cgi?id=730118

https://bugzilla.novell.com/show_bug.cgi?id=731673

https://bugzilla.novell.com/show_bug.cgi?id=732908

https://bugzilla.novell.com/show_bug.cgi?id=737624

https://bugzilla.novell.com/show_bug.cgi?id=738644

https://bugzilla.novell.com/show_bug.cgi?id=740448

https://bugzilla.novell.com/show_bug.cgi?id=740703

https://bugzilla.novell.com/show_bug.cgi?id=740745

https://bugzilla.novell.com/show_bug.cgi?id=744658

https://bugzilla.novell.com/show_bug.cgi?id=745832

https://bugzilla.novell.com/show_bug.cgi?id=746980

https://bugzilla.novell.com/show_bug.cgi?id=747038

https://bugzilla.novell.com/show_bug.cgi?id=747660

https://bugzilla.novell.com/show_bug.cgi?id=748859

https://bugzilla.novell.com/show_bug.cgi?id=749569

https://bugzilla.novell.com/show_bug.cgi?id=750079

https://bugzilla.novell.com/show_bug.cgi?id=750959

https://bugzilla.novell.com/show_bug.cgi?id=756203

https://bugzilla.novell.com/show_bug.cgi?id=756840

https://bugzilla.novell.com/show_bug.cgi?id=757278

https://bugzilla.novell.com/show_bug.cgi?id=758243

https://bugzilla.novell.com/show_bug.cgi?id=758260

https://bugzilla.novell.com/show_bug.cgi?id=758813

https://bugzilla.novell.com/show_bug.cgi?id=759545

https://bugzilla.novell.com/show_bug.cgi?id=760902

https://bugzilla.novell.com/show_bug.cgi?id=765102

https://bugzilla.novell.com/show_bug.cgi?id=765320

https://lists.opensuse.org/opensuse-updates/2012-06/msg00031.html

Plugin Details

Severity: Critical

ID: 74658

File Name: openSUSE-2012-342.nasl

Version: 1.9

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-debugsource, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:preload-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:preload-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, cpe:/o:novell:opensuse:11.4, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:preload, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-vmi-base

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/19/2012

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-4020, CVE-2010-3873, CVE-2010-4164, CVE-2010-4249, CVE-2011-1083, CVE-2011-1173, CVE-2011-2517, CVE-2011-2700, CVE-2011-2909, CVE-2011-2928, CVE-2011-3619, CVE-2011-3638, CVE-2011-4077, CVE-2011-4086, CVE-2011-4330, CVE-2012-0038, CVE-2012-0044, CVE-2012-0207, CVE-2012-1090, CVE-2012-1097, CVE-2012-1146, CVE-2012-2119, CVE-2012-2123, CVE-2012-2136, CVE-2012-2663

CWE: 119