SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2013:0674-1)

medium Nessus Plugin ID 83580

Synopsis

The remote SUSE host is missing one or more security updates.

Description

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel.

The following security issues have been fixed :

CVE-2013-0871: A race condition in ptrace(2) could be used by local attackers to crash the kernel and/or execute code in kernel context.

CVE-2013-0160: Avoid side channel information leaks from the ptys via ptmx, which allowed local attackers to guess keypresses.

CVE-2012-4530: Avoid leaving bprm->interp on the stack which might have leaked information from the kernel to userland attackers.

CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.

CVE-2013-0216: The Xen netback functionality in the Linux kernel allowed guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.

CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel allowed guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information.

Also the following non-security bugs have been fixed :

S/390 :

- s390x: tty struct used after free (bnc#809692, LTC#90216).

- s390x/kernel: sched_clock() overflow (bnc#799611, LTC#87978).

- qeth: set new mac even if old mac is gone (bnc#789012,LTC#86643).

- qeth: set new mac even if old mac is gone (2) (bnc#792697,LTC#87138).

- qeth: fix deadlock between recovery and bonding driver (bnc#785101,LTC#85905).

- dasd: check count address during online setting (bnc#781485,LTC#85346).

- hugetlbfs: add missing TLB invalidation (bnc#781485,LTC#85463).

- s390/kernel: make user-access pagetable walk code huge page aware (bnc#781485,LTC#85455).

XEN :

- xen/netback: fix netbk_count_requests().

- xen: properly bound buffer access when parsing cpu/availability.

- xen/scsiback/usbback: move cond_resched() invocations to proper place.

- xen/pciback: properly clean up after calling pcistub_device_find().

- xen: add further backward-compatibility configure options.

- xen/PCI: suppress bogus warning on old hypervisors.

- xenbus: fix overflow check in xenbus_dev_write().

- xen/x86: do not corrupt %eip when returning from a signal handler.

Other :

- kernel: Restrict clearing TIF_SIGPENDING (bnc#742111).

- kernel: recalc_sigpending_tsk fixes (bnc#742111).

- xfs: Do not reclaim new inodes in xfs_sync_inodes() (bnc#770980).

- jbd: Avoid BUG_ON when checkpoint stalls (bnc#795335).

- reiserfs: Fix int overflow while calculating free space (bnc#795075).

- cifs: clarify the meaning of tcpStatus == CifsGood (bnc#769093).

- cifs: do not allow cifs_reconnect to exit with NULL socket pointer (bnc#769093).

- cifs: switch to seq_files (bnc#776370).

- scsi: fix check of PQ and PDT bits for WLUNs (bnc#765687).

- hugetlb: preserve hugetlb pte dirty state (bnc#790236).

- poll: enforce RLIMIT_NOFILE in poll() (bnc#787272).

- proc: fix ->open less usage due to ->proc_fops flip (bnc#776370).

- rpm/kernel-binary.spec.in: Ignore kabi errors if %%ignore_kabi_badness is defined. This is used in the Kernel:* projects in the OBS.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected kernel packages

See Also

http://www.nessus.org/u?e0cb7e4a

http://www.nessus.org/u?bda531dd

http://www.nessus.org/u?c96e0858

http://www.nessus.org/u?381762ee

http://www.nessus.org/u?536896a0

http://support.novell.com/security/cve/CVE-2012-4530.html

http://support.novell.com/security/cve/CVE-2013-0160.html

http://support.novell.com/security/cve/CVE-2013-0216.html

http://support.novell.com/security/cve/CVE-2013-0231.html

http://support.novell.com/security/cve/CVE-2013-0268.html

http://support.novell.com/security/cve/CVE-2013-0871.html

https://bugzilla.novell.com/742111

https://bugzilla.novell.com/765687

https://bugzilla.novell.com/769093

https://bugzilla.novell.com/770980

https://bugzilla.novell.com/776370

https://bugzilla.novell.com/781485

https://bugzilla.novell.com/785101

https://bugzilla.novell.com/786013

https://bugzilla.novell.com/787272

https://bugzilla.novell.com/789012

https://bugzilla.novell.com/790236

https://bugzilla.novell.com/792697

https://bugzilla.novell.com/795075

https://bugzilla.novell.com/795335

https://bugzilla.novell.com/797175

https://bugzilla.novell.com/799611

https://bugzilla.novell.com/800280

https://bugzilla.novell.com/801178

https://bugzilla.novell.com/802642

https://bugzilla.novell.com/804154

https://bugzilla.novell.com/809692

http://www.nessus.org/u?fa37e2a9

Plugin Details

Severity: Medium

ID: 83580

File Name: suse_SU-2013-0674-1.nasl

Version: 2.3

Type: local

Agent: unix

Published: 5/20/2015

Updated: 1/19/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-debug, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-bigsmp, p-cpe:/a:novell:suse_linux:kernel-smp, p-cpe:/a:novell:suse_linux:kernel-kdump, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-kdumppae, cpe:/o:novell:suse_linux:10, p-cpe:/a:novell:suse_linux:kernel-xenpae, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-vmipae, p-cpe:/a:novell:suse_linux:kernel-vmi

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/12/2013

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2012-4530, CVE-2013-0160, CVE-2013-0216, CVE-2013-0231, CVE-2013-0268, CVE-2013-0871

BID: 55878, 57176, 57740, 57743, 57838, 57986