SUSE SLED12 / SLES12 Security Update : SUSE Linux Enterprise 12 kernel (SUSE-SU-2015:1324-1)

high Nessus Plugin ID 85180

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 kernel was updated to 3.12.44 to receive various security and bugfixes.

These features were added :

- mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support (bsc#854824).

- mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (bsc#854817).

Following security bugs were fixed :

- CVE-2015-1805: iov overrun for failed atomic copy could have lead to DoS or privilege escalation (bsc#933429).

- CVE-2015-3212: A race condition in the way the Linux kernel handled lists of associations in SCTP sockets could have lead to list corruption and kernel panics (bsc#936502).

- CVE-2015-4036: DoS via memory corruption in vhost/scsi driver (bsc#931988).

- CVE-2015-4167: Linux kernel built with the UDF file system(CONFIG_UDF_FS) support was vulnerable to a crash.
It occurred while fetching inode information from a corrupted/malicious udf file system image (bsc#933907).

- CVE-2015-4692: DoS via NULL pointer dereference in kvm_apic_has_events function (bsc#935542).

- CVE-2015-5364: Remote DoS via flood of UDP packets with invalid checksums (bsc#936831).

- CVE-2015-5366: Remote DoS of EPOLLET epoll applications via flood of UDP packets with invalid checksums (bsc#936831).

Security issues already fixed in the previous update but not referenced by CVE :

- CVE-2014-9728: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904).

- CVE-2014-9729: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904).

- CVE-2014-9730: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to a crash (bsc#933904).

- CVE-2014-9731: Kernel built with the UDF file system(CONFIG_UDF_FS) support were vulnerable to information leakage (bsc#933896).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12 :

zypper in -t patch SUSE-SLE-WE-12-2015-356=1

SUSE Linux Enterprise Software Development Kit 12 :

zypper in -t patch SUSE-SLE-SDK-12-2015-356=1

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-356=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-356=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2015-356=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-356=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=854817

https://bugzilla.suse.com/show_bug.cgi?id=854824

https://bugzilla.suse.com/show_bug.cgi?id=858727

https://bugzilla.suse.com/show_bug.cgi?id=866911

https://bugzilla.suse.com/show_bug.cgi?id=867362

https://bugzilla.suse.com/show_bug.cgi?id=895814

https://bugzilla.suse.com/show_bug.cgi?id=903279

https://bugzilla.suse.com/show_bug.cgi?id=907092

https://bugzilla.suse.com/show_bug.cgi?id=908491

https://bugzilla.suse.com/show_bug.cgi?id=915183

https://bugzilla.suse.com/show_bug.cgi?id=917630

https://bugzilla.suse.com/show_bug.cgi?id=930599

https://bugzilla.suse.com/show_bug.cgi?id=930972

https://bugzilla.suse.com/show_bug.cgi?id=931124

https://bugzilla.suse.com/show_bug.cgi?id=931403

https://bugzilla.suse.com/show_bug.cgi?id=931538

https://bugzilla.suse.com/show_bug.cgi?id=931620

https://bugzilla.suse.com/show_bug.cgi?id=931860

https://bugzilla.suse.com/show_bug.cgi?id=931988

https://bugzilla.suse.com/show_bug.cgi?id=932348

https://bugzilla.suse.com/show_bug.cgi?id=932793

https://bugzilla.suse.com/show_bug.cgi?id=932897

https://bugzilla.suse.com/show_bug.cgi?id=932898

https://bugzilla.suse.com/show_bug.cgi?id=932899

https://bugzilla.suse.com/show_bug.cgi?id=932900

https://bugzilla.suse.com/show_bug.cgi?id=932967

https://bugzilla.suse.com/show_bug.cgi?id=933117

https://bugzilla.suse.com/show_bug.cgi?id=933429

https://bugzilla.suse.com/show_bug.cgi?id=933637

https://bugzilla.suse.com/show_bug.cgi?id=933896

https://bugzilla.suse.com/show_bug.cgi?id=933904

https://bugzilla.suse.com/show_bug.cgi?id=933907

https://bugzilla.suse.com/show_bug.cgi?id=934160

https://bugzilla.suse.com/show_bug.cgi?id=935083

https://bugzilla.suse.com/show_bug.cgi?id=935085

https://bugzilla.suse.com/show_bug.cgi?id=935088

https://bugzilla.suse.com/show_bug.cgi?id=935174

https://bugzilla.suse.com/show_bug.cgi?id=935542

https://bugzilla.suse.com/show_bug.cgi?id=935881

https://bugzilla.suse.com/show_bug.cgi?id=935918

https://bugzilla.suse.com/show_bug.cgi?id=936012

https://bugzilla.suse.com/show_bug.cgi?id=936423

https://bugzilla.suse.com/show_bug.cgi?id=936445

https://bugzilla.suse.com/show_bug.cgi?id=936446

https://bugzilla.suse.com/show_bug.cgi?id=936502

https://bugzilla.suse.com/show_bug.cgi?id=936556

https://bugzilla.suse.com/show_bug.cgi?id=936831

https://bugzilla.suse.com/show_bug.cgi?id=936875

https://bugzilla.suse.com/show_bug.cgi?id=937032

https://bugzilla.suse.com/show_bug.cgi?id=937087

https://bugzilla.suse.com/show_bug.cgi?id=937609

https://bugzilla.suse.com/show_bug.cgi?id=937612

https://bugzilla.suse.com/show_bug.cgi?id=937613

https://bugzilla.suse.com/show_bug.cgi?id=937616

https://bugzilla.suse.com/show_bug.cgi?id=938022

https://bugzilla.suse.com/show_bug.cgi?id=938023

https://bugzilla.suse.com/show_bug.cgi?id=938024

https://www.suse.com/security/cve/CVE-2014-9728/

https://www.suse.com/security/cve/CVE-2014-9729/

https://www.suse.com/security/cve/CVE-2014-9730/

https://www.suse.com/security/cve/CVE-2014-9731/

https://www.suse.com/security/cve/CVE-2015-1805/

https://www.suse.com/security/cve/CVE-2015-3212/

https://www.suse.com/security/cve/CVE-2015-4036/

https://www.suse.com/security/cve/CVE-2015-4167/

https://www.suse.com/security/cve/CVE-2015-4692/

https://www.suse.com/security/cve/CVE-2015-5364/

https://www.suse.com/security/cve/CVE-2015-5366/

http://www.nessus.org/u?1dcc37f6

https://bugzilla.suse.com/show_bug.cgi?id=918618

https://bugzilla.suse.com/show_bug.cgi?id=921430

https://bugzilla.suse.com/show_bug.cgi?id=924071

https://bugzilla.suse.com/show_bug.cgi?id=924526

https://bugzilla.suse.com/show_bug.cgi?id=926369

https://bugzilla.suse.com/show_bug.cgi?id=926953

https://bugzilla.suse.com/show_bug.cgi?id=927455

https://bugzilla.suse.com/show_bug.cgi?id=927697

https://bugzilla.suse.com/show_bug.cgi?id=927786

https://bugzilla.suse.com/show_bug.cgi?id=928131

https://bugzilla.suse.com/show_bug.cgi?id=929475

https://bugzilla.suse.com/show_bug.cgi?id=929696

https://bugzilla.suse.com/show_bug.cgi?id=929879

https://bugzilla.suse.com/show_bug.cgi?id=929974

https://bugzilla.suse.com/show_bug.cgi?id=930092

https://bugzilla.suse.com/show_bug.cgi?id=930399

https://bugzilla.suse.com/show_bug.cgi?id=930579

Plugin Details

Severity: High

ID: 85180

File Name: suse_SU-2015-1324-1.nasl

Version: 2.14

Type: local

Agent: unix

Published: 8/3/2015

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/16/2015

Vulnerability Publication Date: 7/27/2015

Reference Information

CVE: CVE-2014-9728, CVE-2014-9729, CVE-2014-9730, CVE-2014-9731, CVE-2015-1805, CVE-2015-3212, CVE-2015-4036, CVE-2015-4167, CVE-2015-4692, CVE-2015-5364, CVE-2015-5366

BID: 74664, 74951, 74963, 74964, 75001, 75142, 75510