SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1611-1)

high Nessus Plugin ID 86121

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes.

Following security bugs were fixed :

- CVE-2015-5707: An integer overflow in the SCSI generic driver could be potentially used by local attackers to crash the kernel or execute code (bsc#940338).

- CVE-2015-5364: A remote denial of service (hang) via UDP flood with incorrect package checksums was fixed.
(bsc#936831).

- CVE-2015-5366: A remote denial of service (unexpected error returns) via UDP flood with incorrect package checksums was fixed. (bsc#936831).

- CVE-2015-1420: A race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bnc#915517).

- CVE-2015-4700: A local user could have created a bad instruction in the JIT processed BPF code, leading to a kernel crash (bnc#935705).

- CVE-2015-4167: The UDF filesystem in the Linux kernel was vulnerable to a crash which could occur while fetching inode information from a corrupted/malicious udf file system image. (bsc#933907).

- CVE-2014-9728 CVE-2014-9729 CVE-2014-9730 CVE-2014-9731:
Various issues in handling UDF filesystems in the Linux kernel allowed the corruption of kernel memory and other issues. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.
(bsc#933904 bsc#933896)

- CVE-2015-2150: The Linux kernel did not properly restrict access to PCI command registers, which might have allowed local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response (bsc#919463).

- CVE-2015-0777: drivers/xen/usbback/usbback.c as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allowed guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors (bnc#917830).

- CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel did not prevent the TS_COMPAT flag from reaching a user-mode task, which might have allowed local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16 (bnc#926240).

- CVE-2015-1805: The Linux kernels implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (bsc#933429).

Also

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for VMWare 11-SP3 :

zypper in -t patch slessp3-kernel-201508-12100=1

SUSE Linux Enterprise Server 11-SP3 :

zypper in -t patch slessp3-kernel-201508-12100=1

SUSE Linux Enterprise Server 11-EXTRA :

zypper in -t patch slexsp3-kernel-201508-12100=1

SUSE Linux Enterprise Desktop 11-SP3 :

zypper in -t patch sledsp3-kernel-201508-12100=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-kernel-201508-12100=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=851068

https://bugzilla.suse.com/show_bug.cgi?id=867362

https://bugzilla.suse.com/show_bug.cgi?id=873385

https://bugzilla.suse.com/show_bug.cgi?id=883380

https://bugzilla.suse.com/show_bug.cgi?id=886785

https://bugzilla.suse.com/show_bug.cgi?id=894936

https://bugzilla.suse.com/show_bug.cgi?id=915517

https://bugzilla.suse.com/show_bug.cgi?id=917830

https://bugzilla.suse.com/show_bug.cgi?id=919463

https://bugzilla.suse.com/show_bug.cgi?id=920110

https://bugzilla.suse.com/show_bug.cgi?id=920250

https://bugzilla.suse.com/show_bug.cgi?id=920733

https://bugzilla.suse.com/show_bug.cgi?id=921430

https://bugzilla.suse.com/show_bug.cgi?id=923245

https://bugzilla.suse.com/show_bug.cgi?id=924701

https://bugzilla.suse.com/show_bug.cgi?id=925705

https://bugzilla.suse.com/show_bug.cgi?id=925881

https://bugzilla.suse.com/show_bug.cgi?id=925903

https://bugzilla.suse.com/show_bug.cgi?id=926240

https://bugzilla.suse.com/show_bug.cgi?id=926953

https://bugzilla.suse.com/show_bug.cgi?id=927355

https://bugzilla.suse.com/show_bug.cgi?id=927786

https://bugzilla.suse.com/show_bug.cgi?id=929142

https://bugzilla.suse.com/show_bug.cgi?id=929143

https://bugzilla.suse.com/show_bug.cgi?id=930092

https://bugzilla.suse.com/show_bug.cgi?id=930761

https://bugzilla.suse.com/show_bug.cgi?id=930934

https://bugzilla.suse.com/show_bug.cgi?id=931538

https://bugzilla.suse.com/show_bug.cgi?id=932348

https://bugzilla.suse.com/show_bug.cgi?id=932458

https://bugzilla.suse.com/show_bug.cgi?id=933429

https://bugzilla.suse.com/show_bug.cgi?id=933896

https://bugzilla.suse.com/show_bug.cgi?id=933904

https://bugzilla.suse.com/show_bug.cgi?id=933907

https://bugzilla.suse.com/show_bug.cgi?id=933936

https://bugzilla.suse.com/show_bug.cgi?id=934742

https://bugzilla.suse.com/show_bug.cgi?id=934944

https://bugzilla.suse.com/show_bug.cgi?id=935053

https://bugzilla.suse.com/show_bug.cgi?id=935572

https://bugzilla.suse.com/show_bug.cgi?id=935705

https://bugzilla.suse.com/show_bug.cgi?id=935866

https://bugzilla.suse.com/show_bug.cgi?id=935906

https://bugzilla.suse.com/show_bug.cgi?id=936077

https://bugzilla.suse.com/show_bug.cgi?id=936423

https://bugzilla.suse.com/show_bug.cgi?id=936637

https://bugzilla.suse.com/show_bug.cgi?id=936831

https://bugzilla.suse.com/show_bug.cgi?id=936875

https://bugzilla.suse.com/show_bug.cgi?id=936925

https://bugzilla.suse.com/show_bug.cgi?id=937032

https://bugzilla.suse.com/show_bug.cgi?id=937402

https://bugzilla.suse.com/show_bug.cgi?id=937444

https://bugzilla.suse.com/show_bug.cgi?id=937503

https://bugzilla.suse.com/show_bug.cgi?id=937641

https://bugzilla.suse.com/show_bug.cgi?id=937855

https://bugzilla.suse.com/show_bug.cgi?id=939910

https://bugzilla.suse.com/show_bug.cgi?id=939994

https://bugzilla.suse.com/show_bug.cgi?id=940338

https://bugzilla.suse.com/show_bug.cgi?id=940398

https://bugzilla.suse.com/show_bug.cgi?id=942350

https://www.suse.com/security/cve/CVE-2014-9728/

https://www.suse.com/security/cve/CVE-2014-9729/

https://www.suse.com/security/cve/CVE-2014-9730/

https://www.suse.com/security/cve/CVE-2014-9731/

https://www.suse.com/security/cve/CVE-2015-0777/

https://www.suse.com/security/cve/CVE-2015-1420/

https://www.suse.com/security/cve/CVE-2015-1805/

https://www.suse.com/security/cve/CVE-2015-2150/

https://www.suse.com/security/cve/CVE-2015-2830/

https://www.suse.com/security/cve/CVE-2015-4167/

https://www.suse.com/security/cve/CVE-2015-4700/

https://www.suse.com/security/cve/CVE-2015-5364/

https://www.suse.com/security/cve/CVE-2015-5366/

https://www.suse.com/security/cve/CVE-2015-5707/

http://www.nessus.org/u?441d7fc3

Plugin Details

Severity: High

ID: 86121

File Name: suse_SU-2015-1611-1.nasl

Version: 2.11

Type: local

Agent: unix

Published: 9/24/2015

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-bigsmp-base, p-cpe:/a:novell:suse_linux:kernel-trace-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:kernel-pae-extra, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-bigsmp, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-bigsmp-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-xen-extra, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-pae-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/23/2015

Vulnerability Publication Date: 3/12/2015

Reference Information

CVE: CVE-2014-9728, CVE-2014-9729, CVE-2014-9730, CVE-2014-9731, CVE-2015-0777, CVE-2015-1420, CVE-2015-1805, CVE-2015-2150, CVE-2015-2830, CVE-2015-4167, CVE-2015-4700, CVE-2015-5364, CVE-2015-5366, CVE-2015-5707

BID: 72357, 73014, 73699, 73921, 74951, 74963, 74964, 75001, 75356, 75510