SUSE SLED11 / SLES11 Security Update : kernel-source (SUSE-SU-2015:1678-1)

high Nessus Plugin ID 86290

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

Following security bugs were fixed :

- CVE-2015-6252: Possible file descriptor leak for each VHOST_SET_LOG_FDcommand issued, this could eventually wasting available system resources and creating a denial of service (bsc#942367).

- CVE-2015-5707: Possible integer overflow in the calculation of total number of pages in bio_map_user_iov() (bsc#940338).

- CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allowed remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood (bsc#936831).

- CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allowed remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364 (bsc#936831).

- CVE-2015-1420: Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function (bsc#915517).

- CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed
__copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O' vector array overrun.
(bsc#933429)

- CVE-2015-2150: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. (bsc#919463)

- CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bsc#926240)

- CVE-2015-4700: The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler (bsc#935705).

- CVE-2015-4167: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 did not validate certain length values, which allowed local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem (bsc#933907).

- CVE-2015-0777: drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bsc#917830)

- CVE-2014-9728: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not validate certain lengths, which allowed local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c (bsc#933904).

- CVE-2014-9730: The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel before 3.18.2 relies on component lengths that are unused, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904).

- CVE-2014-9729: The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.18.2 did not ensure a certain data-structure size consistency, which allowed local users to cause a denial of service (system crash) via a crafted UDF filesystem image (bsc#933904).

- CVE-2014-9731: The UDF filesystem implementation in the Linux kernel before 3.18.2 did not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allowed local users to obtain sensitive information via a crafted filesystem image, related to fs/udf/symlink.c and fs/udf/unicode.c (bsc#933896).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-kernel-20150908-12114=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-kernel-20150908-12114=1

SUSE Linux Enterprise Server 11-EXTRA :

zypper in -t patch slexsp3-kernel-20150908-12114=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-kernel-20150908-12114=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-kernel-20150908-12114=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=777565

https://bugzilla.suse.com/show_bug.cgi?id=867362

https://bugzilla.suse.com/show_bug.cgi?id=873385

https://bugzilla.suse.com/show_bug.cgi?id=883380

https://bugzilla.suse.com/show_bug.cgi?id=884333

https://bugzilla.suse.com/show_bug.cgi?id=886785

https://bugzilla.suse.com/show_bug.cgi?id=891116

https://bugzilla.suse.com/show_bug.cgi?id=894936

https://bugzilla.suse.com/show_bug.cgi?id=915517

https://bugzilla.suse.com/show_bug.cgi?id=917830

https://bugzilla.suse.com/show_bug.cgi?id=917968

https://bugzilla.suse.com/show_bug.cgi?id=919463

https://bugzilla.suse.com/show_bug.cgi?id=920016

https://bugzilla.suse.com/show_bug.cgi?id=920110

https://bugzilla.suse.com/show_bug.cgi?id=920250

https://bugzilla.suse.com/show_bug.cgi?id=920733

https://bugzilla.suse.com/show_bug.cgi?id=921430

https://bugzilla.suse.com/show_bug.cgi?id=923002

https://bugzilla.suse.com/show_bug.cgi?id=923245

https://bugzilla.suse.com/show_bug.cgi?id=923431

https://bugzilla.suse.com/show_bug.cgi?id=936423

https://bugzilla.suse.com/show_bug.cgi?id=936637

https://bugzilla.suse.com/show_bug.cgi?id=936831

https://bugzilla.suse.com/show_bug.cgi?id=936875

https://bugzilla.suse.com/show_bug.cgi?id=936921

https://bugzilla.suse.com/show_bug.cgi?id=936925

https://bugzilla.suse.com/show_bug.cgi?id=937032

https://bugzilla.suse.com/show_bug.cgi?id=937256

https://bugzilla.suse.com/show_bug.cgi?id=937402

https://bugzilla.suse.com/show_bug.cgi?id=937444

https://bugzilla.suse.com/show_bug.cgi?id=937503

https://bugzilla.suse.com/show_bug.cgi?id=937641

https://bugzilla.suse.com/show_bug.cgi?id=937855

https://bugzilla.suse.com/show_bug.cgi?id=938485

https://bugzilla.suse.com/show_bug.cgi?id=939910

https://bugzilla.suse.com/show_bug.cgi?id=939994

https://bugzilla.suse.com/show_bug.cgi?id=940338

https://bugzilla.suse.com/show_bug.cgi?id=940398

https://bugzilla.suse.com/show_bug.cgi?id=940925

https://bugzilla.suse.com/show_bug.cgi?id=940966

https://bugzilla.suse.com/show_bug.cgi?id=942204

https://bugzilla.suse.com/show_bug.cgi?id=942305

https://bugzilla.suse.com/show_bug.cgi?id=942350

https://bugzilla.suse.com/show_bug.cgi?id=942367

https://bugzilla.suse.com/show_bug.cgi?id=942404

https://bugzilla.suse.com/show_bug.cgi?id=942605

https://bugzilla.suse.com/show_bug.cgi?id=942688

https://bugzilla.suse.com/show_bug.cgi?id=942938

https://bugzilla.suse.com/show_bug.cgi?id=943477

https://www.suse.com/security/cve/CVE-2014-9728/

https://www.suse.com/security/cve/CVE-2014-9729/

https://www.suse.com/security/cve/CVE-2014-9730/

https://www.suse.com/security/cve/CVE-2014-9731/

https://www.suse.com/security/cve/CVE-2015-0777/

https://www.suse.com/security/cve/CVE-2015-1420/

https://www.suse.com/security/cve/CVE-2015-1805/

https://www.suse.com/security/cve/CVE-2015-2150/

https://www.suse.com/security/cve/CVE-2015-2830/

https://www.suse.com/security/cve/CVE-2015-4167/

https://www.suse.com/security/cve/CVE-2015-4700/

https://www.suse.com/security/cve/CVE-2015-5364/

https://bugzilla.suse.com/show_bug.cgi?id=924701

https://bugzilla.suse.com/show_bug.cgi?id=925705

https://bugzilla.suse.com/show_bug.cgi?id=925881

https://bugzilla.suse.com/show_bug.cgi?id=925903

https://bugzilla.suse.com/show_bug.cgi?id=926240

https://bugzilla.suse.com/show_bug.cgi?id=926953

https://bugzilla.suse.com/show_bug.cgi?id=927355

https://bugzilla.suse.com/show_bug.cgi?id=928988

https://bugzilla.suse.com/show_bug.cgi?id=929076

https://bugzilla.suse.com/show_bug.cgi?id=929142

https://bugzilla.suse.com/show_bug.cgi?id=929143

https://bugzilla.suse.com/show_bug.cgi?id=930092

https://bugzilla.suse.com/show_bug.cgi?id=930934

https://bugzilla.suse.com/show_bug.cgi?id=931620

https://bugzilla.suse.com/show_bug.cgi?id=932350

https://bugzilla.suse.com/show_bug.cgi?id=932458

https://bugzilla.suse.com/show_bug.cgi?id=932882

https://bugzilla.suse.com/show_bug.cgi?id=933429

https://bugzilla.suse.com/show_bug.cgi?id=933721

https://bugzilla.suse.com/show_bug.cgi?id=933896

https://bugzilla.suse.com/show_bug.cgi?id=933904

https://bugzilla.suse.com/show_bug.cgi?id=933907

https://bugzilla.suse.com/show_bug.cgi?id=933936

https://bugzilla.suse.com/show_bug.cgi?id=934944

https://bugzilla.suse.com/show_bug.cgi?id=935053

https://bugzilla.suse.com/show_bug.cgi?id=935055

https://bugzilla.suse.com/show_bug.cgi?id=935572

https://bugzilla.suse.com/show_bug.cgi?id=935705

https://bugzilla.suse.com/show_bug.cgi?id=935866

https://bugzilla.suse.com/show_bug.cgi?id=935906

https://bugzilla.suse.com/show_bug.cgi?id=936077

https://bugzilla.suse.com/show_bug.cgi?id=936095

https://bugzilla.suse.com/show_bug.cgi?id=936118

https://www.suse.com/security/cve/CVE-2015-5366/

https://www.suse.com/security/cve/CVE-2015-5707/

https://www.suse.com/security/cve/CVE-2015-6252/

http://www.nessus.org/u?9ebdd7b0

Plugin Details

Severity: High

ID: 86290

File Name: suse_SU-2015-1678-1.nasl

Version: 2.9

Type: local

Agent: unix

Published: 10/6/2015

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-trace-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:kernel-pae-extra, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-xen-extra, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-trace-extra, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-pae-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/8/2015

Vulnerability Publication Date: 3/12/2015

Reference Information

CVE: CVE-2014-9728, CVE-2014-9729, CVE-2014-9730, CVE-2014-9731, CVE-2015-0777, CVE-2015-1420, CVE-2015-1805, CVE-2015-2150, CVE-2015-2830, CVE-2015-4167, CVE-2015-4700, CVE-2015-5364, CVE-2015-5366, CVE-2015-5707, CVE-2015-6252

BID: 72357, 73014, 73699, 73921, 74951, 74963, 74964, 75001, 75356, 75510