Detections
Analytics
openSUSE Security Update : the Linux Kernel (openSUSE-2015-686)
high Nessus Plugin ID 86668
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
The openSUSE 13.2 kernel was updated to receive various security and bugfixes.Following security bugs were fixed :
- CVE-2015-3290: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform improperly relied on espfix64 during nested NMI processing, which allowed local users to gain privileges by triggering an NMI within a certain instruction window (bnc#937969)
- CVE-2015-0272: It was reported that it's possible to craft a Router Advertisement message which will bring the receiver in a state where new IPv6 connections will not be accepted until correct Router Advertisement message received. (bsc#944296).
- CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155).
- CVE-2015-1333: Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys. (bsc#938645)
- CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (bsc#940338)
- CVE-2015-2925: An attacker could potentially break out of a namespace or container, depending on if he had specific rights in these containers. (bsc#926238).
- CVE-2015-7872: A vulnerability in keyrings garbage collector allowed a local user to trigger an oops was found, caused by using request_key() or keyctl request2.
(bsc#951440)
The following non-security bugs were fixed :
- input: evdev - do not report errors form flush() (bsc#939834).
- NFSv4: Recovery of recalled read delegations is broken (bsc#942178).
- apparmor: temporary work around for bug while unloading policy (boo#941867).
- config/x86_64/ec2: Align CONFIG_STRICT_DEVMEM CONFIG_STRICT_DEVMEM is enabled in every other kernel flavor, so enable it for x86_64/ec2 as well.
- kernel-obs-build: add btrfs to initrd This is needed for kiwi builds.
- mmc: card: Do not access RPMB partitions for normal read/write (bnc#941104).
- netback: coalesce (guest) RX SKBs as needed (bsc#919154).
- rpm/kernel-obs-build.spec.in: Add virtio_rng to the initrd. This allows to feed some randomness to the OBS workers.
- xfs: Fix file type directory corruption for btree directories (bsc#941305).
- xfs: ensure buffer types are set correctly (bsc#941305).
- xfs: inode unlink does not set AGI buffer type (bsc#941305).
- xfs: set buf types when converting extent formats (bsc#941305).
- xfs: set superblock buffer type correctly (bsc#941305).
- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#951195).
Solution
Update the affected the Linux Kernel packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=919154
https://bugzilla.opensuse.org/show_bug.cgi?id=926238
https://bugzilla.opensuse.org/show_bug.cgi?id=937969
https://bugzilla.opensuse.org/show_bug.cgi?id=938645
https://bugzilla.opensuse.org/show_bug.cgi?id=939834
https://bugzilla.opensuse.org/show_bug.cgi?id=940338
https://bugzilla.opensuse.org/show_bug.cgi?id=941104
https://bugzilla.opensuse.org/show_bug.cgi?id=941305
https://bugzilla.opensuse.org/show_bug.cgi?id=941867
https://bugzilla.opensuse.org/show_bug.cgi?id=942178
https://bugzilla.opensuse.org/show_bug.cgi?id=944296
https://bugzilla.opensuse.org/show_bug.cgi?id=947155
Plugin Details
Severity: High
ID: 86668
File Name: openSUSE-2015-686.nasl
Version: 2.3
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/30/2015
Updated: 1/19/2021
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-desktop, p-cpe:/a:novell:opensuse:ipset-kmp-xen, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:vhba-kmp-debugsource, p-cpe:/a:novell:opensuse:xen-tools-domu, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:ipset-kmp-pae, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop, p-cpe:/a:novell:opensuse:crash-gcore, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:cloop-kmp-pae, p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:ipset-devel, p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:crash-gcore-debuginfo, p-cpe:/a:novell:opensuse:bbswitch-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default, p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae, p-cpe:/a:novell:opensuse:bbswitch-kmp-xen, p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:crash-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae, p-cpe:/a:novell:opensuse:pcfclock, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:crash-debuginfo, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:ipset-kmp-default, p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-default, p-cpe:/a:novell:opensuse:hdjmod-kmp-default, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:crash-eppic-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-default, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:cloop-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:crash-devel, p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:libipset3, p-cpe:/a:novell:opensuse:cloop-kmp-xen, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:ipset-debugsource, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:vhba-kmp-default, p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:crash-kmp-xen, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:libipset3-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:vhba-kmp-xen, p-cpe:/a:novell:opensuse:xtables-addons-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xtables-addons-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:crash-eppic, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:bbswitch, p-cpe:/a:novell:opensuse:pcfclock-debugsource, p-cpe:/a:novell:opensuse:cloop, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop, p-cpe:/a:novell:opensuse:vhba-kmp-pae, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:cloop-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:ipset-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae, p-cpe:/a:novell:opensuse:bbswitch-kmp-default, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:cloop-debuginfo, p-cpe:/a:novell:opensuse:crash, p-cpe:/a:novell:opensuse:kernel-source-vanilla, cpe:/o:novell:opensuse:13.2, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-pae, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:bbswitch-kmp-pae, p-cpe:/a:novell:opensuse:ipset, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons, p-cpe:/a:novell:opensuse:cloop-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Patch Publication Date: 10/27/2015
Reference Information
CVE: CVE-2015-0272, CVE-2015-1333, CVE-2015-2925, CVE-2015-3290, CVE-2015-5283, CVE-2015-5707, CVE-2015-7872