openSUSE Security Update : the Linux Kernel (openSUSE-2015-879)

medium Nessus Plugin ID 87391

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux Kernel was updated to 4.1.13 and fixes the following issues :

Security issues fixed :

- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.

- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.

- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.

- CVE-2015-7990: A local denial of service due to an incomplete fix of CVE-2015-6937 could lead to crashes (local denial of service).

- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.

Bugs fixed :

- alsa: hda - apply hp headphone fixups more generically (boo#954876).

- alsa: hda - add fixup for acer aspire one cloudbook 14 (boo#954876).

- alsa: hda - fix headphone noise after dell xps 13 resume back from S3 (boo#954876).

- alsa: hda - fix noise on dell latitude e6440 (boo#954876).

- alsa: hda/hdmi - apply skylake fix-ups to broxton display codec (boo#954647).

- alsa: hda - add codec id for broxton display audio codec (boo#954647).

- alsa: hda/realtek - dell xps one alc3260 speaker no sound after resume back (boo#954647).

- alsa: hda - yet another fix for dell headset mic with alc3266 (boo#954647).

- alsa: hda - fix dell laptop for internal mic/headset mic (boo#954647).

- alsa: hda - remove no physical connection pins from pin_quirk table (boo#954647).

- alsa: hda - add pin quirk for the headset mic jack detection on Dell laptop (boo#954647).

- alsa: hda - fix the headset mic that will not work on dell desktop machine (boo#954647).

- alsa: hda - remove one pin from alc292_standard_pins (boo#954647).

- alsa: hda - add dock support for thinkpad w541 (17aa:2211) (boo#954647).

- alsa: hda/realtek: enable hp amp and mute led on hp folio 9480m [v3] (boo#954647).

- alsa: hda/realtek - support dell headset mode for alc298 (boo#954647).

- alsa: hda/realtek - support headset mode for alc298 (boo#954647).

- x86/evtchn: make use of physdevop_map_pirq.

- blktap: also call blkif_disconnect() when frontend switched to closed (boo#952976).

- blktap: refine mm tracking (boo#952976).

- update xen patches to linux 4.1.13.

- Backport arm64 patches from sle12-sp1-arm.

- Backport pci-ea patches

- Enable drm_ast driver

- Fix thunderx edac store function

- Update arm64 config files. Align arm64 vanilla configuration with default.

- rtlwifi: rtl8821ae: fix lockups on boot (boo#944978).

- ethernet/atheros/alx: add killer e2400 device id (boo#955363).

- drm/i915: don't override output type for ddi hdmi (boo#955190).

- drm/i915: set best_encoder field of connector_state also when disabling (boo#955190).

- drm/i915: add hotplug activation period to hotplug update mask (boo#955365).

- drm/i915: avoid race of intel_crt_detect_hotplug() with hpd interrupt, v2 (boo#955365).

- drm/i915: shut up gen8+ sde irq dmesg noise (boo#954757).

- ipv6: fix tunnel error handling (boo#952579).

- Update config files (boo#951533).

- iwlwifi: add new pci ids for the 8260 series (boo#954421).

- iwlwifi: edit the 3165 series and 8000 series pci ids (boo#954421).

- x86/efi-bgrt: switch pr_err() to pr_debug() for invalid bgrt (boo#953559).

- x86/tsc: let high latency pit fail fast in quick_pit_calibrate() (boo#953717).

- Backport arm64 patches from sle12-sp1-arm branch Backports to fix Seattle xgbe driver. Fix EL2 page table for systems with high amount of memory. Needed for KVM to work. Convert WARN_ON in numa implementation to pr_warn.

- input: elantech - add fujitsu lifebook u745 to force crc_enabled (boo#883192).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=883192

https://bugzilla.opensuse.org/show_bug.cgi?id=944978

https://bugzilla.opensuse.org/show_bug.cgi?id=945825

https://bugzilla.opensuse.org/show_bug.cgi?id=948758

https://bugzilla.opensuse.org/show_bug.cgi?id=949936

https://bugzilla.opensuse.org/show_bug.cgi?id=951533

https://bugzilla.opensuse.org/show_bug.cgi?id=952384

https://bugzilla.opensuse.org/show_bug.cgi?id=952579

https://bugzilla.opensuse.org/show_bug.cgi?id=952976

https://bugzilla.opensuse.org/show_bug.cgi?id=953527

https://bugzilla.opensuse.org/show_bug.cgi?id=953559

https://bugzilla.opensuse.org/show_bug.cgi?id=953717

https://bugzilla.opensuse.org/show_bug.cgi?id=954404

https://bugzilla.opensuse.org/show_bug.cgi?id=954421

https://bugzilla.opensuse.org/show_bug.cgi?id=954647

https://bugzilla.opensuse.org/show_bug.cgi?id=954757

https://bugzilla.opensuse.org/show_bug.cgi?id=954876

https://bugzilla.opensuse.org/show_bug.cgi?id=955190

https://bugzilla.opensuse.org/show_bug.cgi?id=955363

https://bugzilla.opensuse.org/show_bug.cgi?id=955365

https://bugzilla.opensuse.org/show_bug.cgi?id=956856

Plugin Details

Severity: Medium

ID: 87391

File Name: openSUSE-2015-879.nasl

Version: 2.5

Type: local

Agent: unix

Published: 12/16/2015

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 5.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:C

CVSS v3

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-pv-base, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, cpe:/o:novell:opensuse:42.1, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-pv, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pv-devel, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-pv-debugsource, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-pv-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-docs-html

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 12/8/2015

Reference Information

CVE: CVE-2015-5307, CVE-2015-6937, CVE-2015-7799, CVE-2015-7990, CVE-2015-8104