SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0585-1)

high Nessus Plugin ID 89022

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).

- CVE-2015-5707: Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request (bnc#940338).

- CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).

- CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).

- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that was (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272 (bnc#955354).

- CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).

- CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).

- CVE-2015-8550: Optimizations introduced by the compiler could have lead to double fetch vulnerabilities, potentially possibly leading to arbitrary code execution in backend (bsc#957988).

- CVE-2015-8551: Xen PCI backend driver did not perform proper sanity checks on the device's state, allowing for DoS (bsc#957990).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).

- CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959399).

- CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel attempted to merge distinct setattr operations, which allowed local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application (bnc#960281).

- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).

- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).

- CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).

- CVE-2016-2069: A race in invalidating paging structures that were not in use locally could have lead to disclosoure of information or arbitrary code exectution (bnc#963767).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP1 :

zypper in -t patch SUSE-SLE-WE-12-SP1-2016-329=1

SUSE Linux Enterprise Software Development Kit 12-SP1 :

zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-329=1

SUSE Linux Enterprise Server 12-SP1 :

zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-329=1

SUSE Linux Enterprise Module for Public Cloud 12 :

zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-329=1

SUSE Linux Enterprise Live Patching 12 :

zypper in -t patch SUSE-SLE-Live-Patching-12-2016-329=1

SUSE Linux Enterprise Desktop 12-SP1 :

zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-329=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=812259

https://bugzilla.suse.com/show_bug.cgi?id=855062

https://bugzilla.suse.com/show_bug.cgi?id=867583

https://bugzilla.suse.com/show_bug.cgi?id=899908

https://bugzilla.suse.com/show_bug.cgi?id=902606

https://bugzilla.suse.com/show_bug.cgi?id=924919

https://bugzilla.suse.com/show_bug.cgi?id=935087

https://bugzilla.suse.com/show_bug.cgi?id=937261

https://bugzilla.suse.com/show_bug.cgi?id=937444

https://bugzilla.suse.com/show_bug.cgi?id=938577

https://bugzilla.suse.com/show_bug.cgi?id=940338

https://bugzilla.suse.com/show_bug.cgi?id=940946

https://bugzilla.suse.com/show_bug.cgi?id=941363

https://bugzilla.suse.com/show_bug.cgi?id=942476

https://bugzilla.suse.com/show_bug.cgi?id=943989

https://bugzilla.suse.com/show_bug.cgi?id=944749

https://bugzilla.suse.com/show_bug.cgi?id=945649

https://bugzilla.suse.com/show_bug.cgi?id=947953

https://bugzilla.suse.com/show_bug.cgi?id=949440

https://bugzilla.suse.com/show_bug.cgi?id=949936

https://bugzilla.suse.com/show_bug.cgi?id=950292

https://bugzilla.suse.com/show_bug.cgi?id=951199

https://bugzilla.suse.com/show_bug.cgi?id=951392

https://bugzilla.suse.com/show_bug.cgi?id=951615

https://bugzilla.suse.com/show_bug.cgi?id=952579

https://bugzilla.suse.com/show_bug.cgi?id=952976

https://bugzilla.suse.com/show_bug.cgi?id=954992

https://bugzilla.suse.com/show_bug.cgi?id=959090

https://bugzilla.suse.com/show_bug.cgi?id=959146

https://bugzilla.suse.com/show_bug.cgi?id=959190

https://bugzilla.suse.com/show_bug.cgi?id=959257

https://bugzilla.suse.com/show_bug.cgi?id=955118

https://bugzilla.suse.com/show_bug.cgi?id=955354

https://bugzilla.suse.com/show_bug.cgi?id=955654

https://bugzilla.suse.com/show_bug.cgi?id=956514

https://bugzilla.suse.com/show_bug.cgi?id=956708

https://bugzilla.suse.com/show_bug.cgi?id=957525

https://bugzilla.suse.com/show_bug.cgi?id=957988

https://bugzilla.suse.com/show_bug.cgi?id=957990

https://bugzilla.suse.com/show_bug.cgi?id=958463

https://bugzilla.suse.com/show_bug.cgi?id=958886

https://bugzilla.suse.com/show_bug.cgi?id=958951

https://bugzilla.suse.com/show_bug.cgi?id=959364

https://bugzilla.suse.com/show_bug.cgi?id=959399

https://bugzilla.suse.com/show_bug.cgi?id=959436

https://bugzilla.suse.com/show_bug.cgi?id=959463

https://bugzilla.suse.com/show_bug.cgi?id=959629

https://bugzilla.suse.com/show_bug.cgi?id=960221

https://bugzilla.suse.com/show_bug.cgi?id=960227

https://bugzilla.suse.com/show_bug.cgi?id=960281

https://bugzilla.suse.com/show_bug.cgi?id=960300

https://bugzilla.suse.com/show_bug.cgi?id=961202

https://bugzilla.suse.com/show_bug.cgi?id=961257

https://bugzilla.suse.com/show_bug.cgi?id=961500

https://bugzilla.suse.com/show_bug.cgi?id=961509

https://bugzilla.suse.com/show_bug.cgi?id=961516

https://bugzilla.suse.com/show_bug.cgi?id=961588

https://bugzilla.suse.com/show_bug.cgi?id=961971

https://bugzilla.suse.com/show_bug.cgi?id=962336

https://bugzilla.suse.com/show_bug.cgi?id=962356

https://bugzilla.suse.com/show_bug.cgi?id=962788

https://bugzilla.suse.com/show_bug.cgi?id=962965

https://bugzilla.suse.com/show_bug.cgi?id=963449

https://bugzilla.suse.com/show_bug.cgi?id=963572

https://bugzilla.suse.com/show_bug.cgi?id=963765

https://bugzilla.suse.com/show_bug.cgi?id=963767

https://bugzilla.suse.com/show_bug.cgi?id=963825

https://bugzilla.suse.com/show_bug.cgi?id=964230

https://bugzilla.suse.com/show_bug.cgi?id=964821

https://bugzilla.suse.com/show_bug.cgi?id=965344

https://bugzilla.suse.com/show_bug.cgi?id=965840

https://www.suse.com/security/cve/CVE-2013-7446/

https://www.suse.com/security/cve/CVE-2015-0272/

https://www.suse.com/security/cve/CVE-2015-5707/

https://www.suse.com/security/cve/CVE-2015-7550/

https://www.suse.com/security/cve/CVE-2015-7799/

https://www.suse.com/security/cve/CVE-2015-8215/

https://www.suse.com/security/cve/CVE-2015-8539/

https://www.suse.com/security/cve/CVE-2015-8543/

https://www.suse.com/security/cve/CVE-2015-8550/

https://www.suse.com/security/cve/CVE-2015-8551/

https://www.suse.com/security/cve/CVE-2015-8569/

https://www.suse.com/security/cve/CVE-2015-8575/

https://www.suse.com/security/cve/CVE-2015-8660/

https://www.suse.com/security/cve/CVE-2015-8767/

https://www.suse.com/security/cve/CVE-2015-8785/

https://www.suse.com/security/cve/CVE-2016-0723/

https://www.suse.com/security/cve/CVE-2016-2069/

http://www.nessus.org/u?45296e5e

Plugin Details

Severity: High

ID: 89022

File Name: suse_SU-2016-0585-1.nasl

Version: 2.13

Type: local

Agent: unix

Published: 2/29/2016

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:lttng-modules, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:lttng-modules-debugsource

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/25/2016

Vulnerability Publication Date: 10/19/2015

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Overlayfs Privilege Escalation)

Reference Information

CVE: CVE-2013-7446, CVE-2015-0272, CVE-2015-5707, CVE-2015-7550, CVE-2015-7799, CVE-2015-8215, CVE-2015-8539, CVE-2015-8543, CVE-2015-8550, CVE-2015-8551, CVE-2015-8569, CVE-2015-8575, CVE-2015-8660, CVE-2015-8767, CVE-2015-8785, CVE-2016-0723, CVE-2016-2069