SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2016:0911-1)

critical Nessus Plugin ID 90264

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

Following feature was added to kernel-xen :

- A improved XEN blkfront module was added, which allows more I/O bandwidth. (FATE#320200) It is called xen-blkfront in PV, and xen-vbd-upstream in HVM mode.

The following security bugs were fixed :

- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).

- CVE-2015-7515: An out of bounds memory access in the aiptek USB driver could be used by physical local attackers to crash the kernel (bnc#956708).

- CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel did not properly use a semaphore, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls (bnc#958951).

- CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c (bnc#958463).

- CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).

- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).

- CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).

- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).

- CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190 bnc#959399).

- CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not properly manage the relationship between a lock and a socket, which allowed local users to cause a denial of service (deadlock) via a crafted sctp_accept call (bnc#961509).

- CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).

- CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. This could be used by local attackers to cause machine crashes or potentially code execution (bsc#966437).

- CVE-2016-0723: Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call (bnc#961500).

- CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak to information leaks (bnc#963767).

- CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the umidi object which could lead to crashes (bsc#966693).

- CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA that could lead to crashes.
(bsc#967972).

- CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer handling were fixed.
(bsc#967975, bsc#967974, bsc#967973, bsc#968011, bsc#968012, bsc#968013).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-kernel-201603-12480=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-kernel-201603-12480=1

SUSE Linux Enterprise Server 11-EXTRA :

zypper in -t patch slexsp3-kernel-201603-12480=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-kernel-201603-12480=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-kernel-201603-12480=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=958463

https://bugzilla.suse.com/show_bug.cgi?id=958886

https://bugzilla.suse.com/show_bug.cgi?id=958906

https://bugzilla.suse.com/show_bug.cgi?id=958912

https://bugzilla.suse.com/show_bug.cgi?id=958951

https://bugzilla.suse.com/show_bug.cgi?id=959190

https://bugzilla.suse.com/show_bug.cgi?id=959312

https://bugzilla.suse.com/show_bug.cgi?id=959399

https://bugzilla.suse.com/show_bug.cgi?id=959649

https://bugzilla.suse.com/show_bug.cgi?id=959705

https://bugzilla.suse.com/show_bug.cgi?id=961500

https://bugzilla.suse.com/show_bug.cgi?id=961509

https://bugzilla.suse.com/show_bug.cgi?id=961516

https://bugzilla.suse.com/show_bug.cgi?id=758040

https://bugzilla.suse.com/show_bug.cgi?id=904035

https://bugzilla.suse.com/show_bug.cgi?id=912738

https://bugzilla.suse.com/show_bug.cgi?id=915183

https://bugzilla.suse.com/show_bug.cgi?id=924919

https://bugzilla.suse.com/show_bug.cgi?id=933782

https://bugzilla.suse.com/show_bug.cgi?id=937444

https://bugzilla.suse.com/show_bug.cgi?id=940017

https://bugzilla.suse.com/show_bug.cgi?id=940946

https://bugzilla.suse.com/show_bug.cgi?id=942082

https://bugzilla.suse.com/show_bug.cgi?id=947128

https://bugzilla.suse.com/show_bug.cgi?id=948330

https://bugzilla.suse.com/show_bug.cgi?id=949298

https://bugzilla.suse.com/show_bug.cgi?id=951392

https://bugzilla.suse.com/show_bug.cgi?id=951815

https://bugzilla.suse.com/show_bug.cgi?id=952976

https://bugzilla.suse.com/show_bug.cgi?id=953369

https://bugzilla.suse.com/show_bug.cgi?id=954992

https://bugzilla.suse.com/show_bug.cgi?id=955308

https://bugzilla.suse.com/show_bug.cgi?id=955654

https://bugzilla.suse.com/show_bug.cgi?id=955837

https://bugzilla.suse.com/show_bug.cgi?id=955925

https://bugzilla.suse.com/show_bug.cgi?id=956084

https://bugzilla.suse.com/show_bug.cgi?id=956375

https://bugzilla.suse.com/show_bug.cgi?id=956514

https://bugzilla.suse.com/show_bug.cgi?id=956708

https://bugzilla.suse.com/show_bug.cgi?id=956949

https://bugzilla.suse.com/show_bug.cgi?id=957986

https://bugzilla.suse.com/show_bug.cgi?id=957988

https://bugzilla.suse.com/show_bug.cgi?id=957990

https://bugzilla.suse.com/show_bug.cgi?id=958000

https://bugzilla.suse.com/show_bug.cgi?id=963561

https://bugzilla.suse.com/show_bug.cgi?id=963765

https://bugzilla.suse.com/show_bug.cgi?id=963767

https://bugzilla.suse.com/show_bug.cgi?id=964201

https://bugzilla.suse.com/show_bug.cgi?id=961658

https://bugzilla.suse.com/show_bug.cgi?id=962965

https://bugzilla.suse.com/show_bug.cgi?id=963276

https://bugzilla.suse.com/show_bug.cgi?id=964818

https://bugzilla.suse.com/show_bug.cgi?id=966094

https://bugzilla.suse.com/show_bug.cgi?id=966137

https://bugzilla.suse.com/show_bug.cgi?id=966437

https://bugzilla.suse.com/show_bug.cgi?id=966693

https://bugzilla.suse.com/show_bug.cgi?id=967042

https://bugzilla.suse.com/show_bug.cgi?id=967972

https://bugzilla.suse.com/show_bug.cgi?id=967973

https://bugzilla.suse.com/show_bug.cgi?id=967974

https://bugzilla.suse.com/show_bug.cgi?id=967975

https://bugzilla.suse.com/show_bug.cgi?id=968011

https://bugzilla.suse.com/show_bug.cgi?id=968012

https://bugzilla.suse.com/show_bug.cgi?id=968013

https://bugzilla.suse.com/show_bug.cgi?id=969307

https://www.suse.com/security/cve/CVE-2013-7446/

https://www.suse.com/security/cve/CVE-2015-7515/

https://www.suse.com/security/cve/CVE-2015-7550/

https://www.suse.com/security/cve/CVE-2015-8539/

https://www.suse.com/security/cve/CVE-2015-8543/

https://www.suse.com/security/cve/CVE-2015-8550/

https://www.suse.com/security/cve/CVE-2015-8551/

https://www.suse.com/security/cve/CVE-2015-8552/

https://www.suse.com/security/cve/CVE-2015-8569/

https://www.suse.com/security/cve/CVE-2015-8575/

https://www.suse.com/security/cve/CVE-2015-8767/

https://www.suse.com/security/cve/CVE-2015-8785/

https://www.suse.com/security/cve/CVE-2015-8812/

https://www.suse.com/security/cve/CVE-2016-0723/

https://www.suse.com/security/cve/CVE-2016-2069/

https://www.suse.com/security/cve/CVE-2016-2384/

https://www.suse.com/security/cve/CVE-2016-2543/

https://www.suse.com/security/cve/CVE-2016-2544/

https://www.suse.com/security/cve/CVE-2016-2545/

https://www.suse.com/security/cve/CVE-2016-2546/

https://www.suse.com/security/cve/CVE-2016-2547/

https://www.suse.com/security/cve/CVE-2016-2548/

https://www.suse.com/security/cve/CVE-2016-2549/

http://www.nessus.org/u?97a0fcf5

Plugin Details

Severity: Critical

ID: 90264

File Name: suse_SU-2016-0911-1.nasl

Version: 1.13

Type: local

Agent: unix

Published: 4/1/2016

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-trace-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:kernel-pae-extra, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-xen-extra, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-pae-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/30/2016

Vulnerability Publication Date: 12/28/2015

Reference Information

CVE: CVE-2013-7446, CVE-2015-7515, CVE-2015-7550, CVE-2015-8539, CVE-2015-8543, CVE-2015-8550, CVE-2015-8551, CVE-2015-8552, CVE-2015-8569, CVE-2015-8575, CVE-2015-8767, CVE-2015-8785, CVE-2015-8812, CVE-2016-0723, CVE-2016-2069, CVE-2016-2384, CVE-2016-2543, CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547, CVE-2016-2548, CVE-2016-2549