SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2912-1)

high Nessus Plugin ID 95368

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bsc#1004517).

- CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#995968).

- CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).

- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152).

- CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability (bnc#987542).

- CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748).

- CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608).

- CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).

- CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).

- CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462).

- CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001486).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch SUSE-SLE-WE-12-SP1-2016-1700=1

SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1700=1

SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1700=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1700=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch SUSE-SLE-Live-Patching-12-2016-1700=1

SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1700=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=992244

https://bugzilla.suse.com/show_bug.cgi?id=992555

https://bugzilla.suse.com/show_bug.cgi?id=992591

https://bugzilla.suse.com/show_bug.cgi?id=992593

https://bugzilla.suse.com/show_bug.cgi?id=992712

https://bugzilla.suse.com/show_bug.cgi?id=993392

https://bugzilla.suse.com/show_bug.cgi?id=993841

https://bugzilla.suse.com/show_bug.cgi?id=993890

https://bugzilla.suse.com/show_bug.cgi?id=993891

https://bugzilla.suse.com/show_bug.cgi?id=994296

https://bugzilla.suse.com/show_bug.cgi?id=994438

https://bugzilla.suse.com/show_bug.cgi?id=994520

https://bugzilla.suse.com/show_bug.cgi?id=994748

https://bugzilla.suse.com/show_bug.cgi?id=995153

https://bugzilla.suse.com/show_bug.cgi?id=995968

https://bugzilla.suse.com/show_bug.cgi?id=996664

https://bugzilla.suse.com/show_bug.cgi?id=997059

https://bugzilla.suse.com/show_bug.cgi?id=997299

https://bugzilla.suse.com/show_bug.cgi?id=997708

https://bugzilla.suse.com/show_bug.cgi?id=997896

https://bugzilla.suse.com/show_bug.cgi?id=998689

https://bugzilla.suse.com/show_bug.cgi?id=998795

https://bugzilla.suse.com/show_bug.cgi?id=998825

https://bugzilla.suse.com/show_bug.cgi?id=999577

https://bugzilla.suse.com/show_bug.cgi?id=999584

https://bugzilla.suse.com/show_bug.cgi?id=999600

https://bugzilla.suse.com/show_bug.cgi?id=999779

https://bugzilla.suse.com/show_bug.cgi?id=999907

https://bugzilla.suse.com/show_bug.cgi?id=999932

https://www.suse.com/security/cve/CVE-2015-8956/

https://bugzilla.suse.com/show_bug.cgi?id=1000189

https://bugzilla.suse.com/show_bug.cgi?id=1000287

https://bugzilla.suse.com/show_bug.cgi?id=1000304

https://bugzilla.suse.com/show_bug.cgi?id=1000776

https://bugzilla.suse.com/show_bug.cgi?id=1001419

https://bugzilla.suse.com/show_bug.cgi?id=1001486

https://bugzilla.suse.com/show_bug.cgi?id=1002165

https://bugzilla.suse.com/show_bug.cgi?id=1003079

https://bugzilla.suse.com/show_bug.cgi?id=1003153

https://bugzilla.suse.com/show_bug.cgi?id=1003400

https://bugzilla.suse.com/show_bug.cgi?id=1003568

https://bugzilla.suse.com/show_bug.cgi?id=1003866

https://bugzilla.suse.com/show_bug.cgi?id=1003925

https://bugzilla.suse.com/show_bug.cgi?id=1003964

https://bugzilla.suse.com/show_bug.cgi?id=1004252

https://bugzilla.suse.com/show_bug.cgi?id=1004462

https://bugzilla.suse.com/show_bug.cgi?id=1004517

https://bugzilla.suse.com/show_bug.cgi?id=1004520

https://bugzilla.suse.com/show_bug.cgi?id=1005666

https://bugzilla.suse.com/show_bug.cgi?id=1006691

https://bugzilla.suse.com/show_bug.cgi?id=1007615

https://bugzilla.suse.com/show_bug.cgi?id=1007886

https://bugzilla.suse.com/show_bug.cgi?id=744692

https://bugzilla.suse.com/show_bug.cgi?id=772786

https://bugzilla.suse.com/show_bug.cgi?id=789311

https://bugzilla.suse.com/show_bug.cgi?id=857397

https://bugzilla.suse.com/show_bug.cgi?id=860441

https://bugzilla.suse.com/show_bug.cgi?id=865545

https://bugzilla.suse.com/show_bug.cgi?id=866130

https://bugzilla.suse.com/show_bug.cgi?id=868923

https://bugzilla.suse.com/show_bug.cgi?id=874131

https://bugzilla.suse.com/show_bug.cgi?id=876463

https://bugzilla.suse.com/show_bug.cgi?id=898675

https://bugzilla.suse.com/show_bug.cgi?id=904489

https://bugzilla.suse.com/show_bug.cgi?id=909994

https://bugzilla.suse.com/show_bug.cgi?id=911687

https://bugzilla.suse.com/show_bug.cgi?id=915183

https://bugzilla.suse.com/show_bug.cgi?id=921338

https://bugzilla.suse.com/show_bug.cgi?id=921784

https://bugzilla.suse.com/show_bug.cgi?id=922064

https://bugzilla.suse.com/show_bug.cgi?id=922634

https://bugzilla.suse.com/show_bug.cgi?id=924381

https://bugzilla.suse.com/show_bug.cgi?id=924384

https://bugzilla.suse.com/show_bug.cgi?id=930399

https://bugzilla.suse.com/show_bug.cgi?id=931454

https://bugzilla.suse.com/show_bug.cgi?id=934067

https://bugzilla.suse.com/show_bug.cgi?id=937086

https://bugzilla.suse.com/show_bug.cgi?id=937888

https://bugzilla.suse.com/show_bug.cgi?id=940545

https://bugzilla.suse.com/show_bug.cgi?id=941420

https://bugzilla.suse.com/show_bug.cgi?id=946309

https://bugzilla.suse.com/show_bug.cgi?id=955446

https://bugzilla.suse.com/show_bug.cgi?id=956514

https://bugzilla.suse.com/show_bug.cgi?id=959463

https://bugzilla.suse.com/show_bug.cgi?id=961257

https://bugzilla.suse.com/show_bug.cgi?id=962846

https://bugzilla.suse.com/show_bug.cgi?id=966864

https://bugzilla.suse.com/show_bug.cgi?id=967640

https://bugzilla.suse.com/show_bug.cgi?id=970943

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=971989

https://bugzilla.suse.com/show_bug.cgi?id=974406

https://bugzilla.suse.com/show_bug.cgi?id=974620

https://bugzilla.suse.com/show_bug.cgi?id=975596

https://bugzilla.suse.com/show_bug.cgi?id=975772

https://bugzilla.suse.com/show_bug.cgi?id=976195

https://bugzilla.suse.com/show_bug.cgi?id=977687

https://bugzilla.suse.com/show_bug.cgi?id=978094

https://bugzilla.suse.com/show_bug.cgi?id=979451

https://bugzilla.suse.com/show_bug.cgi?id=979928

https://bugzilla.suse.com/show_bug.cgi?id=982783

https://bugzilla.suse.com/show_bug.cgi?id=983619

https://bugzilla.suse.com/show_bug.cgi?id=984194

https://bugzilla.suse.com/show_bug.cgi?id=984419

https://bugzilla.suse.com/show_bug.cgi?id=984779

https://bugzilla.suse.com/show_bug.cgi?id=984992

https://bugzilla.suse.com/show_bug.cgi?id=985562

https://bugzilla.suse.com/show_bug.cgi?id=986445

https://bugzilla.suse.com/show_bug.cgi?id=987192

https://bugzilla.suse.com/show_bug.cgi?id=987333

https://bugzilla.suse.com/show_bug.cgi?id=987542

https://bugzilla.suse.com/show_bug.cgi?id=987565

https://bugzilla.suse.com/show_bug.cgi?id=987621

https://bugzilla.suse.com/show_bug.cgi?id=987805

https://bugzilla.suse.com/show_bug.cgi?id=988440

https://bugzilla.suse.com/show_bug.cgi?id=988617

https://bugzilla.suse.com/show_bug.cgi?id=988715

https://bugzilla.suse.com/show_bug.cgi?id=989152

https://bugzilla.suse.com/show_bug.cgi?id=989953

https://bugzilla.suse.com/show_bug.cgi?id=990245

https://bugzilla.suse.com/show_bug.cgi?id=991247

https://bugzilla.suse.com/show_bug.cgi?id=991608

https://bugzilla.suse.com/show_bug.cgi?id=991665

https://www.suse.com/security/cve/CVE-2016-5696/

https://www.suse.com/security/cve/CVE-2016-6130/

https://www.suse.com/security/cve/CVE-2016-6327/

https://www.suse.com/security/cve/CVE-2016-6480/

https://www.suse.com/security/cve/CVE-2016-6828/

https://www.suse.com/security/cve/CVE-2016-7042/

https://www.suse.com/security/cve/CVE-2016-7097/

https://www.suse.com/security/cve/CVE-2016-7425/

https://www.suse.com/security/cve/CVE-2016-8658/

https://www.suse.com/security/cve/CVE-2016-8666/

http://www.nessus.org/u?0f1d2fea

Plugin Details

Severity: High

ID: 95368

File Name: suse_SU-2016-2912-1.nasl

Version: 3.8

Type: local

Agent: unix

Published: 11/28/2016

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-xen-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/25/2016

Vulnerability Publication Date: 7/3/2016

Reference Information

CVE: CVE-2015-8956, CVE-2016-5696, CVE-2016-6130, CVE-2016-6327, CVE-2016-6480, CVE-2016-6828, CVE-2016-7039, CVE-2016-7042, CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-8666