SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0575-1)

critical Nessus Plugin ID 97466

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2016-7117: Use-after-free vulnerability in the
__sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that was mishandled during error processing (bnc#1003077).

- CVE-2017-5576: Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call (bnc#1021294).

- CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel did not set an errno value upon certain overflow detections, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call (bnc#1021294).

- CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (bnc#1021258).

- CVE-2017-2583: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel improperly emulated a 'MOV SS, NULL selector' instruction, which allowed guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application (bnc#1020602).

- CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851).

- CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states 'there is no kernel bug here' (bnc#1010933).

- CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540).

- CVE-2017-5897: fixed a bug in the Linux kernel IPv6 implementation which allowed remote attackers to trigger an out-of-bounds access, leading to a denial-of-service attack (bnc#1023762).

- CVE-2017-5970: Fixed a possible denial-of-service that could have been triggered by sending bad IP options on a socket (bsc#1024938).

- CVE-2017-5986: an application could have triggered a BUG_ON() in sctp_wait_for_sndbuf() if the socket TX buffer was full, a thread was waiting on it to queue more data, and meanwhile another thread peeled off the association being used by the first thread (bsc#1025235).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch SUSE-SLE-WE-12-SP2-2017-300=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-300=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-300=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-300=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch SUSE-SLE-Live-Patching-12-2017-300=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch SUSE-SLE-HA-12-SP2-2017-300=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-300=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-300=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1007729

https://bugzilla.suse.com/show_bug.cgi?id=1008742

https://bugzilla.suse.com/show_bug.cgi?id=1009546

https://bugzilla.suse.com/show_bug.cgi?id=1009674

https://bugzilla.suse.com/show_bug.cgi?id=1009718

https://bugzilla.suse.com/show_bug.cgi?id=1009911

https://bugzilla.suse.com/show_bug.cgi?id=1010612

https://bugzilla.suse.com/show_bug.cgi?id=1010690

https://bugzilla.suse.com/show_bug.cgi?id=1010933

https://bugzilla.suse.com/show_bug.cgi?id=1011176

https://bugzilla.suse.com/show_bug.cgi?id=1011602

https://bugzilla.suse.com/show_bug.cgi?id=1011660

https://bugzilla.suse.com/show_bug.cgi?id=1011913

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1012422

https://bugzilla.suse.com/show_bug.cgi?id=1012829

https://bugzilla.suse.com/show_bug.cgi?id=1012910

https://bugzilla.suse.com/show_bug.cgi?id=1013000

https://bugzilla.suse.com/show_bug.cgi?id=1013001

https://bugzilla.suse.com/show_bug.cgi?id=1013273

https://bugzilla.suse.com/show_bug.cgi?id=1013540

https://bugzilla.suse.com/show_bug.cgi?id=1013792

https://bugzilla.suse.com/show_bug.cgi?id=1013994

https://bugzilla.suse.com/show_bug.cgi?id=1014120

https://bugzilla.suse.com/show_bug.cgi?id=1014410

https://bugzilla.suse.com/show_bug.cgi?id=1015038

https://bugzilla.suse.com/show_bug.cgi?id=1015367

https://bugzilla.suse.com/show_bug.cgi?id=1015840

https://bugzilla.suse.com/show_bug.cgi?id=1016250

https://bugzilla.suse.com/show_bug.cgi?id=1016403

https://bugzilla.suse.com/show_bug.cgi?id=1016517

https://bugzilla.suse.com/show_bug.cgi?id=1016884

https://bugzilla.suse.com/show_bug.cgi?id=1016979

https://bugzilla.suse.com/show_bug.cgi?id=1017164

https://bugzilla.suse.com/show_bug.cgi?id=964944

https://bugzilla.suse.com/show_bug.cgi?id=969476

https://bugzilla.suse.com/show_bug.cgi?id=969477

https://bugzilla.suse.com/show_bug.cgi?id=969479

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=974215

https://bugzilla.suse.com/show_bug.cgi?id=981709

https://bugzilla.suse.com/show_bug.cgi?id=982783

https://bugzilla.suse.com/show_bug.cgi?id=985561

https://bugzilla.suse.com/show_bug.cgi?id=987192

https://bugzilla.suse.com/show_bug.cgi?id=987576

https://bugzilla.suse.com/show_bug.cgi?id=989056

https://bugzilla.suse.com/show_bug.cgi?id=991273

https://bugzilla.suse.com/show_bug.cgi?id=998106

https://www.suse.com/security/cve/CVE-2015-8709/

https://www.suse.com/security/cve/CVE-2016-7117/

https://www.suse.com/security/cve/CVE-2016-9806/

https://www.suse.com/security/cve/CVE-2017-2583/

https://www.suse.com/security/cve/CVE-2017-2584/

https://www.suse.com/security/cve/CVE-2017-5551/

https://www.suse.com/security/cve/CVE-2017-5576/

https://www.suse.com/security/cve/CVE-2017-5577/

https://www.suse.com/security/cve/CVE-2017-5897/

https://www.suse.com/security/cve/CVE-2017-5970/

https://www.suse.com/security/cve/CVE-2017-5986/

http://www.nessus.org/u?91f8aa20

https://bugzilla.suse.com/show_bug.cgi?id=1017170

https://bugzilla.suse.com/show_bug.cgi?id=1017410

https://bugzilla.suse.com/show_bug.cgi?id=1018100

https://bugzilla.suse.com/show_bug.cgi?id=1018316

https://bugzilla.suse.com/show_bug.cgi?id=1018358

https://bugzilla.suse.com/show_bug.cgi?id=1018446

https://bugzilla.suse.com/show_bug.cgi?id=1018813

https://bugzilla.suse.com/show_bug.cgi?id=1018913

https://bugzilla.suse.com/show_bug.cgi?id=1019061

https://bugzilla.suse.com/show_bug.cgi?id=1019148

https://bugzilla.suse.com/show_bug.cgi?id=1019168

https://bugzilla.suse.com/show_bug.cgi?id=1019260

https://bugzilla.suse.com/show_bug.cgi?id=1019351

https://bugzilla.suse.com/show_bug.cgi?id=1019594

https://bugzilla.suse.com/show_bug.cgi?id=1019630

https://bugzilla.suse.com/show_bug.cgi?id=1019631

https://bugzilla.suse.com/show_bug.cgi?id=1019784

https://bugzilla.suse.com/show_bug.cgi?id=1019851

https://bugzilla.suse.com/show_bug.cgi?id=1020048

https://bugzilla.suse.com/show_bug.cgi?id=1020214

https://bugzilla.suse.com/show_bug.cgi?id=1020488

https://bugzilla.suse.com/show_bug.cgi?id=1020602

https://bugzilla.suse.com/show_bug.cgi?id=1020685

https://bugzilla.suse.com/show_bug.cgi?id=1020817

https://bugzilla.suse.com/show_bug.cgi?id=1020945

https://bugzilla.suse.com/show_bug.cgi?id=1020975

https://bugzilla.suse.com/show_bug.cgi?id=1021082

https://bugzilla.suse.com/show_bug.cgi?id=1021248

https://bugzilla.suse.com/show_bug.cgi?id=1021251

https://bugzilla.suse.com/show_bug.cgi?id=1021258

https://bugzilla.suse.com/show_bug.cgi?id=1021260

https://bugzilla.suse.com/show_bug.cgi?id=1021294

https://bugzilla.suse.com/show_bug.cgi?id=1021455

https://bugzilla.suse.com/show_bug.cgi?id=1021474

https://bugzilla.suse.com/show_bug.cgi?id=1022304

https://bugzilla.suse.com/show_bug.cgi?id=1022429

https://bugzilla.suse.com/show_bug.cgi?id=1022476

https://bugzilla.suse.com/show_bug.cgi?id=1022547

https://bugzilla.suse.com/show_bug.cgi?id=1022559

https://bugzilla.suse.com/show_bug.cgi?id=1022971

https://bugzilla.suse.com/show_bug.cgi?id=1023101

https://bugzilla.suse.com/show_bug.cgi?id=1023175

https://bugzilla.suse.com/show_bug.cgi?id=1023762

https://bugzilla.suse.com/show_bug.cgi?id=1023884

https://bugzilla.suse.com/show_bug.cgi?id=1023888

https://bugzilla.suse.com/show_bug.cgi?id=1024081

https://bugzilla.suse.com/show_bug.cgi?id=1024234

https://bugzilla.suse.com/show_bug.cgi?id=1024508

https://bugzilla.suse.com/show_bug.cgi?id=1024938

https://bugzilla.suse.com/show_bug.cgi?id=1025235

https://bugzilla.suse.com/show_bug.cgi?id=921494

https://bugzilla.suse.com/show_bug.cgi?id=959709

https://bugzilla.suse.com/show_bug.cgi?id=1000092

https://bugzilla.suse.com/show_bug.cgi?id=1000619

https://bugzilla.suse.com/show_bug.cgi?id=1003077

https://bugzilla.suse.com/show_bug.cgi?id=1005918

https://bugzilla.suse.com/show_bug.cgi?id=1006469

https://bugzilla.suse.com/show_bug.cgi?id=1006472

Plugin Details

Severity: Critical

ID: 97466

File Name: suse_SU-2017-0575-1.nasl

Version: 3.7

Type: local

Agent: unix

Published: 3/1/2017

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/28/2017

Vulnerability Publication Date: 2/8/2016

Reference Information

CVE: CVE-2015-8709, CVE-2016-7117, CVE-2016-9806, CVE-2017-2583, CVE-2017-2584, CVE-2017-5551, CVE-2017-5576, CVE-2017-5577, CVE-2017-5897, CVE-2017-5970, CVE-2017-5986