ID CVE-2013-6885 Type cve Reporter NVD Modified 2017-12-15T21:29:00
Description
The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.
{"result": {"xen": [{"lastseen": "2016-04-01T21:57:13", "references": [], "description": "#### ISSUE DESCRIPTION\nAMD CPU erratum 793 "Specific Combination of Writes to Write Combined Memory Types and Locked Instructions May Cause Core Hang" describes a situation under which a CPU core may hang.\n#### IMPACT\nA malicious guest administrator can mount a denial of service attack affecting the whole system.\n#### VULNERABLE SYSTEMS\nThe vulnerability is applicable only to family 16h model 00h-0fh AMD CPUs.\nSuch CPUs running Xen versions 3.3 onwards are vulnerable. We have not checked earlier versions of Xen.\nHVM guests can always exploit the vulnerability if it is present. PV guests can exploit the vulnerability only if they have been granted access to physical device(s).\nNon-AMD CPUs are not vulnerable.\nCREDITS\nThis issue's security impact was discovered by Jan Beulich.\n", "edition": 1, "reporter": "Xen Project", "published": "2013-12-02T17:13:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "xen", "title": "Guest triggerable AMD CPU erratum may cause host hang", "bulletinFamily": "software", "cvelist": ["CVE-2013-6885"], "modified": "2014-02-19T16:54:00", "id": "XSA-82", "href": "http://xenbits.xen.org/xsa/advisory-82.html", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2017-10-29T13:39:22", "references": ["http://www.nessus.org/u?a58a63e2"], "pluginID": "71477", "description": "HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "reporter": "Tenable", "published": "2013-12-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 18 : xen-4.2.3-11.fc18 (2013-22866)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6885"], "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:xen"], "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-22866.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22866.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71477);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:14 $\");\n\n script_cve_id(\"CVE-2013-6885\");\n script_xref(name:\"FEDORA\", value:\"2013-22866\");\n\n script_name(english:\"Fedora 18 : xen-4.2.3-11.fc18 (2013-22866)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82,\nCVE-2013-6885]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124199.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a58a63e2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"xen-4.2.3-11.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:41:00", "references": ["http://www.nessus.org/u?b318a069"], "pluginID": "79527", "edition": 4, "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - x86/AMD: work around erratum 793 The recommendation is to set a bit in an MSR - do this if the firmware didn't, considering that otherwise we expose ourselves to a guest induced DoS. This is CVE-2013-6885 / XSA-82.\n (CVE-2013-6885)", "reporter": "Tenable", "published": "2014-11-26T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "OracleVM 3.1 : xen (OVMSA-2013-0091)", "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6885"], "cpe": ["p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen", "cpe:/o:oracle:vm_server:3.1", "p-cpe:/a:oracle:vm:xen-tools"], "modified": "2017-02-14T00:00:00", "id": "ORACLEVM_OVMSA-2013-0091.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79527", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2013-0091.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79527);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2017/02/14 17:16:23 $\");\n\n script_cve_id(\"CVE-2013-6885\");\n script_bugtraq_id(63983);\n\n script_name(english:\"OracleVM 3.1 : xen (OVMSA-2013-0091)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86/AMD: work around erratum 793 The recommendation is\n to set a bit in an MSR - do this if the firmware didn't,\n considering that otherwise we expose ourselves to a\n guest induced DoS. This is CVE-2013-6885 / XSA-82.\n (CVE-2013-6885)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2013-December/000201.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b318a069\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.1\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.1\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-4.1.2-18.el5.116\")) flag++;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-devel-4.1.2-18.el5.116\")) flag++;\nif (rpm_check(release:\"OVS3.1\", reference:\"xen-tools-4.1.2-18.el5.116\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:38:07", "references": ["http://www.nessus.org/u?a1f666ab"], "pluginID": "71478", "description": "HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "reporter": "Tenable", "published": "2013-12-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 19 : xen-4.2.3-11.fc19 (2013-22888)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6885"], "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:xen"], "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-22888.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71478", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22888.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71478);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:14 $\");\n\n script_cve_id(\"CVE-2013-6885\");\n script_xref(name:\"FEDORA\", value:\"2013-22888\");\n\n script_name(english:\"Fedora 19 : xen-4.2.3-11.fc19 (2013-22888)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82,\nCVE-2013-6885]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124195.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1f666ab\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"xen-4.2.3-11.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:39:53", "references": ["http://www.nessus.org/u?ee1b3ea6"], "pluginID": "79526", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - x86/AMD: work around erratum 793 The recommendation is to set a bit in an MSR - do this if the firmware didn't, considering that otherwise we expose ourselves to a guest induced DoS. This is CVE-2013-6885 / XSA-82.\n (CVE-2013-6885)", "edition": 4, "reporter": "Tenable", "published": "2014-11-26T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "OracleVM 3.2 : xen (OVMSA-2013-0090)", "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6885"], "cpe": ["p-cpe:/a:oracle:vm:xen-devel", "cpe:/o:oracle:vm_server:3.2", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "modified": "2017-02-14T00:00:00", "id": "ORACLEVM_OVMSA-2013-0090.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2013-0090.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79526);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2017/02/14 17:16:23 $\");\n\n script_cve_id(\"CVE-2013-6885\");\n script_bugtraq_id(63983);\n\n script_name(english:\"OracleVM 3.2 : xen (OVMSA-2013-0090)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86/AMD: work around erratum 793 The recommendation is\n to set a bit in an MSR - do this if the firmware didn't,\n considering that otherwise we expose ourselves to a\n guest induced DoS. This is CVE-2013-6885 / XSA-82.\n (CVE-2013-6885)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2013-December/000200.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee1b3ea6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-4.1.3-25.el5.88.1\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-devel-4.1.3-25.el5.88.1\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-tools-4.1.3-25.el5.88.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:32:50", "references": ["http://www.nessus.org/u?9234e138"], "pluginID": "71422", "edition": 2, "description": "HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82, CVE-2013-6885]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "reporter": "Tenable", "published": "2013-12-14T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "Fedora 20 : xen-4.3.1-5.fc20 (2013-22754)", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6885"], "cpe": ["p-cpe:/a:fedoraproject:fedora:xen", "cpe:/o:fedoraproject:fedora:20"], "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-22754.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=71422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22754.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71422);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:47:13 $\");\n\n script_cve_id(\"CVE-2013-6885\");\n script_xref(name:\"FEDORA\", value:\"2013-22754\");\n\n script_name(english:\"Fedora 20 : xen-4.3.1-5.fc20 (2013-22754)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"HVM guest triggerable AMD CPU erratum may cause host hang [XSA-82,\nCVE-2013-6885]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9234e138\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"xen-4.3.1-5.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:36:09", "references": ["http://www.nessus.org/u?08185959"], "pluginID": "79528", "edition": 4, "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - x86/AMD: work around erratum 793 XSA-82 (Jan Beulich) [17884839] (CVE-2013-6885)", "reporter": "Tenable", "published": "2014-11-26T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "nessus", "title": "OracleVM 2.2 : xen (OVMSA-2013-0092)", "naslFamily": "OracleVM Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6885"], "cpe": ["p-cpe:/a:oracle:vm:xen-64", "p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen-debugger", "cpe:/o:oracle:vm_server:2.2", "p-cpe:/a:oracle:vm:xen-pvhvm-devel", "p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-tools"], "modified": "2017-02-14T00:00:00", "id": "ORACLEVM_OVMSA-2013-0092.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=79528", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2013-0092.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79528);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2017/02/14 17:16:23 $\");\n\n script_cve_id(\"CVE-2013-6885\");\n script_bugtraq_id(63983);\n\n script_name(english:\"OracleVM 2.2 : xen (OVMSA-2013-0092)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86/AMD: work around erratum 793 XSA-82 (Jan Beulich)\n [17884839] (CVE-2013-6885)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2013-December/000202.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08185959\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-pvhvm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:2.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"2\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 2.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-3.4.0-0.2.16.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-64-3.4.0-0.2.16.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-debugger-3.4.0-0.2.16.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-devel-3.4.0-0.2.16.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-pvhvm-devel-3.4.0-0.2.16.el5\")) flag++;\nif (rpm_check(release:\"OVS2.2\", reference:\"xen-tools-3.4.0-0.2.16.el5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:33:48", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=853048", "https://bugzilla.novell.com/show_bug.cgi?id=853049", "http://lists.opensuse.org/opensuse-updates/2014-04/msg00009.html", "https://bugzilla.novell.com/show_bug.cgi?id=831120"], "pluginID": "75313", "edition": 2, "description": "Xen was updated to fix security issues and bugs.\n\nUpdate to bug fix release Xen 4.3.2 c/s 27404\n\n - CVE-2013-6885: xen: XSA-82: A guest triggerable AMD CPU erratum may cause host hangs.\n\n - CVE-2013-6400: xen: XSA-80: IOMMU TLB flushing may be inadvertently suppressed, potentially leaking information to other guests.\n\n - CVE-2013-2212: xen: XSA-60: Excessive time to disable caching with HVM guests with PCI passthrough\n\n - pygrub: Support (/dev/xvda) style disk specifications", "reporter": "Tenable", "published": "2014-06-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "nessus", "title": "openSUSE Security Update : xen (openSUSE-SU-2014:0482-1)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4554", "CVE-2013-6400", "CVE-2013-4553", "CVE-2013-6885", "CVE-2013-2212"], "cpe": ["p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "cpe:/o:novell:opensuse:13.1"], "modified": "2014-06-13T00:00:00", "id": "OPENSUSE-2014-272.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75313", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-272.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75313);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:39:49 $\");\n\n script_cve_id(\"CVE-2013-2212\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6400\", \"CVE-2013-6885\");\n\n script_name(english:\"openSUSE Security Update : xen (openSUSE-SU-2014:0482-1)\");\n script_summary(english:\"Check for the openSUSE-2014-272 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Xen was updated to fix security issues and bugs.\n\nUpdate to bug fix release Xen 4.3.2 c/s 27404\n\n - CVE-2013-6885: xen: XSA-82: A guest triggerable AMD CPU\n erratum may cause host hangs.\n\n - CVE-2013-6400: xen: XSA-80: IOMMU TLB flushing may be\n inadvertently suppressed, potentially leaking\n information to other guests.\n\n - CVE-2013-2212: xen: XSA-60: Excessive time to disable\n caching with HVM guests with PCI passthrough\n\n - pygrub: Support (/dev/xvda) style disk specifications\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2014-04/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=831120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853049\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected xen packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.2_01_k3.11.10_7-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.2_01-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.2_01-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-07-10T06:01:26", "references": ["http://www.debian.org/security/2015/dsa-3128", "https://security-tracker.debian.org/tracker/CVE-2014-8133", "http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf", "https://security-tracker.debian.org/tracker/CVE-2013-6885", "https://packages.debian.org/source/wheezy/linux", "https://security-tracker.debian.org/tracker/CVE-2014-9419", "https://security-tracker.debian.org/tracker/CVE-2014-9529", "https://security-tracker.debian.org/tracker/CVE-2014-9584"], "pluginID": "80558", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n - CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133 It was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n - CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n - CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "edition": 3, "reporter": "Tenable", "published": "2015-01-16T00:00:00", "title": "Debian DSA-3128-1 : linux - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "id": "DEBIAN_DSA-3128.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=80558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3128. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80558);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/09 14:30:26\");\n\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9584\");\n script_bugtraq_id(63983, 71684, 71794, 71880, 71883);\n script_xref(name:\"DSA\", value:\"3128\");\n\n script_name(english:\"Debian DSA-3128-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or information leaks.\n\n - CVE-2013-6885\n It was discovered that under specific circumstances, a\n combination of write operations to write-combined memory\n and locked CPU instructions may cause a core hang on AMD\n 16h 00h through 0Fh processors. A local user can use\n this flaw to mount a denial of service (system hang) via\n a crafted application.\n\n For more information please refer to the AMD CPU erratum 793 in\n http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\n\n - CVE-2014-8133\n It was found that the espfix funcionality can be\n bypassed by installing a 16-bit RW data segment into GDT\n instead of LDT (which espfix checks for) and using it\n for stack. A local unprivileged user could potentially\n use this flaw to leak kernel stack addresses and thus\n allowing to bypass the ASLR protection mechanism.\n\n - CVE-2014-9419\n It was found that on Linux kernels compiled with the 32\n bit interfaces (CONFIG_X86_32) a malicious user program\n can do a partial ASLR bypass through TLS base addresses\n leak when attacking other programs.\n\n - CVE-2014-9529\n It was discovered that the Linux kernel is affected by a\n race condition flaw when doing key garbage collection,\n allowing local users to cause a denial of service\n (memory corruption or panic).\n\n - CVE-2014-9584\n It was found that the Linux kernel does not validate a\n length value in the Extensions Reference (ER) System Use\n Field, which allows local users to obtain sensitive\n information from kernel memory via a crafted iso9660\n image.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-8133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9529\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2014-9584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3128\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 3.2.65-1+deb7u1. Additionally this update fixes a\nsuspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux-doc-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-armhf\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-i386\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-ia64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mips\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-mipsel\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-all-sparc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-common-rt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-headers-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-486\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-4kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-5kc-malta\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-iop32x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-itanium\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-ixp4xx\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-kirkwood\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-loongson-2f\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mckinley\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mv78xx0\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-mx5\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-octeon\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-omap\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-orion5x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-powerpc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r4k-ip22\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-cobalt\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-r5k-ip32\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-686-pae-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-rt-amd64-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-dbg\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-s390x-tape\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1-bcm91250a\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sb1a-bcm91480b\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-sparc64-smp\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-versatile\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-image-3.2.0-4-vexpress\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-libc-dev\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-manual-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-source-3.2\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"linux-support-3.2.0-4\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-686-pae\", reference:\"3.2.65-1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"xen-linux-system-3.2.0-4-amd64\", reference:\"3.2.65-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:43:34", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=855825", "https://bugzilla.novell.com/show_bug.cgi?id=862957", "https://bugzilla.novell.com/show_bug.cgi?id=864058", "https://bugzilla.novell.com/show_bug.cgi?id=827670", "http://support.novell.com/security/cve/CVE-2014-0069.html", "https://bugzilla.novell.com/show_bug.cgi?id=862796", "https://bugzilla.novell.com/show_bug.cgi?id=846790", "https://bugzilla.novell.com/show_bug.cgi?id=864025", "https://bugzilla.novell.com/show_bug.cgi?id=863178", "https://bugzilla.novell.com/show_bug.cgi?id=853166", "https://bugzilla.novell.com/show_bug.cgi?id=863526", "https://bugzilla.novell.com/show_bug.cgi?id=859342", "https://bugzilla.novell.com/show_bug.cgi?id=854025", "http://support.novell.com/security/cve/CVE-2013-4470.html", "http://support.novell.com/security/cve/CVE-2013-7265.html", "https://bugzilla.novell.com/show_bug.cgi?id=852488", "https://bugzilla.novell.com/show_bug.cgi?id=853455", "https://bugzilla.novell.com/show_bug.cgi?id=857643", "http://support.novell.com/security/cve/CVE-2013-7263.html", "https://bugzilla.novell.com/show_bug.cgi?id=599263", "https://bugzilla.novell.com/show_bug.cgi?id=866428", "https://bugzilla.novell.com/show_bug.cgi?id=864880", "https://bugzilla.novell.com/show_bug.cgi?id=865342", "http://support.novell.com/security/cve/CVE-2013-7264.html", "https://bugzilla.novell.com/show_bug.cgi?id=854445", "http://support.novell.com/security/cve/CVE-2013-6885.html", "https://bugzilla.novell.com/show_bug.cgi?id=861093", "https://bugzilla.novell.com/show_bug.cgi?id=856848", "https://bugzilla.novell.com/show_bug.cgi?id=870801", "https://bugzilla.novell.com/show_bug.cgi?id=864833", "https://bugzilla.novell.com/show_bug.cgi?id=853162", "https://bugzilla.novell.com/show_bug.cgi?id=865783", "https://bugzilla.novell.com/show_bug.cgi?id=852967", "https://bugzilla.novell.com/show_bug.cgi?id=866253", "https://bugzilla.novell.com/show_bug.cgi?id=859225", "https://bugzilla.novell.com/show_bug.cgi?id=858604", "https://bugzilla.novell.com/show_bug.cgi?id=833968", "https://bugzilla.novell.com/show_bug.cgi?id=847672", "https://bugzilla.novell.com/show_bug.cgi?id=844513", "https://bugzilla.novell.com/show_bug.cgi?id=857358"], "pluginID": "73554", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.\n\n----------------------------------------------------------------------\n- WARNING: If you are running KVM with PCI pass-through on a system with one of the following Intel chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure to read the following support document before installing this update :\n\nhttps://www.suse.com/support/kb/doc.php?id=7014344\n\nYou will have to update your KVM setup to no longer make use of PCI pass-through before rebooting to the updated kernel.\n\n----------------------------------------------------------------------\n-\n\nThe following security bugs have been fixed :\n\n - The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672).\n (CVE-2013-4470)\n\n - The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#852967). (CVE-2013-6885)\n\n - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643). (CVE-2013-7263)\n\n - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643). (CVE-2013-7264)\n\n - The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643). (CVE-2013-7265)\n\n - The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (bnc#864025). (CVE-2014-0069)\n\nAlso the following non-security bugs have been fixed :\n\n - kabi: protect symbols modified by bnc#864833 fix.\n (bnc#864833)\n\n - mm: mempolicy: fix mbind_range() && vma_adjust() interaction (VM Functionality (bnc#866428)).\n\n - mm: merging memory blocks resets mempolicy (VM Functionality (bnc#866428)).\n\n - mm/page-writeback.c: do not count anon pages as dirtyable memory (High memory utilisation performance (bnc#859225)).\n\n - mm: vmscan: Do not force reclaim file pages until it exceeds anon (High memory utilisation performance (bnc#859225)).\n\n - mm: vmscan: fix endless loop in kswapd balancing (High memory utilisation performance (bnc#859225)).\n\n - mm: vmscan: Update rotated and scanned when force reclaimed (High memory utilisation performance (bnc#859225)).\n\n - mm: exclude memory less nodes from zone_reclaim.\n (bnc#863526)\n\n - mm: fix return type for functions nr_free_*_pages kabi fixup. (bnc#864058)\n\n - mm: fix return type for functions nr_free_*_pages.\n (bnc#864058)\n\n - mm: swap: Use swapfiles in priority order (Use swap files in priority order (bnc#862957)).\n\n - x86: Save cr2 in NMI in case NMIs take a page fault (follow-up for patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch) .\n\n - powerpc: Add VDSO version of getcpu (fate#316816, bnc#854445).\n\n - vmscan: change type of vm_total_pages to unsigned long.\n (bnc#864058)\n\n - audit: dynamically allocate audit_names when not enough space is in the names array. (bnc#857358)\n\n - audit: make filetype matching consistent with other filters. (bnc#857358)\n\n - arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT.\n (bnc#863178)\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes.\n\n - privcmd: allow preempting long running user-mode originating hypercalls. (bnc#861093)\n\n - nohz: Check for nohz active instead of nohz enabled.\n (bnc#846790)\n\n - nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off. (bnc#846790)\n\n - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets. (bnc#844513)\n\n - balloon: do not crash in HVM-with-PoD guests.\n\n - crypto: s390 - fix des and des3_ede ctr concurrency issue (bnc#862796, LTC#103744).\n\n - crypto: s390 - fix des and des3_ede cbc concurrency issue (bnc#862796, LTC#103743).\n\n - kernel: oops due to linkage stack instructions (bnc#862796, LTC#103860).\n\n - crypto: s390 - fix concurrency issue in aes-ctr mode (bnc#862796, LTC#103742).\n\n - dump: Fix dump memory detection (bnc#862796,LTC#103575).\n\n - net: change type of virtio_chan->p9_max_pages.\n (bnc#864058)\n\n - inet: handle rt{,6}_bind_peer() failure correctly.\n (bnc#870801)\n\n - inet: Avoid potential NULL peer dereference.\n (bnc#864833)\n\n - inet: Hide route peer accesses behind helpers.\n (bnc#864833)\n\n - inet: Pass inetpeer root into inet_getpeer*() interfaces. (bnc#864833)\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds.\n (bnc#833968)\n\n - tcp: syncookies: reduce mss table to four values.\n (bnc#833968)\n\n - ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag.\n (bnc#865783)\n\n - ipv6: send router reachability probe if route has an unreachable gateway. (bnc#853162)\n\n - sctp: Implement quick failover draft from tsvwg.\n (bnc#827670)\n\n - ipvs: fix AF assignment in ip_vs_conn_new().\n (bnc#856848)\n\n - NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure. (bnc#853455)\n\n - btrfs: bugfix collection\n\n - fs/nfsd: change type of max_delegations, nfsd_drc_max_mem and nfsd_drc_mem_used. (bnc#864058)\n\n - fs/buffer.c: change type of max_buffer_heads to unsigned long. (bnc#864058)\n\n - ncpfs: fix rmdir returns Device or resource busy.\n (bnc#864880)\n\n - scsi_dh_alua: fixup RTPG retry delay miscalculation.\n (bnc#854025)\n\n - scsi_dh_alua: Simplify state machine. (bnc#854025)\n\n - xhci: Fix resume issues on Renesas chips in Samsung laptops. (bnc#866253)\n\n - bonding: disallow enslaving a bond to itself.\n (bnc#599263)\n\n - USB: hub: handle -ETIMEDOUT during enumeration.\n (bnc#855825)\n\n - dm-multipath: Do not stall on invalid ioctls.\n (bnc#865342)\n\n - scsi_dh_alua: endless STPG retries for a failed LUN.\n (bnc#865342)\n\n - net/mlx4_en: Fix pages never dma unmapped on rx.\n (bnc#858604)\n\n - dlm: remove get_comm. (bnc#827670)\n\n - dlm: Avoid LVB truncation. (bnc#827670)\n\n - dlm: disable nagle for SCTP. (bnc#827670)\n\n - dlm: retry failed SCTP sends. (bnc#827670)\n\n - dlm: try other IPs when sctp init assoc fails.\n (bnc#827670)\n\n - dlm: clear correct bit during sctp init failure handling. (bnc#827670)\n\n - dlm: set sctp assoc id during setup. (bnc#827670)\n\n - dlm: clear correct init bit during sctp setup.\n (bnc#827670)\n\n - dlm: fix deadlock between dlm_send and dlm_controld.\n (bnc#827670)\n\n - dlm: Fix return value from lockspace_busy().\n (bnc#827670)\n\n - Avoid occasional hang with NFS. (bnc#852488)\n\n - mpt2sas: Fix unsafe using smp_processor_id() in preemptible. (bnc#853166)\n\n - lockd: send correct lock when granting a delayed lock.\n (bnc#859342)", "edition": 2, "reporter": "Tenable", "published": "2014-04-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "nessus", "title": "SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9102 / 9104 / 9105)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7263", "CVE-2013-6885", "CVE-2013-4470", "CVE-2014-0069"], "cpe": ["p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default"], "modified": "2014-04-17T00:00:00", "id": "SUSE_11_KERNEL-140408.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73554", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73554);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/04/17 10:42:09 $\");\n\n script_cve_id(\"CVE-2013-4470\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2014-0069\");\n\n script_name(english:\"SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9102 / 9104 / 9105)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to\nfix various bugs and security issues.\n\n----------------------------------------------------------------------\n- WARNING: If you are running KVM with PCI pass-through on a system\nwith one of the following Intel chipsets: 5500 (revision 0x13), 5520\n(revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure\nto read the following support document before installing this update :\n\nhttps://www.suse.com/support/kb/doc.php?id=7014344\n\nYou will have to update your KVM setup to no longer make use of PCI\npass-through before rebooting to the updated kernel.\n\n----------------------------------------------------------------------\n-\n\nThe following security bugs have been fixed :\n\n - The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize\n certain data structures, which allows local users to\n cause a denial of service (memory corruption and system\n crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call and sends both short and long\n packets, related to the ip_ufo_append_data function in\n net/ipv4/ip_output.c and the ip6_ufo_append_data\n function in net/ipv6/ip6_output.c. (bnc#847672).\n (CVE-2013-4470)\n\n - The microcode on AMD 16h 00h through 0Fh processors does\n not properly handle the interaction between locked\n instructions and write-combined memory types, which\n allows local users to cause a denial of service (system\n hang) via a crafted application, aka the errata 793\n issue. (bnc#852967). (CVE-2013-6885)\n\n - The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures\n have been initialized, which allows local users to\n obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643). (CVE-2013-7263)\n\n - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel stack memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643). (CVE-2013-7264)\n\n - The pn_recvmsg function in net/phonet/datagram.c in the\n Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel stack memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643). (CVE-2013-7265)\n\n - The cifs_iovec_write function in fs/cifs/file.c in the\n Linux kernel through 3.13.5 does not properly handle\n uncached write operations that copy fewer than the\n requested number of bytes, which allows local users to\n obtain sensitive information from kernel memory, cause a\n denial of service (memory corruption and system crash),\n or possibly gain privileges via a writev system call\n with a crafted pointer. (bnc#864025). (CVE-2014-0069)\n\nAlso the following non-security bugs have been fixed :\n\n - kabi: protect symbols modified by bnc#864833 fix.\n (bnc#864833)\n\n - mm: mempolicy: fix mbind_range() && vma_adjust()\n interaction (VM Functionality (bnc#866428)).\n\n - mm: merging memory blocks resets mempolicy (VM\n Functionality (bnc#866428)).\n\n - mm/page-writeback.c: do not count anon pages as\n dirtyable memory (High memory utilisation performance\n (bnc#859225)).\n\n - mm: vmscan: Do not force reclaim file pages until it\n exceeds anon (High memory utilisation performance\n (bnc#859225)).\n\n - mm: vmscan: fix endless loop in kswapd balancing (High\n memory utilisation performance (bnc#859225)).\n\n - mm: vmscan: Update rotated and scanned when force\n reclaimed (High memory utilisation performance\n (bnc#859225)).\n\n - mm: exclude memory less nodes from zone_reclaim.\n (bnc#863526)\n\n - mm: fix return type for functions nr_free_*_pages kabi\n fixup. (bnc#864058)\n\n - mm: fix return type for functions nr_free_*_pages.\n (bnc#864058)\n\n - mm: swap: Use swapfiles in priority order (Use swap\n files in priority order (bnc#862957)).\n\n - x86: Save cr2 in NMI in case NMIs take a page fault\n (follow-up for\n patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch)\n .\n\n - powerpc: Add VDSO version of getcpu (fate#316816,\n bnc#854445).\n\n - vmscan: change type of vm_total_pages to unsigned long.\n (bnc#864058)\n\n - audit: dynamically allocate audit_names when not enough\n space is in the names array. (bnc#857358)\n\n - audit: make filetype matching consistent with other\n filters. (bnc#857358)\n\n - arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT.\n (bnc#863178)\n\n - hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n\n - privcmd: allow preempting long running user-mode\n originating hypercalls. (bnc#861093)\n\n - nohz: Check for nohz active instead of nohz enabled.\n (bnc#846790)\n\n - nohz: Fix another inconsistency between CONFIG_NO_HZ=n\n and nohz=off. (bnc#846790)\n\n - iommu/vt-d: add quirk for broken interrupt remapping on\n 55XX chipsets. (bnc#844513)\n\n - balloon: do not crash in HVM-with-PoD guests.\n\n - crypto: s390 - fix des and des3_ede ctr concurrency\n issue (bnc#862796, LTC#103744).\n\n - crypto: s390 - fix des and des3_ede cbc concurrency\n issue (bnc#862796, LTC#103743).\n\n - kernel: oops due to linkage stack instructions\n (bnc#862796, LTC#103860).\n\n - crypto: s390 - fix concurrency issue in aes-ctr mode\n (bnc#862796, LTC#103742).\n\n - dump: Fix dump memory detection (bnc#862796,LTC#103575).\n\n - net: change type of virtio_chan->p9_max_pages.\n (bnc#864058)\n\n - inet: handle rt{,6}_bind_peer() failure correctly.\n (bnc#870801)\n\n - inet: Avoid potential NULL peer dereference.\n (bnc#864833)\n\n - inet: Hide route peer accesses behind helpers.\n (bnc#864833)\n\n - inet: Pass inetpeer root into inet_getpeer*()\n interfaces. (bnc#864833)\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds.\n (bnc#833968)\n\n - tcp: syncookies: reduce mss table to four values.\n (bnc#833968)\n\n - ipv6 routing, NLM_F_* flag support: REPLACE and EXCL\n flags support, warn about missing CREATE flag.\n (bnc#865783)\n\n - ipv6: send router reachability probe if route has an\n unreachable gateway. (bnc#853162)\n\n - sctp: Implement quick failover draft from tsvwg.\n (bnc#827670)\n\n - ipvs: fix AF assignment in ip_vs_conn_new().\n (bnc#856848)\n\n - NFSD/sunrpc: avoid deadlock on TCP connection due to\n memory pressure. (bnc#853455)\n\n - btrfs: bugfix collection\n\n - fs/nfsd: change type of max_delegations,\n nfsd_drc_max_mem and nfsd_drc_mem_used. (bnc#864058)\n\n - fs/buffer.c: change type of max_buffer_heads to unsigned\n long. (bnc#864058)\n\n - ncpfs: fix rmdir returns Device or resource busy.\n (bnc#864880)\n\n - scsi_dh_alua: fixup RTPG retry delay miscalculation.\n (bnc#854025)\n\n - scsi_dh_alua: Simplify state machine. (bnc#854025)\n\n - xhci: Fix resume issues on Renesas chips in Samsung\n laptops. (bnc#866253)\n\n - bonding: disallow enslaving a bond to itself.\n (bnc#599263)\n\n - USB: hub: handle -ETIMEDOUT during enumeration.\n (bnc#855825)\n\n - dm-multipath: Do not stall on invalid ioctls.\n (bnc#865342)\n\n - scsi_dh_alua: endless STPG retries for a failed LUN.\n (bnc#865342)\n\n - net/mlx4_en: Fix pages never dma unmapped on rx.\n (bnc#858604)\n\n - dlm: remove get_comm. (bnc#827670)\n\n - dlm: Avoid LVB truncation. (bnc#827670)\n\n - dlm: disable nagle for SCTP. (bnc#827670)\n\n - dlm: retry failed SCTP sends. (bnc#827670)\n\n - dlm: try other IPs when sctp init assoc fails.\n (bnc#827670)\n\n - dlm: clear correct bit during sctp init failure\n handling. (bnc#827670)\n\n - dlm: set sctp assoc id during setup. (bnc#827670)\n\n - dlm: clear correct init bit during sctp setup.\n (bnc#827670)\n\n - dlm: fix deadlock between dlm_send and dlm_controld.\n (bnc#827670)\n\n - dlm: Fix return value from lockspace_busy().\n (bnc#827670)\n\n - Avoid occasional hang with NFS. (bnc#852488)\n\n - mpt2sas: Fix unsafe using smp_processor_id() in\n preemptible. (bnc#853166)\n\n - lockd: send correct lock when granting a delayed lock.\n (bnc#859342)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=599263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=844513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=847672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=861093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=870801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7263.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7264.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7265.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0069.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 9102 / 9104 / 9105 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-source-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-syms-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.21-0.7.12\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-source-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-syms-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.21-0.7.12\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-29T13:37:48", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=855825", "https://bugzilla.novell.com/show_bug.cgi?id=862957", "https://bugzilla.novell.com/show_bug.cgi?id=864058", "https://bugzilla.novell.com/show_bug.cgi?id=827670", "http://support.novell.com/security/cve/CVE-2014-0069.html", "https://bugzilla.novell.com/show_bug.cgi?id=862796", "https://bugzilla.novell.com/show_bug.cgi?id=846790", "https://bugzilla.novell.com/show_bug.cgi?id=864025", "https://bugzilla.novell.com/show_bug.cgi?id=863178", "https://bugzilla.novell.com/show_bug.cgi?id=853166", "https://bugzilla.novell.com/show_bug.cgi?id=863526", "https://bugzilla.novell.com/show_bug.cgi?id=859342", "https://bugzilla.novell.com/show_bug.cgi?id=854025", "http://support.novell.com/security/cve/CVE-2013-4470.html", "http://support.novell.com/security/cve/CVE-2013-7265.html", "https://bugzilla.novell.com/show_bug.cgi?id=852488", "https://bugzilla.novell.com/show_bug.cgi?id=853455", "https://bugzilla.novell.com/show_bug.cgi?id=857643", "https://bugzilla.novell.com/show_bug.cgi?id=855885", "http://support.novell.com/security/cve/CVE-2013-7263.html", "https://bugzilla.novell.com/show_bug.cgi?id=599263", "https://bugzilla.novell.com/show_bug.cgi?id=866428", "https://bugzilla.novell.com/show_bug.cgi?id=864880", "https://bugzilla.novell.com/show_bug.cgi?id=865342", "http://support.novell.com/security/cve/CVE-2013-7264.html", "https://bugzilla.novell.com/show_bug.cgi?id=854445", "http://support.novell.com/security/cve/CVE-2013-6885.html", "https://bugzilla.novell.com/show_bug.cgi?id=861093", "https://bugzilla.novell.com/show_bug.cgi?id=856848", "https://bugzilla.novell.com/show_bug.cgi?id=864833", "https://bugzilla.novell.com/show_bug.cgi?id=853162", "https://bugzilla.novell.com/show_bug.cgi?id=865783", "https://bugzilla.novell.com/show_bug.cgi?id=852967", "https://bugzilla.novell.com/show_bug.cgi?id=866253", "https://bugzilla.novell.com/show_bug.cgi?id=859225", "https://bugzilla.novell.com/show_bug.cgi?id=858604", "https://bugzilla.novell.com/show_bug.cgi?id=833968", "https://bugzilla.novell.com/show_bug.cgi?id=847672", "https://bugzilla.novell.com/show_bug.cgi?id=844513", "https://bugzilla.novell.com/show_bug.cgi?id=857358"], "pluginID": "73244", "edition": 2, "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues.\n\n----------------------------------------------------------------------\n- WARNING: If you are running KVM with PCI pass-through on a system with one of the following Intel chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure to read the following support document before installing this update:\nhttps://www.suse.com/support/kb/doc.php?id=7014344 . You will have to update your KVM setup to no longer make use of PCI pass-through before rebooting to the updated kernel.\n----------------------------------------------------------------------\n-\n\nThe following security bugs were fixed :\n\n - The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672).\n (CVE-2013-4470)\n\n - The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. (bnc#852967). (CVE-2013-6885)\n\n - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643). (CVE-2013-7263)\n\n - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643). (CVE-2013-7264)\n\n - The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643). (CVE-2013-7265)\n\n - The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (bnc#864025). (CVE-2014-0069)\n\nThe following non-security bugs were fixed :\n\n - kabi: protect symbols modified by bnc#864833 fix.\n (bnc#864833)\n\n - mm: mempolicy: fix mbind_range() && vma_adjust() interaction (VM Functionality (bnc#866428)).\n\n - mm: merging memory blocks resets mempolicy (VM Functionality (bnc#866428)).\n\n - mm/page-writeback.c: do not count anon pages as dirtyable memory (High memory utilisation performance (bnc#859225)).\n\n - mm: vmscan: Do not force reclaim file pages until it exceeds anon (High memory utilisation performance (bnc#859225)).\n\n - mm: vmscan: fix endless loop in kswapd balancing (High memory utilisation performance (bnc#859225)).\n\n - mm: vmscan: Update rotated and scanned when force reclaimed (High memory utilisation performance (bnc#859225)).\n\n - mm: exclude memory less nodes from zone_reclaim.\n (bnc#863526)\n\n - mm: fix return type for functions nr_free_*_pages kabi fixup. (bnc#864058)\n\n - mm: fix return type for functions nr_free_*_pages.\n (bnc#864058)\n\n - mm: swap: Use swapfiles in priority order (Use swap files in priority order (bnc#862957)).\n\n - x86: Save cr2 in NMI in case NMIs take a page fault (follow-up for patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch) .\n\n - powerpc: Add VDSO version of getcpu (fate#316816, bnc#854445).\n\n - vmscan: change type of vm_total_pages to unsigned long.\n (bnc#864058)\n\n - audit: dynamically allocate audit_names when not enough space is in the names array. (bnc#857358)\n\n - audit: make filetype matching consistent with other filters. (bnc#857358)\n\n - arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT.\n (bnc#863178)\n\n - hwmon: (coretemp) Fix truncated name of alarm attributes.\n\n - privcmd: allow preempting long running user-mode originating hypercalls. (bnc#861093)\n\n - nohz: Check for nohz active instead of nohz enabled.\n (bnc#846790)\n\n - nohz: Fix another inconsistency between CONFIG_NO_HZ=n and nohz=off. (bnc#846790)\n\n - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets. (bnc#844513)\n\n - balloon: do not crash in HVM-with-PoD guests.\n\n - crypto: s390 - fix des and des3_ede ctr concurrency issue (bnc#862796, LTC#103744).\n\n - crypto: s390 - fix des and des3_ede cbc concurrency issue (bnc#862796, LTC#103743).\n\n - kernel: oops due to linkage stack instructions (bnc#862796, LTC#103860).\n\n - crypto: s390 - fix concurrency issue in aes-ctr mode (bnc#862796, LTC#103742).\n\n - dump: Fix dump memory detection (bnc#862796,LTC#103575).\n\n - net: change type of virtio_chan->p9_max_pages.\n (bnc#864058)\n\n - inet: Avoid potential NULL peer dereference.\n (bnc#864833)\n\n - inet: Hide route peer accesses behind helpers.\n (bnc#864833)\n\n - inet: Pass inetpeer root into inet_getpeer*() interfaces. (bnc#864833)\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds.\n (bnc#833968)\n\n - tcp: syncookies: reduce mss table to four values.\n (bnc#833968)\n\n - ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support, warn about missing CREATE flag.\n (bnc#865783)\n\n - ipv6: send router reachability probe if route has an unreachable gateway. (bnc#853162)\n\n - sctp: Implement quick failover draft from tsvwg.\n (bnc#827670)\n\n - ipvs: fix AF assignment in ip_vs_conn_new().\n (bnc#856848)\n\n - NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure. (bnc#853455)\n\n - btrfs: bugfix collection\n\n - fs/nfsd: change type of max_delegations, nfsd_drc_max_mem and nfsd_drc_mem_used. (bnc#864058)\n\n - fs/buffer.c: change type of max_buffer_heads to unsigned long. (bnc#864058)\n\n - ncpfs: fix rmdir returns Device or resource busy.\n (bnc#864880)\n\n - fs/fscache: Handle removal of unadded object to the fscache_object_list rb tree. (bnc#855885)\n\n - scsi_dh_alua: fixup RTPG retry delay miscalculation.\n (bnc#854025)\n\n - scsi_dh_alua: Simplify state machine. (bnc#854025)\n\n - xhci: Fix resume issues on Renesas chips in Samsung laptops. (bnc#866253)\n\n - bonding: disallow enslaving a bond to itself.\n (bnc#599263)\n\n - USB: hub: handle -ETIMEDOUT during enumeration.\n (bnc#855825)\n\n - dm-multipath: Do not stall on invalid ioctls.\n (bnc#865342)\n\n - scsi_dh_alua: endless STPG retries for a failed LUN.\n (bnc#865342)\n\n - net/mlx4_en: Fix pages never dma unmapped on rx.\n (bnc#858604)\n\n - dlm: remove get_comm. (bnc#827670)\n\n - dlm: Avoid LVB truncation. (bnc#827670)\n\n - dlm: disable nagle for SCTP. (bnc#827670)\n\n - dlm: retry failed SCTP sends. (bnc#827670)\n\n - dlm: try other IPs when sctp init assoc fails.\n (bnc#827670)\n\n - dlm: clear correct bit during sctp init failure handling. (bnc#827670)\n\n - dlm: set sctp assoc id during setup. (bnc#827670)\n\n - dlm: clear correct init bit during sctp setup.\n (bnc#827670)\n\n - dlm: fix deadlock between dlm_send and dlm_controld.\n (bnc#827670)\n\n - dlm: Fix return value from lockspace_busy().\n (bnc#827670)\n\n - Avoid occasional hang with NFS. (bnc#852488)\n\n - mpt2sas: Fix unsafe using smp_processor_id() in preemptible. (bnc#853166)\n\n - lockd: send correct lock when granting a delayed lock.\n (bnc#859342)", "reporter": "Tenable", "published": "2014-03-28T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "nessus", "title": "SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9047 / 9050 / 9051)", "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7263", "CVE-2013-6885", "CVE-2013-4470", "CVE-2014-0069"], "cpe": ["p-cpe:/a:novell:suse_linux:11:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:11:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:11:kernel-source", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:11:kernel-ec2", "p-cpe:/a:novell:suse_linux:11:kernel-trace-base", "p-cpe:/a:novell:suse_linux:11:kernel-default-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae", "p-cpe:/a:novell:suse_linux:11:kernel-xen-base", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:kernel-xen", "p-cpe:/a:novell:suse_linux:11:kernel-trace", "p-cpe:/a:novell:suse_linux:11:kernel-syms", "p-cpe:/a:novell:suse_linux:11:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:11:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:11:kernel-xen-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default-devel", "p-cpe:/a:novell:suse_linux:11:kernel-default-man", "p-cpe:/a:novell:suse_linux:11:xen-kmp-pae", "p-cpe:/a:novell:suse_linux:11:kernel-default-extra", "p-cpe:/a:novell:suse_linux:11:kernel-default", "p-cpe:/a:novell:suse_linux:11:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:11:xen-kmp-default"], "modified": "2014-06-13T00:00:00", "id": "SUSE_11_KERNEL-140321.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=73244", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated as the associated patch is\n# no longer available.\n#\n# Disabled on 2014/06/13.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73244);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/06/13 11:09:23 $\");\n\n script_cve_id(\"CVE-2013-4470\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2014-0069\");\n\n script_name(english:\"SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9047 / 9050 / 9051)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix\nvarious bugs and security issues.\n\n----------------------------------------------------------------------\n- WARNING: If you are running KVM with PCI pass-through on a system\nwith one of the following Intel chipsets: 5500 (revision 0x13), 5520\n(revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure\nto read the following support document before installing this update:\nhttps://www.suse.com/support/kb/doc.php?id=7014344 . You will have to\nupdate your KVM setup to no longer make use of PCI pass-through before\nrebooting to the updated kernel.\n----------------------------------------------------------------------\n-\n\nThe following security bugs were fixed :\n\n - The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize\n certain data structures, which allows local users to\n cause a denial of service (memory corruption and system\n crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a\n setsockopt system call and sends both short and long\n packets, related to the ip_ufo_append_data function in\n net/ipv4/ip_output.c and the ip6_ufo_append_data\n function in net/ipv6/ip6_output.c. (bnc#847672).\n (CVE-2013-4470)\n\n - The microcode on AMD 16h 00h through 0Fh processors does\n not properly handle the interaction between locked\n instructions and write-combined memory types, which\n allows local users to cause a denial of service (system\n hang) via a crafted application, aka the errata 793\n issue. (bnc#852967). (CVE-2013-6885)\n\n - The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures\n have been initialized, which allows local users to\n obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643). (CVE-2013-7263)\n\n - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel stack memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643). (CVE-2013-7264)\n\n - The pn_recvmsg function in net/phonet/datagram.c in the\n Linux kernel before 3.12.4 updates a certain length\n value before ensuring that an associated data structure\n has been initialized, which allows local users to obtain\n sensitive information from kernel stack memory via a (1)\n recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643). (CVE-2013-7265)\n\n - The cifs_iovec_write function in fs/cifs/file.c in the\n Linux kernel through 3.13.5 does not properly handle\n uncached write operations that copy fewer than the\n requested number of bytes, which allows local users to\n obtain sensitive information from kernel memory, cause a\n denial of service (memory corruption and system crash),\n or possibly gain privileges via a writev system call\n with a crafted pointer. (bnc#864025). (CVE-2014-0069)\n\nThe following non-security bugs were fixed :\n\n - kabi: protect symbols modified by bnc#864833 fix.\n (bnc#864833)\n\n - mm: mempolicy: fix mbind_range() && vma_adjust()\n interaction (VM Functionality (bnc#866428)).\n\n - mm: merging memory blocks resets mempolicy (VM\n Functionality (bnc#866428)).\n\n - mm/page-writeback.c: do not count anon pages as\n dirtyable memory (High memory utilisation performance\n (bnc#859225)).\n\n - mm: vmscan: Do not force reclaim file pages until it\n exceeds anon (High memory utilisation performance\n (bnc#859225)).\n\n - mm: vmscan: fix endless loop in kswapd balancing (High\n memory utilisation performance (bnc#859225)).\n\n - mm: vmscan: Update rotated and scanned when force\n reclaimed (High memory utilisation performance\n (bnc#859225)).\n\n - mm: exclude memory less nodes from zone_reclaim.\n (bnc#863526)\n\n - mm: fix return type for functions nr_free_*_pages kabi\n fixup. (bnc#864058)\n\n - mm: fix return type for functions nr_free_*_pages.\n (bnc#864058)\n\n - mm: swap: Use swapfiles in priority order (Use swap\n files in priority order (bnc#862957)).\n\n - x86: Save cr2 in NMI in case NMIs take a page fault\n (follow-up for\n patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch)\n .\n\n - powerpc: Add VDSO version of getcpu (fate#316816,\n bnc#854445).\n\n - vmscan: change type of vm_total_pages to unsigned long.\n (bnc#864058)\n\n - audit: dynamically allocate audit_names when not enough\n space is in the names array. (bnc#857358)\n\n - audit: make filetype matching consistent with other\n filters. (bnc#857358)\n\n - arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT.\n (bnc#863178)\n\n - hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n\n - privcmd: allow preempting long running user-mode\n originating hypercalls. (bnc#861093)\n\n - nohz: Check for nohz active instead of nohz enabled.\n (bnc#846790)\n\n - nohz: Fix another inconsistency between CONFIG_NO_HZ=n\n and nohz=off. (bnc#846790)\n\n - iommu/vt-d: add quirk for broken interrupt remapping on\n 55XX chipsets. (bnc#844513)\n\n - balloon: do not crash in HVM-with-PoD guests.\n\n - crypto: s390 - fix des and des3_ede ctr concurrency\n issue (bnc#862796, LTC#103744).\n\n - crypto: s390 - fix des and des3_ede cbc concurrency\n issue (bnc#862796, LTC#103743).\n\n - kernel: oops due to linkage stack instructions\n (bnc#862796, LTC#103860).\n\n - crypto: s390 - fix concurrency issue in aes-ctr mode\n (bnc#862796, LTC#103742).\n\n - dump: Fix dump memory detection (bnc#862796,LTC#103575).\n\n - net: change type of virtio_chan->p9_max_pages.\n (bnc#864058)\n\n - inet: Avoid potential NULL peer dereference.\n (bnc#864833)\n\n - inet: Hide route peer accesses behind helpers.\n (bnc#864833)\n\n - inet: Pass inetpeer root into inet_getpeer*()\n interfaces. (bnc#864833)\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds.\n (bnc#833968)\n\n - tcp: syncookies: reduce mss table to four values.\n (bnc#833968)\n\n - ipv6 routing, NLM_F_* flag support: REPLACE and EXCL\n flags support, warn about missing CREATE flag.\n (bnc#865783)\n\n - ipv6: send router reachability probe if route has an\n unreachable gateway. (bnc#853162)\n\n - sctp: Implement quick failover draft from tsvwg.\n (bnc#827670)\n\n - ipvs: fix AF assignment in ip_vs_conn_new().\n (bnc#856848)\n\n - NFSD/sunrpc: avoid deadlock on TCP connection due to\n memory pressure. (bnc#853455)\n\n - btrfs: bugfix collection\n\n - fs/nfsd: change type of max_delegations,\n nfsd_drc_max_mem and nfsd_drc_mem_used. (bnc#864058)\n\n - fs/buffer.c: change type of max_buffer_heads to unsigned\n long. (bnc#864058)\n\n - ncpfs: fix rmdir returns Device or resource busy.\n (bnc#864880)\n\n - fs/fscache: Handle removal of unadded object to the\n fscache_object_list rb tree. (bnc#855885)\n\n - scsi_dh_alua: fixup RTPG retry delay miscalculation.\n (bnc#854025)\n\n - scsi_dh_alua: Simplify state machine. (bnc#854025)\n\n - xhci: Fix resume issues on Renesas chips in Samsung\n laptops. (bnc#866253)\n\n - bonding: disallow enslaving a bond to itself.\n (bnc#599263)\n\n - USB: hub: handle -ETIMEDOUT during enumeration.\n (bnc#855825)\n\n - dm-multipath: Do not stall on invalid ioctls.\n (bnc#865342)\n\n - scsi_dh_alua: endless STPG retries for a failed LUN.\n (bnc#865342)\n\n - net/mlx4_en: Fix pages never dma unmapped on rx.\n (bnc#858604)\n\n - dlm: remove get_comm. (bnc#827670)\n\n - dlm: Avoid LVB truncation. (bnc#827670)\n\n - dlm: disable nagle for SCTP. (bnc#827670)\n\n - dlm: retry failed SCTP sends. (bnc#827670)\n\n - dlm: try other IPs when sctp init assoc fails.\n (bnc#827670)\n\n - dlm: clear correct bit during sctp init failure\n handling. (bnc#827670)\n\n - dlm: set sctp assoc id during setup. (bnc#827670)\n\n - dlm: clear correct init bit during sctp setup.\n (bnc#827670)\n\n - dlm: fix deadlock between dlm_send and dlm_controld.\n (bnc#827670)\n\n - dlm: Fix return value from lockspace_busy().\n (bnc#827670)\n\n - Avoid occasional hang with NFS. (bnc#852488)\n\n - mpt2sas: Fix unsafe using smp_processor_id() in\n preemptible. (bnc#853166)\n\n - lockd: send correct lock when granting a delayed lock.\n (bnc#859342)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=599263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=827670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=833968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=844513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=846790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=847672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=852967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=853455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=854445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=855885\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=856848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=857643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=858604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859225\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=859342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=861093\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=862957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=865783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-4470.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-6885.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7263.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7264.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2013-7265.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0069.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 9047 / 9050 / 9051 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"The associated patch is no longer available.\");\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-source-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-syms-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.18-0.7.5\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.18-0.7.5\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-source-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.18-0.7.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-default-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-source-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-syms-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"kernel-trace-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.18-0.7.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"i586\", reference:\"xen-kmp-pae-4.2.4_02_3.0.101_0.18-0.7.5\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, cpu:\"x86_64\", reference:\"xen-kmp-default-4.2.4_02_3.0.101_0.18-0.7.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-04-06T11:29:39", "references": ["http://www.debian.org/security/2015/dsa-3128.html"], "pluginID": "1361412562310703128", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service or\ninformation leaks.\n\nCVE-2013-6885\nIt was discovered that under specific circumstances, a combination\nof write operations to write-combined memory and locked CPU\ninstructions may cause a core hang on AMD 16h 00h through 0Fh\nprocessors. A local user can use this flaw to mount a denial of\nservice (system hang) via a crafted application.\n\nFor more information please refer to the AMD CPU erratum 793 in\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdfCVE-2014-8133 \nIt was found that the espfix funcionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses and\nthus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\nIt was found that on Linux kernels compiled with the 32 bit\ninterfaces (CONFIG_X86_32) a malicious user program can do a\npartial ASLR bypass through TLS base addresses leak when attacking\nother programs.\n\nCVE-2014-9529\nIt was discovered that the Linux kernel is affected by a race\ncondition flaw when doing key garbage collection, allowing local\nusers to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\nIt was found that the Linux kernel does not validate a length value\nin the Extensions Reference (ER) System Use Field, which allows\nlocal users to obtain sensitive information from kernel memory via a\ncrafted iso9660 image.", "edition": 1, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-01-15T00:00:00", "title": "Debian Security Advisory DSA 3128-1 (linux - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703128", "id": "OPENVAS:1361412562310703128", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3128.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3128-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703128\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\",\n \"CVE-2014-9584\");\n script_name(\"Debian Security Advisory DSA 3128-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-15 00:00:00 +0100 (Thu, 15 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3128.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume\nregression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service or\ninformation leaks.\n\nCVE-2013-6885\nIt was discovered that under specific circumstances, a combination\nof write operations to write-combined memory and locked CPU\ninstructions may cause a core hang on AMD 16h 00h through 0Fh\nprocessors. A local user can use this flaw to mount a denial of\nservice (system hang) via a crafted application.\n\nFor more information please refer to the AMD CPU erratum 793 in\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdfCVE-2014-8133 \nIt was found that the espfix funcionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses and\nthus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\nIt was found that on Linux kernels compiled with the 32 bit\ninterfaces (CONFIG_X86_32) a malicious user program can do a\npartial ASLR bypass through TLS base addresses leak when attacking\nother programs.\n\nCVE-2014-9529\nIt was discovered that the Linux kernel is affected by a race\ncondition flaw when doing key garbage collection, allowing local\nusers to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\nIt was found that the Linux kernel does not validate a length value\nin the Extensions Reference (ER) System Use Field, which allows\nlocal users to obtain sensitive information from kernel memory via a\ncrafted iso9660 image.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:27", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html", "2013-22754"], "pluginID": "867331", "description": "Check for the Version of xen", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-02-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for xen FEDORA-2013-22754", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4554", "CVE-2013-4553", "CVE-2013-6375", "CVE-2013-6885"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=867331", "id": "OPENVAS:867331", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2013-22754\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867331);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 19:33:25 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-6885\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2013-22754\");\n\n tag_insight = \"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\n\";\n\n tag_affected = \"xen on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22754\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html\");\n script_summary(\"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.1~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:53:52", "references": ["http://www.debian.org/security/2015/dsa-3128.html"], "pluginID": "703128", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service or\ninformation leaks.\n\nCVE-2013-6885\nIt was discovered that under specific circumstances, a combination\nof write operations to write-combined memory and locked CPU\ninstructions may cause a core hang on AMD 16h 00h through 0Fh\nprocessors. A local user can use this flaw to mount a denial of\nservice (system hang) via a crafted application.\n\nFor more information please refer to the AMD CPU erratum 793 in\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdfCVE-2014-8133 \nIt was found that the espfix funcionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses and\nthus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\nIt was found that on Linux kernels compiled with the 32 bit\ninterfaces (CONFIG_X86_32) a malicious user program can do a\npartial ASLR bypass through TLS base addresses leak when attacking\nother programs.\n\nCVE-2014-9529\nIt was discovered that the Linux kernel is affected by a race\ncondition flaw when doing key garbage collection, allowing local\nusers to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\nIt was found that the Linux kernel does not validate a length value\nin the Extensions Reference (ER) System Use Field, which allows\nlocal users to obtain sensitive information from kernel memory via a\ncrafted iso9660 image.", "edition": 2, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-01-15T00:00:00", "title": "Debian Security Advisory DSA 3128-1 (linux - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703128", "id": "OPENVAS:703128", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3128.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3128-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703128);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2013-6885\", \"CVE-2014-8133\", \"CVE-2014-9419\", \"CVE-2014-9529\",\n \"CVE-2014-9584\");\n script_name(\"Debian Security Advisory DSA 3128-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-15 00:00:00 +0100 (Thu, 15 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3128.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume\nregression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service or\ninformation leaks.\n\nCVE-2013-6885\nIt was discovered that under specific circumstances, a combination\nof write operations to write-combined memory and locked CPU\ninstructions may cause a core hang on AMD 16h 00h through 0Fh\nprocessors. A local user can use this flaw to mount a denial of\nservice (system hang) via a crafted application.\n\nFor more information please refer to the AMD CPU erratum 793 in\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdfCVE-2014-8133 \nIt was found that the espfix funcionality can be bypassed by\ninstalling a 16-bit RW data segment into GDT instead of LDT (which\nespfix checks for) and using it for stack. A local unprivileged user\ncould potentially use this flaw to leak kernel stack addresses and\nthus allowing to bypass the ASLR protection mechanism.\n\nCVE-2014-9419\nIt was found that on Linux kernels compiled with the 32 bit\ninterfaces (CONFIG_X86_32) a malicious user program can do a\npartial ASLR bypass through TLS base addresses leak when attacking\nother programs.\n\nCVE-2014-9529\nIt was discovered that the Linux kernel is affected by a race\ncondition flaw when doing key garbage collection, allowing local\nusers to cause a denial of service (memory corruption or panic).\n\nCVE-2014-9584\nIt was found that the Linux kernel does not validate a length value\nin the Extensions Reference (ER) System Use Field, which allows\nlocal users to obtain sensitive information from kernel memory via a\ncrafted iso9660 image.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.65-1+deb7u1\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:11:55", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html", "2013-22754"], "pluginID": "1361412562310867331", "description": "Check for the Version of xen", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-02-03T00:00:00", "title": "Fedora Update for xen FEDORA-2013-22754", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4554", "CVE-2013-4553", "CVE-2013-6375", "CVE-2013-6885"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867331", "id": "OPENVAS:1361412562310867331", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2013-22754\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867331\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 19:33:25 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-6885\", \"CVE-2013-4553\", \"CVE-2013-4554\", \"CVE-2013-6375\");\n script_tag(name:\"cvss_base\", value:\"7.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for xen FEDORA-2013-22754\");\n\n tag_insight = \"This package contains the XenD daemon and xm command line\ntools, needed to manage virtual machines running under the\nXen hypervisor\n\";\n\n tag_affected = \"xen on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22754\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of xen\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.1~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.9, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:15:43", "references": ["2014:0459_1"], "pluginID": "1361412562310850750", "description": "Check the version of Linux", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-13T00:00:00", "title": "SuSE Update for Linux SUSE-SU-2014:0459-1 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7263", "CVE-2013-6885", "CVE-2013-4470", "CVE-2014-0069"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850750", "id": "OPENVAS:1361412562310850750", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0459_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for Linux SUSE-SU-2014:0459-1 (Linux)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850750\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2013-4470\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\", \"CVE-2013-7265\", \"CVE-2014-0069\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Linux SUSE-SU-2014:0459-1 (Linux)\");\n script_tag(name: \"summary\", value: \"Check the version of Linux\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n The SUSE Linux Enterprise 11 Service Pack 3 kernel was\n updated to fix various bugs and security issues.\n\n ------------------------------------------------------------\n ------------ WARNING: If you are running KVM with PCI\n pass-through on a system with one of the following Intel\n chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or\n X58 (revisions 0x12, 0x13, 0x22), please make sure to read\n the following support document before installing this\n update:\nhttps://www.suse.com/support/kb/doc.php?id=7014344\nhttps://www.suse.com/support/kb/doc.php?id=7014344 . You\n will have to update your KVM setup to no longer make use\n of PCI pass-through before rebooting to the updated\n kernel.\n ------------------------------------------------------------\n ------------\n\n The following security bugs were fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP\n Fragmentation Offload (UFO) is enabled, does not properly\n initialize certain data structures, which allows local\n users to cause a denial of service (memory corruption and\n system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt\n system call and sends both short and long packets, related\n to the ip_ufo_append_data function in net/ipv4/ip_output.c\n and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through\n 0Fh processors does not properly handle the interaction\n between locked instructions and write-combined memory\n types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates\n certain length values before ensuring that associated data\n structures have been initialized, which allows local users\n to obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in\n net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4\n updates a certain length value before ensuring that an\n associated data structure has been initialized, which\n allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2 ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"Linux on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2014:0459_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.2.4_02_3.0.101_0.18~0.7.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64-base\", rpm:\"kernel-ppc64-base~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64-devel\", rpm:\"kernel-ppc64-devel~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.0.101~0.18.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.2.4_02_3.0.101_0.18~0.7.5\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-12T11:15:51", "references": ["2014:0531_1"], "pluginID": "1361412562310850762", "description": "Check the version of Linux", "edition": 4, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-10-13T00:00:00", "title": "SuSE Update for Linux SUSE-SU-2014:0531-1 (Linux)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7263", "CVE-2013-6885", "CVE-2013-4470", "CVE-2014-0069"], "modified": "2017-12-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850762", "id": "OPENVAS:1361412562310850762", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2014_0531_1.nasl 8046 2017-12-08 08:48:56Z santu $\n#\n# SuSE Update for Linux SUSE-SU-2014:0531-1 (Linux)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850762\");\n script_version(\"$Revision: 8046 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 09:48:56 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2013-4470\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7264\",\n \"CVE-2013-7265\", \"CVE-2014-0069\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for Linux SUSE-SU-2014:0531-1 (Linux)\");\n script_tag(name: \"summary\", value: \"Check the version of Linux\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"\n The SUSE Linux Enterprise 11 Service Pack 3 kernel has been\n updated to fix various bugs and security issues.\n\n ------------------------------------------------------------\n ------------ WARNING: If you are running KVM with PCI\n pass-through on a system with one of the following Intel\n chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or\n X58 (revisions 0x12, 0x13, 0x22), please make sure to read\n the following support document before installing this\n update:\n\nhttps://www.suse.com/support/kb/doc.php?id=7014344\nhttps://www.suse.com/support/kb/doc.php?id=7014344 \n\n You will have to update your KVM setup to no longer make\n use of PCI pass-through before rebooting to the updated\n kernel.\n\n ------------------------------------------------------------\n ------------\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP\n Fragmentation Offload (UFO) is enabled, does not properly\n initialize certain data structures, which allows local\n users to cause a denial of service (memory corruption and\n system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt\n system call and sends both short and long packets, related\n to the ip_ufo_append_data function in net/ipv4/ip_output.c\n and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through\n 0Fh processors does not properly handle the interaction\n between locked instructions and write-combined memory\n types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates\n certain length values before ensuring that associated data\n structures have been initialized, which allows local users\n to obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in\n net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4\n updates a certain length value before ensuring that an\n associated data structure has been initialized, which\n allows local users to obtain sensitive information from\n kernel stack memory via a (1) re ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"Linux on SUSE Linux Enterprise Server 11 SP3\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"SUSE-SU\", value: \"2014:0531_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"SLES11.0SP3\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.2.4_02_3.0.101_0.21~0.7.12\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64\", rpm:\"kernel-ppc64~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64-base\", rpm:\"kernel-ppc64-base~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ppc64-devel\", rpm:\"kernel-ppc64-devel~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.0.101~0.21.1\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.2.4_02_3.0.101_0.21~0.7.12\", rls:\"SLES11.0SP3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:48:41", "references": ["https://www.redhat.com/archives/rhsa-announce/2014-March/msg00017.html", "2014:0285-01"], "pluginID": "871139", "description": "Check for the Version of kernel", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-17T00:00:00", "title": "RedHat Update for kernel RHSA-2014:0285-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2013-4554", "CVE-2013-7263", "CVE-2013-4483", "CVE-2013-6885", "CVE-2013-6381"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=871139", "id": "OPENVAS:871139", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2014:0285-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871139);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 13:49:55 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-4483\", \"CVE-2013-4554\", \"CVE-2013-6381\",\n \"CVE-2013-6383\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for kernel RHSA-2014:0285-01\");\n\n tag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n* A flaw was found in the way the ipc_rcu_putref() function in the Linux\nkernel's IPC implementation handled reference counter decrementing.\nA local, unprivileged user could use this flaw to trigger an Out of Memory\n(OOM) condition and, potentially, crash the system. (CVE-2013-4483,\nModerate)\n\n* It was found that the Xen hypervisor implementation did not correctly\ncheck privileges of hypercall attempts made by HVM guests, allowing\nhypercalls to be invoked from protection rings 1 and 2 in addition to ring\n0. A local attacker in an HVM guest able to execute code on privilege\nlevels 1 and 2 could potentially use this flaw to further escalate their\nprivileges in that guest. Note: Xen HVM guests running unmodified versions\nof Red Hat Enterprise Linux and Microsoft Windows are not affected by this\nissue because they are known to only use protection rings 0 (kernel) and 3\n(userspace). (CVE-2013-4554, Moderate)\n\n* A flaw was found in the way the Linux kernel's Adaptec RAID controller\n(aacraid) checked permissions of compat IOCTLs. A local attacker could use\nthis flaw to bypass intended security restrictions. (CVE-2013-6383,\nModerate)\n\n* It was found that, under specific circumstances, a combination of write\noperations to write-combined memory and locked CPU instructions may cause a\ncore hang on certain AMD CPUs (for more information, refer to AMD CPU\nerratum 793 linked in the References section). A privileged user in a guest\nrunning under the Xen hypervisor could use this flaw to cause a denial of\nservice on the host system. This update adds a workaround to the Xen\nhypervisor implementation, which mitigates the AMD CPU issue. Note: this\nissue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs\nare not vulnerable. (CVE-2013-6885, Moderate)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls. (CVE-2013-7263, Low)\n\n* A flaw was found in the way the get_dumpable() func ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"kernel on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0285-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00017.html\");\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~371.6.1.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:12:51", "references": ["2014:0285", "http://lists.centos.org/pipermail/centos-announce/2014-March/020199.html"], "pluginID": "1361412562310881900", "description": "Check for the Version of kernel", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-17T00:00:00", "title": "CentOS Update for kernel CESA-2014:0285 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2013-4554", "CVE-2013-7263", "CVE-2013-4483", "CVE-2013-6885", "CVE-2013-6381"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881900", "id": "OPENVAS:1361412562310881900", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2014:0285 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881900\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 13:13:37 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-4483\", \"CVE-2013-4554\", \"CVE-2013-6381\",\n \"CVE-2013-6383\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for kernel CESA-2014:0285 centos5 \");\n\n tag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n* A flaw was found in the way the ipc_rcu_putref() function in the Linux\nkernel's IPC implementation handled reference counter decrementing.\nA local, unprivileged user could use this flaw to trigger an Out of Memory\n(OOM) condition and, potentially, crash the system. (CVE-2013-4483,\nModerate)\n\n* It was found that the Xen hypervisor implementation did not correctly\ncheck privileges of hypercall attempts made by HVM guests, allowing\nhypercalls to be invoked from protection rings 1 and 2 in addition to ring\n0. A local attacker in an HVM guest able to execute code on privilege\nlevels 1 and 2 could potentially use this flaw to further escalate their\nprivileges in that guest. Note: Xen HVM guests running unmodified versions\nof Red Hat Enterprise Linux and Microsoft Windows are not affected by this\nissue because they are known to only use protection rings 0 (kernel) and 3\n(userspace). (CVE-2013-4554, Moderate)\n\n* A flaw was found in the way the Linux kernel's Adaptec RAID controller\n(aacraid) checked permissions of compat IOCTLs. A local attacker could use\nthis flaw to bypass intended security restrictions. (CVE-2013-6383,\nModerate)\n\n* It was found that, under specific circumstances, a combination of write\noperations to write-combined memory and locked CPU instructions may cause a\ncore hang on certain AMD CPUs (for more information, refer to AMD CPU\nerratum 793 linked in the References section). A privileged user in a guest\nrunning under the Xen hypervisor could use this flaw to cause a denial of\nservice on the host system. This update adds a workaround to the Xen\nhypervisor implementation, which mitigates the AMD CPU issue. Note: this\nissue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs\nare not vulnerable. (CVE-2013-6885, Moderate)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls. (CVE-2013-7263, Low)\n\n* A flaw was found in the way the get_dumpable() function return value was\ninterpre ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"kernel on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0285\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-March/020199.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:53:16", "references": ["http://linux.oracle.com/errata/ELSA-2014-0285-1.html"], "pluginID": "1361412562310123448", "description": "Oracle Linux Local Security Checks ELSA-2014-0285-1", "edition": 2, "reporter": "Eero Volotinen", "published": "2015-10-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "Oracle Linux Local Check: ELSA-2014-0285-1", "type": "openvas", "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6383", "CVE-2013-2929", "CVE-2013-4554", "CVE-2013-7263", "CVE-2013-4483", "CVE-2013-6885", "CVE-2013-6381"], "modified": "2017-07-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123448", "id": "OPENVAS:1361412562310123448", "sourceData": "# OpenVAS Vulnerability Test \n# Description: Oracle Linux Local Check \n# $Id: ELSA-2014-0285-1.nasl 6559 2017-07-06 11:57:32Z cfischer $\n \n# Authors: \n# Eero Volotinen <eero.volotinen@solinor.com> \n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\nif(description)\n {\nscript_oid(\"1.3.6.1.4.1.25623.1.0.123448\");\nscript_version(\"$Revision: 6559 $\");\nscript_tag(name:\"creation_date\", value:\"2015-10-06 14:03:57 +0300 (Tue, 06 Oct 2015)\");\nscript_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 13:57:32 +0200 (Thu, 06 Jul 2017) $\");\nscript_name(\"Oracle Linux Local Check: ELSA-2014-0285-1\");\nscript_tag(name: \"insight\", value: \"ELSA-2014-0285-1 - kernel security, bug fix, and enhancement update - kernel[2.6.18-371.6.1.0.1]- i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649]- [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030]- [oprofile] export __get_user_pages_fast() function [orabug 14277030]- [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030]- [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030]- [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030]- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)- [x86] Fix lvt0 reset when hvm boot up with noapic param- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275]- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]- fix filp_close() race (Joe Jin) [orabug 10335998]- make xenkbd.abs_pointer=1 by default [orabug 67188919]- [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514]- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433]- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]- [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465]- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220]- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]- fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033]- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]- [ib] fix memory corruption (Andy Grover) [orabug 9972346]- [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203]- [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203]- [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]\"); \nscript_tag(name : \"solution\", value : \"update software\");\nscript_tag(name : \"solution_type\", value : \"VendorFix\");\nscript_tag(name : \"summary\", value : \"Oracle Linux Local Security Checks ELSA-2014-0285-1\");\nscript_xref(name : \"URL\" , value : \"http://linux.oracle.com/errata/ELSA-2014-0285-1.html\");\nscript_cve_id(\"CVE-2013-4554\",\"CVE-2013-2929\",\"CVE-2013-6381\",\"CVE-2013-7263\",\"CVE-2013-4483\",\"CVE-2013-6383\",\"CVE-2013-6885\");\nscript_tag(name:\"cvss_base\", value:\"6.9\");\nscript_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\nscript_tag(name:\"qod_type\", value:\"package\");\nscript_dependencies(\"gather-package-list.nasl\");\nscript_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\");\nscript_category(ACT_GATHER_INFO);\nscript_copyright(\"Eero Volotinen\");\nscript_family(\"Oracle Linux Local Security Checks\");\nexit(0);\n}\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\nrelease = get_kb_item(\"ssh/login/release\");\nres = \"\";\nif(release == NULL)\n{\n exit(0);\n}\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~371.6.1.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.6.1.0.1.el5~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.6.1.0.1.el5PAE~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.6.1.0.1.el5debug~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~371.6.1.0.1.el5xen~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.6.1.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.6.1.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.6.1.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~371.6.1.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0); \n }\n\n}\nif (__pkg_match) exit(99); #Not vulnerable\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:43", "references": ["2014:0285", "http://lists.centos.org/pipermail/centos-announce/2014-March/020199.html"], "pluginID": "881900", "description": "Check for the Version of kernel", "edition": 2, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-17T00:00:00", "title": "CentOS Update for kernel CESA-2014:0285 centos5 ", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2013-4554", "CVE-2013-7263", "CVE-2013-4483", "CVE-2013-6885", "CVE-2013-6381"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=881900", "id": "OPENVAS:881900", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2014:0285 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881900);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 13:13:37 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2013-2929\", \"CVE-2013-4483\", \"CVE-2013-4554\", \"CVE-2013-6381\",\n \"CVE-2013-6383\", \"CVE-2013-6885\", \"CVE-2013-7263\", \"CVE-2013-7265\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for kernel CESA-2014:0285 centos5 \");\n\n tag_insight = \"The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n* A flaw was found in the way the ipc_rcu_putref() function in the Linux\nkernel's IPC implementation handled reference counter decrementing.\nA local, unprivileged user could use this flaw to trigger an Out of Memory\n(OOM) condition and, potentially, crash the system. (CVE-2013-4483,\nModerate)\n\n* It was found that the Xen hypervisor implementation did not correctly\ncheck privileges of hypercall attempts made by HVM guests, allowing\nhypercalls to be invoked from protection rings 1 and 2 in addition to ring\n0. A local attacker in an HVM guest able to execute code on privilege\nlevels 1 and 2 could potentially use this flaw to further escalate their\nprivileges in that guest. Note: Xen HVM guests running unmodified versions\nof Red Hat Enterprise Linux and Microsoft Windows are not affected by this\nissue because they are known to only use protection rings 0 (kernel) and 3\n(userspace). (CVE-2013-4554, Moderate)\n\n* A flaw was found in the way the Linux kernel's Adaptec RAID controller\n(aacraid) checked permissions of compat IOCTLs. A local attacker could use\nthis flaw to bypass intended security restrictions. (CVE-2013-6383,\nModerate)\n\n* It was found that, under specific circumstances, a combination of write\noperations to write-combined memory and locked CPU instructions may cause a\ncore hang on certain AMD CPUs (for more information, refer to AMD CPU\nerratum 793 linked in the References section). A privileged user in a guest\nrunning under the Xen hypervisor could use this flaw to cause a denial of\nservice on the host system. This update adds a workaround to the Xen\nhypervisor implementation, which mitigates the AMD CPU issue. Note: this\nissue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs\nare not vulnerable. (CVE-2013-6885, Moderate)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls. (CVE-2013-7263, Low)\n\n* A flaw was found in the way the get_dumpable() function return value was\ninterpre ...\n\n Description truncated, for more information please check the Reference URL\";\n\n tag_affected = \"kernel on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0285\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-March/020199.html\");\n script_summary(\"Check for the Version of kernel\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~371.6.1.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-05-07T01:08:19", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-686-pae-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-686-pae-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-mx5_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-mx5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-all_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-orion5x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-orion5x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-orion5x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-orion5x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-vexpress_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-vexpress", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-rt-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-rt-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-kirkwood_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-kirkwood", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-mv78xx0_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-mv78xx0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-ixp4xx_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-ixp4xx", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-mx5_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-mx5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-versatile_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-versatile", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-amd64-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-amd64-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-686-pae-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-686-pae-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-rt-686-pae-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-rt-686-pae-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-mx5_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-mx5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-mv78xx0_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-mv78xx0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-mv78xx0_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-mv78xx0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "xen-linux-system-3.2.0-5-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "xen-linux-system-3.2.0-5-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-vexpress_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-vexpress", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "xen-linux-system-3.2.0-6-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "xen-linux-system-3.2.0-6-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-vexpress_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-vexpress", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-common-rt_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-common-rt", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-all-armhf_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-all-armhf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-486_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-486", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-orion5x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-orion5x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-all-i386_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-all-i386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-rt-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-rt-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-all-armel_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-all-armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-common_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-rt-amd64-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-rt-amd64-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-libc-dev_3.2.65-1+deb7u1_all.deb", "packageName": "linux-libc-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-omap_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-omap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-all-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-all-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-all-armhf_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-all-armhf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-rt-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-rt-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-common-rt_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-common-rt", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-omap_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-omap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-orion5x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-orion5x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-rt-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-rt-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-support-3.2.0-6_3.2.65-1+deb7u1_all.deb", "packageName": "linux-support-3.2.0-6", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-mv78xx0_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-mv78xx0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-rt-686-pae-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-rt-686-pae-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-iop32x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-iop32x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-common-rt_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-common-rt", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-rt-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-rt-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-all_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-versatile_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-versatile", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-kirkwood_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-kirkwood", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-rt-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-rt-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-486_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-486", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-iop32x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-iop32x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-orion5x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-orion5x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-versatile_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-versatile", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-iop32x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-iop32x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-mv78xx0_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-mv78xx0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-iop32x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-iop32x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-omap_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-omap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-vexpress_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-vexpress", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-support-3.2.0-4_3.2.65-1+deb7u1_all.deb", "packageName": "linux-support-3.2.0-4", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-mv78xx0_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-mv78xx0", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "xen-linux-system-3.2.0-4-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "xen-linux-system-3.2.0-4-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-kirkwood_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-kirkwood", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-rt-amd64-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-rt-amd64-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-all-i386_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-all-i386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-486_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-486", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-mx5_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-mx5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-ixp4xx_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-ixp4xx", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-rt-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-rt-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-amd64-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-amd64-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-all-i386_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-all-i386", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-486_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-486", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-rt-amd64-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-rt-amd64-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "xen-linux-system-3.2.0-4-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "xen-linux-system-3.2.0-4-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-all-armhf_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-all-armhf", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-all-armel_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-all-armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-iop32x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-iop32x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-mx5_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-mx5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-ixp4xx_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-ixp4xx", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-iop32x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-iop32x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-all_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-versatile_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-versatile", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-rt-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-rt-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-rt-686-pae-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-rt-686-pae-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-rt-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-rt-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "xen-linux-system-3.2.0-5-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "xen-linux-system-3.2.0-5-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-common_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-manual-3.2_3.2.65-1+deb7u1_all.deb", "packageName": "linux-manual-3.2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-vexpress_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-vexpress", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-omap_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-omap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-rt-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-rt-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-source-3.2_3.2.65-1+deb7u1_all.deb", "packageName": "linux-source-3.2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux_3.2.65-1+deb7u1_all.deb", "packageName": "linux", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-mx5_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-mx5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-omap_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-omap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-kirkwood_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-kirkwood", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-doc-3.2_3.2.65-1+deb7u1_all.deb", "packageName": "linux-doc-3.2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-orion5x_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-orion5x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-kirkwood_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-kirkwood", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-686-pae-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-686-pae-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-rt-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-rt-686-pae", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-support-3.2.0-5_3.2.65-1+deb7u1_all.deb", "packageName": "linux-support-3.2.0-5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-versatile_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-versatile", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "xen-linux-system-3.2.0-6-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "xen-linux-system-3.2.0-6-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-omap_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-omap", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-all-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-all-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-6-all-armel_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-6-all-armel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-versatile_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-versatile", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-rt-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-rt-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-ixp4xx_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-ixp4xx", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-vexpress_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-vexpress", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-common_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-ixp4xx_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-ixp4xx", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-486_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-486", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-4-kirkwood_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-4-kirkwood", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-ixp4xx_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-ixp4xx", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-6-486_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-6-486", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-headers-3.2.0-5-all-amd64_3.2.65-1+deb7u1_all.deb", "packageName": "linux-headers-3.2.0-5-all-amd64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-4-amd64-dbg_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-4-amd64-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "7", "packageVersion": "3.2.65-1+deb7u1", "arch": "all", "packageFilename": "linux-image-3.2.0-5-686-pae_3.2.65-1+deb7u1_all.deb", "packageName": "linux-image-3.2.0-5-686-pae", "operator": "lt"}], "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or information leaks.\n\n * [CVE-2013-6885](<https://security-tracker.debian.org/tracker/CVE-2013-6885>)\n\nIt was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\nFor more information please refer to the AMD CPU erratum 793 in <http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf>\n\n * [CVE-2014-8133](<https://security-tracker.debian.org/tracker/CVE-2014-8133>)\n\nIt was found that the espfix funcionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses and thus allowing to bypass the ASLR protection mechanism.\n\n * [CVE-2014-9419](<https://security-tracker.debian.org/tracker/CVE-2014-9419>)\n\nIt was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs.\n\n * [CVE-2014-9529](<https://security-tracker.debian.org/tracker/CVE-2014-9529>)\n\nIt was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic).\n\n * [CVE-2014-9584](<https://security-tracker.debian.org/tracker/CVE-2014-9584>)\n\nIt was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 3.2.65-1+deb7u1. Additionally this update fixes a suspend/resume regression introduced with 3.2.65.\n\nFor the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your linux packages.", "edition": 3, "reporter": "Debian", "published": "2015-01-15T00:00:00", "title": "linux -- security update", "type": "debian", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "bulletinFamily": "unix", "cvelist": ["CVE-2014-9529", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9419"], "modified": "2015-01-15T00:00:00", "id": "DSA-3128", "href": "http://www.debian.org/security/dsa-3128", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-02T12:56:45", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "6", "packageVersion": "2.6.32-48squeeze11", "arch": "all", "packageFilename": "linux-2.6_2.6.32-48squeeze11_all.deb", "packageName": "linux-2.6", "operator": "lt"}], "description": "This update fixes the CVEs described below.\n\nA further issue, [CVE-2014-9419](<https://security-tracker.debian.org/tracker/CVE-2014-9419>), was considered, but appears to require extensive changes with a consequent high risk of regression. It is now unlikely to be fixed in squeeze-lts.\n\n * [CVE-2013-6885](<https://security-tracker.debian.org/tracker/CVE-2013-6885>)\n\nIt was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application.\n\nFor more information please refer to the AMD CPU erratum 793 in <http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf>\n\n * [CVE-2014-7822](<https://security-tracker.debian.org/tracker/CVE-2014-7822>)\n\nIt was found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects.\n\n * [CVE-2014-8133](<https://security-tracker.debian.org/tracker/CVE-2014-8133>)\n\nIt was found that the espfix functionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses.\n\n * [CVE-2014-8134](<https://security-tracker.debian.org/tracker/CVE-2014-8134>)\n\nIt was found that the espfix functionality is wrongly disabled in a 32-bit KVM guest. A local unprivileged user could potentially use this flaw to leak kernel stack addresses.\n\n * [CVE-2014-8160](<https://security-tracker.debian.org/tracker/CVE-2014-8160>)\n\nIt was found that a netfilter (iptables or ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol.\n\n * [CVE-2014-9420](<https://security-tracker.debian.org/tracker/CVE-2014-9420>)\n\nIt was found that the ISO-9660 filesystem implementation (isofs) follows arbitrarily long chains, including loops, of Continuation Entries (CEs). This allows local users to mount a denial of service via a crafted disc image.\n\n * [CVE-2014-9584](<https://security-tracker.debian.org/tracker/CVE-2014-9584>)\n\nIt was found that the ISO-9660 filesystem implementation (isofs) does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted disc image.\n\n * [CVE-2014-9585](<https://security-tracker.debian.org/tracker/CVE-2014-9585>)\n\nIt was discovered that address randomisation for the vDSO in 64-bit processes is extremely biassed. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.\n\n * [CVE-2015-1421](<https://security-tracker.debian.org/tracker/CVE-2015-1421>)\n\nIt was found that the SCTP implementation could free authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation.\n\n * [CVE-2015-1593](<https://security-tracker.debian.org/tracker/CVE-2015-1593>)\n\nIt was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism.\n\nFor Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze11", "edition": 1, "reporter": "Debian", "published": "2015-02-18T00:00:00", "title": "linux-2.6 -- LTS security update", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2014-7822", "CVE-2014-8134", "CVE-2014-9420", "CVE-2015-1593", "CVE-2014-8160", "CVE-2015-1421", "CVE-2014-9584", "CVE-2013-6885", "CVE-2014-8133", "CVE-2014-9585"], "modified": "2015-02-18T00:00:00", "id": "DLA-155", "href": "http://www.debian.org/security/2015/dla-155", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:56:36", "references": ["https://bugzilla.novell.com/852967", "https://bugzilla.novell.com/854445", "https://bugzilla.novell.com/866253", "https://bugzilla.novell.com/859342", "https://bugzilla.novell.com/852488", "http://download.suse.com/patch/finder/?keywords=c09969470032946e130c305f40d89cf3", "http://download.suse.com/patch/finder/?keywords=22dc1e8af18524473cafffecb4b4b14d", "https://bugzilla.novell.com/853162", "https://bugzilla.novell.com/865783", "https://bugzilla.novell.com/862957", "https://bugzilla.novell.com/864058", "http://download.suse.com/patch/finder/?keywords=e91b14a6ab1b56e7248783a199bbc01c", "https://bugzilla.novell.com/857643", "https://bugzilla.novell.com/846790", "https://bugzilla.novell.com/863178", "http://download.suse.com/patch/finder/?keywords=2386e6a1a3b32a7da85c7d674d4bc6fc", "http://download.suse.com/patch/finder/?keywords=16687a9fa96ac20af4faa8cdfc9e65af", "https://bugzilla.novell.com/864025", "https://bugzilla.novell.com/827670", "https://bugzilla.novell.com/856848", "https://bugzilla.novell.com/865342", "https://bugzilla.novell.com/857358", "https://bugzilla.novell.com/864833", "http://download.suse.com/patch/finder/?keywords=c62554b736bb29d4bea099174846749f", "https://bugzilla.novell.com/863526", "http://download.suse.com/patch/finder/?keywords=54f3c63bee2dc088c0d6761885a45959", "https://bugzilla.novell.com/833968", "https://bugzilla.novell.com/847672", "https://bugzilla.novell.com/853166", "https://bugzilla.novell.com/599263", "https://bugzilla.novell.com/853455", "http://download.suse.com/patch/finder/?keywords=b4a3caafceac4ecd970b8cf2ee7138bb", "https://bugzilla.novell.com/844513", "https://bugzilla.novell.com/862796", "https://bugzilla.novell.com/854025", "https://bugzilla.novell.com/866428", "https://bugzilla.novell.com/861093", "https://bugzilla.novell.com/858604", "http://download.suse.com/patch/finder/?keywords=3d3bd3e381acb377bb739c05c5a6297c", "https://bugzilla.novell.com/859225", "http://download.suse.com/patch/finder/?keywords=e622300e3c415568cc6d36c257c6da37", "https://bugzilla.novell.com/864880", "https://bugzilla.novell.com/855825", "https://bugzilla.novell.com/870801"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-default", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.21-2.27.54.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-trace", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.21-2.27.54.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-trace", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.21-0.16.60.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-xen", "packageFilename": "cluster-network-kmp-xen-1.4_3.0.101_0.21-2.27.54.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ppc64-base", "packageFilename": "kernel-ppc64-base-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-default", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.21-2.27.54.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae-extra", "packageFilename": "kernel-pae-extra-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-trace", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.21-0.20.54.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-trace", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.21-0.20.54.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-default", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.21-0.16.60.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-pae", "packageFilename": "gfs2-kmp-pae-2_3.0.101_0.21-0.16.60.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-default", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.21-0.20.54.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-default", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.21-0.20.54.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-default", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.21-2.27.54.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-trace", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.21-0.16.60.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-default", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.21-0.16.60.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-extra", "packageFilename": "kernel-xen-extra-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-xen", "packageFilename": "gfs2-kmp-xen-2_3.0.101_0.21-0.16.60.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.21-0.7.12", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-default", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.21-2.27.54.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-default", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.21-0.16.60.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-xen", "packageFilename": "cluster-network-kmp-xen-1.4_3.0.101_0.21-2.27.54.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ppc64-extra", "packageFilename": "kernel-ppc64-extra-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-xen", "packageFilename": "gfs2-kmp-xen-2_3.0.101_0.21-0.16.60.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae-devel", "packageFilename": "kernel-pae-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae", "packageFilename": "kernel-pae-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ec2", "packageFilename": "kernel-ec2-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-default", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.21-0.20.54.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.21-0.7.12", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-trace", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.21-0.16.60.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-trace", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.21-2.27.54.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-ppc64", "packageFilename": "ocfs2-kmp-ppc64-1.6_3.0.101_0.21-0.20.54.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.21-0.7.12", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-xen", "packageFilename": "ocfs2-kmp-xen-1.6_3.0.101_0.21-0.20.54.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae-base", "packageFilename": "kernel-pae-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae-devel", "packageFilename": "kernel-pae-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-extra", "packageFilename": "kernel-xen-extra-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-ppc64", "packageFilename": "cluster-network-kmp-ppc64-1.4_3.0.101_0.21-2.27.54.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-trace", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.21-0.16.60.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-trace", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.21-2.27.54.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-default", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.21-0.16.60.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae-base", "packageFilename": "kernel-pae-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae-devel", "packageFilename": "kernel-pae-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.21-0.7.12", "packageName": "xen-kmp-pae", "packageFilename": "xen-kmp-pae-4.2.4_02_3.0.101_0.21-0.7.12.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-trace", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.21-2.27.54.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-trace", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.21-0.20.54.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-xen", "packageFilename": "ocfs2-kmp-xen-1.6_3.0.101_0.21-0.20.54.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-extra", "packageFilename": "kernel-xen-extra-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.21-0.7.12", "packageName": "xen-kmp-pae", "packageFilename": "xen-kmp-pae-4.2.4_02_3.0.101_0.21-0.7.12.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace", "packageFilename": "kernel-trace-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-trace", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.21-0.16.60.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-devel", "packageFilename": "kernel-xen-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae", "packageFilename": "kernel-pae-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-trace", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.21-0.20.54.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-default", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.21-0.20.54.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.21-0.7.12", "packageName": "xen-kmp-default", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.21-0.7.12.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default", "packageFilename": "kernel-default-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-base", "packageFilename": "kernel-trace-base-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ppc64", "packageFilename": "kernel-ppc64-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-base", "packageFilename": "kernel-xen-base-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae-extra", "packageFilename": "kernel-pae-extra-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae-base", "packageFilename": "kernel-pae-base-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-man", "packageFilename": "kernel-default-man-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen-extra", "packageFilename": "kernel-xen-extra-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-trace", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.21-2.27.54.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-default", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.21-0.20.54.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-ppc64", "packageFilename": "gfs2-kmp-ppc64-2_3.0.101_0.21-0.16.60.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ec2-base", "packageFilename": "kernel-ec2-base-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-trace-devel", "packageFilename": "kernel-trace-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-trace", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.21-0.20.54.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-syms", "packageFilename": "kernel-syms-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.21-0.16.60", "packageName": "gfs2-kmp-default", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.21-0.16.60.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-source", "packageFilename": "kernel-source-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-devel", "packageFilename": "kernel-default-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-pae", "packageFilename": "cluster-network-kmp-pae-1.4_3.0.101_0.21-2.27.54.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-base", "packageFilename": "kernel-default-base-3.0.101-0.21.1.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.21-0.20.54", "packageName": "ocfs2-kmp-pae", "packageFilename": "ocfs2-kmp-pae-1.6_3.0.101_0.21-0.20.54.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-default-extra", "packageFilename": "kernel-default-extra-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.21-2.27.54", "packageName": "cluster-network-kmp-default", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.21-2.27.54.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ppc64-devel", "packageFilename": "kernel-ppc64-devel-3.0.101-0.21.1.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-xen", "packageFilename": "kernel-xen-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-pae", "packageFilename": "kernel-pae-3.0.101-0.21.1.i586.rpm", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.21.1", "packageName": "kernel-ec2-devel", "packageFilename": "kernel-ec2-devel-3.0.101-0.21.1.x86_64.rpm", "arch": "x86_64", "operator": "lt"}], "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been\n updated to fix various bugs and security issues.\n\n ------------------------------------------------------------\n ------------ WARNING: If you are running KVM with PCI\n pass-through on a system with one of the following Intel\n chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or\n X58 (revisions 0x12, 0x13, 0x22), please make sure to read\n the following support document before installing this\n update:\n\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc.php?id=7014344\">https://www.suse.com/support/kb/doc.php?id=7014344</a>\n <<a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc.php?id=7014344\">https://www.suse.com/support/kb/doc.php?id=7014344</a>>\n\n You will have to update your KVM setup to no longer make\n use of PCI pass-through before rebooting to the updated\n kernel.\n\n ------------------------------------------------------------\n ------------\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP\n Fragmentation Offload (UFO) is enabled, does not properly\n initialize certain data structures, which allows local\n users to cause a denial of service (memory corruption and\n system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt\n system call and sends both short and long packets, related\n to the ip_ufo_append_data function in net/ipv4/ip_output.c\n and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through\n 0Fh processors does not properly handle the interaction\n between locked instructions and write-combined memory\n types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates\n certain length values before ensuring that associated data\n structures have been initialized, which allows local users\n to obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in\n net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4\n updates a certain length value before ensuring that an\n associated data structure has been initialized, which\n allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#857643)\n\n *\n\n CVE-2013-7265: The pn_recvmsg function in\n net/phonet/datagram.c in the Linux kernel before 3.12.4\n updates a certain length value before ensuring that an\n associated data structure has been initialized, which\n allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#857643)\n\n *\n\n CVE-2014-0069: The cifs_iovec_write function in\n fs/cifs/file.c in the Linux kernel through 3.13.5 does not\n properly handle uncached write operations that copy fewer\n than the requested number of bytes, which allows local\n users to obtain sensitive information from kernel memory,\n cause a denial of service (memory corruption and system\n crash), or possibly gain privileges via a writev system\n call with a crafted pointer. (bnc#864025)\n\n Also the following non-security bugs have been fixed:\n\n * kabi: protect symbols modified by bnc#864833 fix\n (bnc#864833).\n * mm: mempolicy: fix mbind_range() && vma_adjust()\n interaction (VM Functionality (bnc#866428)).\n * mm: merging memory blocks resets mempolicy (VM\n Functionality (bnc#866428)).\n * mm/page-writeback.c: do not count anon pages as\n dirtyable memory (High memory utilisation performance\n (bnc#859225)).\n * mm: vmscan: Do not force reclaim file pages until it\n exceeds anon (High memory utilisation performance\n (bnc#859225)).\n * mm: vmscan: fix endless loop in kswapd balancing\n (High memory utilisation performance (bnc#859225)).\n * mm: vmscan: Update rotated and scanned when force\n reclaimed (High memory utilisation performance\n (bnc#859225)).\n * mm: exclude memory less nodes from zone_reclaim\n (bnc#863526).\n * mm: fix return type for functions nr_free_*_pages\n kabi fixup (bnc#864058).\n * mm: fix return type for functions nr_free_*_pages\n (bnc#864058).\n * mm: swap: Use swapfiles in priority order (Use swap\n files in priority order (bnc#862957)).\n * x86: Save cr2 in NMI in case NMIs take a page fault\n (follow-up for\n patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch).\n * powerpc: Add VDSO version of getcpu (fate#316816,\n bnc#854445).\n * vmscan: change type of vm_total_pages to unsigned\n long (bnc#864058).\n * audit: dynamically allocate audit_names when not\n enough space is in the names array (bnc#857358).\n * audit: make filetype matching consistent with other\n filters (bnc#857358).\n * arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing\n SLIT (bnc#863178).\n * hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n * privcmd: allow preempting long running user-mode\n originating hypercalls (bnc#861093).\n * nohz: Check for nohz active instead of nohz enabled\n (bnc#846790).\n * nohz: Fix another inconsistency between\n CONFIG_NO_HZ=n and nohz=off (bnc#846790).\n * iommu/vt-d: add quirk for broken interrupt remapping\n on 55XX chipsets (bnc#844513)\n *\n\n balloon: do not crash in HVM-with-PoD guests.\n\n *\n\n crypto: s390 - fix des and des3_ede ctr concurrency\n issue (bnc#862796, LTC#103744).\n\n * crypto: s390 - fix des and des3_ede cbc concurrency\n issue (bnc#862796, LTC#103743).\n * kernel: oops due to linkage stack instructions\n (bnc#862796, LTC#103860).\n * crypto: s390 - fix concurrency issue in aes-ctr mode\n (bnc#862796, LTC#103742).\n *\n\n dump: Fix dump memory detection\n (bnc#862796,LTC#103575).\n\n *\n\n net: change type of virtio_chan->p9_max_pages\n (bnc#864058).\n\n * inet: handle rt{,6}_bind_peer() failure correctly\n (bnc#870801).\n * inet: Avoid potential NULL peer dereference\n (bnc#864833).\n * inet: Hide route peer accesses behind helpers\n (bnc#864833).\n * inet: Pass inetpeer root into inet_getpeer*()\n interfaces (bnc#864833).\n * tcp: syncookies: reduce cookie lifetime to 128\n seconds (bnc#833968).\n * tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n * ipv6 routing, NLM_F_* flag support: REPLACE and EXCL\n flags support, warn about missing CREATE flag (bnc#865783).\n * ipv6: send router reachability probe if route has an\n unreachable gateway (bnc#853162).\n * sctp: Implement quick failover draft from tsvwg\n (bnc#827670).\n *\n\n ipvs: fix AF assignment in ip_vs_conn_new()\n (bnc#856848).\n\n *\n\n NFSD/sunrpc: avoid deadlock on TCP connection due to\n memory pressure (bnc#853455).\n\n * btrfs: bugfix collection\n * fs/nfsd: change type of max_delegations,\n nfsd_drc_max_mem and nfsd_drc_mem_used (bnc#864058).\n * fs/buffer.c: change type of max_buffer_heads to\n unsigned long (bnc#864058).\n *\n\n ncpfs: fix rmdir returns Device or resource busy\n (bnc#864880).\n\n *\n\n scsi_dh_alua: fixup RTPG retry delay miscalculation\n (bnc#854025).\n\n * scsi_dh_alua: Simplify state machine (bnc#854025).\n * xhci: Fix resume issues on Renesas chips in Samsung\n laptops (bnc#866253).\n * bonding: disallow enslaving a bond to itself\n (bnc#599263).\n * USB: hub: handle -ETIMEDOUT during enumeration\n (bnc#855825).\n * dm-multipath: Do not stall on invalid ioctls\n (bnc#865342).\n * scsi_dh_alua: endless STPG retries for a failed LUN\n (bnc#865342).\n * net/mlx4_en: Fix pages never dma unmapped on rx\n (bnc#858604).\n * dlm: remove get_comm (bnc#827670).\n * dlm: Avoid LVB truncation (bnc#827670).\n * dlm: disable nagle for SCTP (bnc#827670).\n * dlm: retry failed SCTP sends (bnc#827670).\n * dlm: try other IPs when sctp init assoc fails\n (bnc#827670).\n * dlm: clear correct bit during sctp init failure\n handling (bnc#827670).\n * dlm: set sctp assoc id during setup (bnc#827670).\n * dlm: clear correct init bit during sctp setup\n (bnc#827670).\n * dlm: fix deadlock between dlm_send and dlm_controld\n (bnc#827670).\n * dlm: Fix return value from lockspace_busy()\n (bnc#827670).\n * Avoid occasional hang with NFS (bnc#852488).\n * mpt2sas: Fix unsafe using smp_processor_id() in\n preemptible (bnc#853166).\n * lockd: send correct lock when granting a delayed lock\n (bnc#859342).\n", "edition": 1, "reporter": "Suse", "published": "2014-04-16T01:05:16", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "title": "Security update for Linux kernel (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7263", "CVE-2013-6885", "CVE-2013-4470", "CVE-2014-0069"], "modified": "2014-04-16T01:05:16", "id": "SUSE-SU-2014:0531-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00011.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:31:56", "references": ["https://bugzilla.novell.com/852967", "https://bugzilla.novell.com/854445", "https://bugzilla.novell.com/866253", "https://bugzilla.novell.com/859342", "https://bugzilla.novell.com/852488", "http://download.suse.com/patch/finder/?keywords=7186c0ca1717924a99aab4250b1b0389", "http://download.suse.com/patch/finder/?keywords=486aa2eada02c76d1cac74b15b7bc069", "https://bugzilla.novell.com/853162", "https://bugzilla.novell.com/865783", "https://bugzilla.novell.com/862957", "http://download.suse.com/patch/finder/?keywords=bf8427bba89958884290889fb5022f2b", "https://bugzilla.novell.com/864058", "http://download.suse.com/patch/finder/?keywords=828b5201cfab14cc87d2e941056208ee", "https://bugzilla.novell.com/857643", "https://bugzilla.novell.com/846790", "http://download.suse.com/patch/finder/?keywords=2bba527d042fa2524206bfe310bbd09d", "http://download.suse.com/patch/finder/?keywords=0e36f5897fccb20ea48f7e58e74b2647", "https://bugzilla.novell.com/863178", "https://bugzilla.novell.com/864025", "https://bugzilla.novell.com/827670", "https://bugzilla.novell.com/856848", "https://bugzilla.novell.com/865342", "https://bugzilla.novell.com/857358", "https://bugzilla.novell.com/864833", "https://bugzilla.novell.com/863526", "https://bugzilla.novell.com/833968", "https://bugzilla.novell.com/847672", "https://bugzilla.novell.com/853166", "https://bugzilla.novell.com/599263", "http://download.suse.com/patch/finder/?keywords=aacac5b010d7cf23355177e902b2480a", "https://bugzilla.novell.com/853455", "https://bugzilla.novell.com/844513", "http://download.suse.com/patch/finder/?keywords=50402d33a8c1451b2166727adc144f74", "https://bugzilla.novell.com/855885", "https://bugzilla.novell.com/862796", "http://download.suse.com/patch/finder/?keywords=7ab3c7cf9fa1047f360fd862740f9f62", "https://bugzilla.novell.com/854025", "https://bugzilla.novell.com/866428", "https://bugzilla.novell.com/861093", "https://bugzilla.novell.com/858604", "https://bugzilla.novell.com/859225", "https://bugzilla.novell.com/864880", "https://bugzilla.novell.com/855825", "http://download.suse.com/patch/finder/?keywords=7129036742186e61dc9c40e8d6898c51"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-source", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-trace-devel", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.18-0.20.49.ppc64.rpm", "packageName": "ocfs2-kmp-trace", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.18-2.27.49.i586.rpm", "packageName": "cluster-network-kmp-trace", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-source", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-extra-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen-extra", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-xen-2_3.0.101_0.18-0.16.55.i586.rpm", "packageName": "gfs2-kmp-xen", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.18-0.20.49.x86_64.rpm", "packageName": "ocfs2-kmp-trace", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.18-0.20.49.x86_64.rpm", "packageName": "ocfs2-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-source", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.18-0.20.49.ia64.rpm", "packageName": "ocfs2-kmp-default", "arch": "ia64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-extra-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default-extra", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-trace-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-pae-2_3.0.101_0.18-0.16.55.i586.rpm", "packageName": "gfs2-kmp-pae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-source", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.18-0.16.55.x86_64.rpm", "packageName": "gfs2-kmp-trace", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-base-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-trace-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-extra-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen-extra", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-default", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-xen-1.4_3.0.101_0.18-2.27.49.i586.rpm", "packageName": "cluster-network-kmp-xen", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-trace", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-trace-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-base-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-trace", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-default", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-source", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ec2-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-ec2", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.18-0.20.49.i586.rpm", "packageName": "ocfs2-kmp-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-extra-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen-extra", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-trace", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-trace-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.18-0.7.5", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.18-0.7.5.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.18-2.27.49.ppc64.rpm", "packageName": "cluster-network-kmp-trace", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-xen-2_3.0.101_0.18-0.16.55.x86_64.rpm", "packageName": "gfs2-kmp-xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-syms", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.18-0.16.55.ppc64.rpm", "packageName": "gfs2-kmp-default", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-extra-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default-extra", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.18-2.27.49.s390x.rpm", "packageName": "cluster-network-kmp-trace", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.18-0.16.55.i586.rpm", "packageName": "gfs2-kmp-trace", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-default-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-trace-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-source", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-base-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-trace-base", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-ppc64-1.6_3.0.101_0.18-0.20.49.ppc64.rpm", "packageName": "ocfs2-kmp-ppc64", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-default-base", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-base-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-trace-base", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-extra-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-default-extra", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.18-0.7.5", "packageFilename": "xen-kmp-pae-4.2.4_02_3.0.101_0.18-0.7.5.i586.rpm", "packageName": "xen-kmp-pae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-default-devel", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.18-0.20.49.i586.rpm", "packageName": "ocfs2-kmp-trace", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-pae-1.4_3.0.101_0.18-2.27.49.i586.rpm", "packageName": "cluster-network-kmp-pae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-ppc64-1.4_3.0.101_0.18-2.27.49.ppc64.rpm", "packageName": "cluster-network-kmp-ppc64", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ec2-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-ec2", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.18-0.16.55.s390x.rpm", "packageName": "gfs2-kmp-default", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-pae-1.6_3.0.101_0.18-0.20.49.i586.rpm", "packageName": "ocfs2-kmp-pae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-trace", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-source", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-syms", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-default", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.18-0.20.49.ia64.rpm", "packageName": "ocfs2-kmp-trace", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-extra-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae-extra", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ppc64-devel-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-ppc64-devel", "arch": "ppc64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-extra-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-default-extra", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-trace", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-trace-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-syms", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-trace", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ec2-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-ec2-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-extra-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae-extra", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ec2-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-ec2-devel", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-extra-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-default-extra", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.18-2.27.49.i586.rpm", "packageName": "cluster-network-kmp-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-xen-1.6_3.0.101_0.18-0.20.49.i586.rpm", "packageName": "ocfs2-kmp-xen", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-xen-1.4_3.0.101_0.18-2.27.49.x86_64.rpm", "packageName": "cluster-network-kmp-xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-trace-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ec2-base-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-ec2-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-syms", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.18-0.7.5", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.18-0.7.5.i586.rpm", "packageName": "xen-kmp-default", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-extra-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen-extra", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-trace-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-syms", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-xen-1.6_3.0.101_0.18-0.20.49.x86_64.rpm", "packageName": "ocfs2-kmp-xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.18-0.20.49.s390x.rpm", "packageName": "ocfs2-kmp-default", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-trace-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-trace-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.18-2.27.49.ppc64.rpm", "packageName": "cluster-network-kmp-default", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-man-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-default-man", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-default-base", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-default-base", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.18-2.27.49.ia64.rpm", "packageName": "cluster-network-kmp-trace", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-base-3.0.101-0.18.1.s390x.rpm", "packageName": "kernel-trace-base", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-extra-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default-extra", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-base-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.18-0.16.55.s390x.rpm", "packageName": "gfs2-kmp-trace", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-default-1.6_3.0.101_0.18-0.20.49.ppc64.rpm", "packageName": "ocfs2-kmp-default", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-trace", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ppc64-extra-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-ppc64-extra", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ppc64-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-ppc64", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-syms", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.18-2.27.49.s390x.rpm", "packageName": "cluster-network-kmp-default", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_0.18-0.20.49", "packageFilename": "ocfs2-kmp-trace-1.6_3.0.101_0.18-0.20.49.s390x.rpm", "packageName": "ocfs2-kmp-trace", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-ppc64-2_3.0.101_0.18-0.16.55.ppc64.rpm", "packageName": "gfs2-kmp-ppc64", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.18-0.7.5", "packageFilename": "xen-kmp-pae-4.2.4_02_3.0.101_0.18-0.7.5.i586.rpm", "packageName": "xen-kmp-pae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ec2-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-ec2-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-base-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-trace-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-ppc64-base-3.0.101-0.18.1.ppc64.rpm", "packageName": "kernel-ppc64-base", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.18-0.7.5", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.18-0.7.5.i586.rpm", "packageName": "xen-kmp-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.18-0.16.55.ppc64.rpm", "packageName": "gfs2-kmp-trace", "arch": "ppc64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-source", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-trace-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-trace-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.18-2.27.49.x86_64.rpm", "packageName": "cluster-network-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-base-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-syms", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-syms", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-default-1.4_3.0.101_0.18-2.27.49.ia64.rpm", "packageName": "cluster-network-kmp-default", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-extra-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default-extra", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-xen", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-default-devel", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.18-0.7.5", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.18-0.7.5.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_0.18-2.27.49", "packageFilename": "cluster-network-kmp-trace-1.4_3.0.101_0.18-2.27.49.x86_64.rpm", "packageName": "cluster-network-kmp-trace", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.18-0.16.55.i586.rpm", "packageName": "gfs2-kmp-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-pae-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-pae-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-trace-2_3.0.101_0.18-0.16.55.ia64.rpm", "packageName": "gfs2-kmp-trace", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-syms-3.0.101-0.18.1.ia64.rpm", "packageName": "kernel-syms", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.18-0.16.55.x86_64.rpm", "packageName": "gfs2-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-default-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-source-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-source", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-default-devel-3.0.101-0.18.1.i586.rpm", "packageName": "kernel-default-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise High Availability Extension", "OSVersion": "11.3", "packageVersion": "2_3.0.101_0.18-0.16.55", "packageFilename": "gfs2-kmp-default-2_3.0.101_0.18-0.16.55.ia64.rpm", "packageName": "gfs2-kmp-default", "arch": "ia64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server for VMware", "OSVersion": "11.3", "packageVersion": "3.0.101-0.18.1", "packageFilename": "kernel-xen-devel-3.0.101-0.18.1.x86_64.rpm", "packageName": "kernel-xen-devel", "arch": "x86_64", "operator": "lt"}], "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was\n updated to fix various bugs and security issues.\n\n ------------------------------------------------------------\n ------------ WARNING: If you are running KVM with PCI\n pass-through on a system with one of the following Intel\n chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or\n X58 (revisions 0x12, 0x13, 0x22), please make sure to read\n the following support document before installing this\n update:\n <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc.php?id=7014344\">https://www.suse.com/support/kb/doc.php?id=7014344</a>\n <<a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc.php?id=7014344\">https://www.suse.com/support/kb/doc.php?id=7014344</a>> . You\n will have to update your KVM setup to no longer make use\n of PCI pass-through before rebooting to the updated\n kernel.\n ------------------------------------------------------------\n ------------\n\n The following security bugs were fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP\n Fragmentation Offload (UFO) is enabled, does not properly\n initialize certain data structures, which allows local\n users to cause a denial of service (memory corruption and\n system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt\n system call and sends both short and long packets, related\n to the ip_ufo_append_data function in net/ipv4/ip_output.c\n and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through\n 0Fh processors does not properly handle the interaction\n between locked instructions and write-combined memory\n types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates\n certain length values before ensuring that associated data\n structures have been initialized, which allows local users\n to obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in\n net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4\n updates a certain length value before ensuring that an\n associated data structure has been initialized, which\n allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#857643)\n\n *\n\n CVE-2013-7265: The pn_recvmsg function in\n net/phonet/datagram.c in the Linux kernel before 3.12.4\n updates a certain length value before ensuring that an\n associated data structure has been initialized, which\n allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#857643)\n\n *\n\n CVE-2014-0069: The cifs_iovec_write function in\n fs/cifs/file.c in the Linux kernel through 3.13.5 does not\n properly handle uncached write operations that copy fewer\n than the requested number of bytes, which allows local\n users to obtain sensitive information from kernel memory,\n cause a denial of service (memory corruption and system\n crash), or possibly gain privileges via a writev system\n call with a crafted pointer. (bnc#864025)\n\n The following non-security bugs were fixed:\n\n * kabi: protect symbols modified by bnc#864833 fix\n (bnc#864833).\n * mm: mempolicy: fix mbind_range() && vma_adjust()\n interaction (VM Functionality (bnc#866428)).\n * mm: merging memory blocks resets mempolicy (VM\n Functionality (bnc#866428)).\n * mm/page-writeback.c: do not count anon pages as\n dirtyable memory (High memory utilisation performance\n (bnc#859225)).\n * mm: vmscan: Do not force reclaim file pages until it\n exceeds anon (High memory utilisation performance\n (bnc#859225)).\n * mm: vmscan: fix endless loop in kswapd balancing\n (High memory utilisation performance (bnc#859225)).\n * mm: vmscan: Update rotated and scanned when force\n reclaimed (High memory utilisation performance\n (bnc#859225)).\n * mm: exclude memory less nodes from zone_reclaim\n (bnc#863526).\n * mm: fix return type for functions nr_free_*_pages\n kabi fixup (bnc#864058).\n * mm: fix return type for functions nr_free_*_pages\n (bnc#864058).\n * mm: swap: Use swapfiles in priority order (Use swap\n files in priority order (bnc#862957)).\n * x86: Save cr2 in NMI in case NMIs take a page fault\n (follow-up for\n patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch).\n * powerpc: Add VDSO version of getcpu (fate#316816,\n bnc#854445).\n * vmscan: change type of vm_total_pages to unsigned\n long (bnc#864058).\n * audit: dynamically allocate audit_names when not\n enough space is in the names array (bnc#857358).\n * audit: make filetype matching consistent with other\n filters (bnc#857358).\n * arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing\n SLIT (bnc#863178).\n * hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n * privcmd: allow preempting long running user-mode\n originating hypercalls (bnc#861093).\n * nohz: Check for nohz active instead of nohz enabled\n (bnc#846790).\n * nohz: Fix another inconsistency between\n CONFIG_NO_HZ=n and nohz=off (bnc#846790).\n * iommu/vt-d: add quirk for broken interrupt remapping\n on 55XX chipsets (bnc#844513)\n * balloon: do not crash in HVM-with-PoD guests.\n * crypto: s390 - fix des and des3_ede ctr concurrency\n issue (bnc#862796, LTC#103744).\n * crypto: s390 - fix des and des3_ede cbc concurrency\n issue (bnc#862796, LTC#103743).\n * kernel: oops due to linkage stack instructions\n (bnc#862796, LTC#103860).\n * crypto: s390 - fix concurrency issue in aes-ctr mode\n (bnc#862796, LTC#103742).\n * dump: Fix dump memory detection\n (bnc#862796,LTC#103575).\n * net: change type of virtio_chan->p9_max_pages\n (bnc#864058).\n * inet: Avoid potential NULL peer dereference\n (bnc#864833).\n * inet: Hide route peer accesses behind helpers\n (bnc#864833).\n * inet: Pass inetpeer root into inet_getpeer*()\n interfaces (bnc#864833).\n * tcp: syncookies: reduce cookie lifetime to 128\n seconds (bnc#833968).\n * tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n * ipv6 routing, NLM_F_* flag support: REPLACE and EXCL\n flags support, warn about missing CREATE flag (bnc#865783).\n * ipv6: send router reachability probe if route has an\n unreachable gateway (bnc#853162).\n * sctp: Implement quick failover draft from tsvwg\n (bnc#827670).\n * ipvs: fix AF assignment in ip_vs_conn_new()\n (bnc#856848).\n * NFSD/sunrpc: avoid deadlock on TCP connection due to\n memory pressure (bnc#853455).\n * btrfs: bugfix collection\n * fs/nfsd: change type of max_delegations,\n nfsd_drc_max_mem and nfsd_drc_mem_used (bnc#864058).\n * fs/buffer.c: change type of max_buffer_heads to\n unsigned long (bnc#864058).\n * ncpfs: fix rmdir returns Device or resource busy\n (bnc#864880).\n * fs/fscache: Handle removal of unadded object to the\n fscache_object_list rb tree (bnc#855885).\n * scsi_dh_alua: fixup RTPG retry delay miscalculation\n (bnc#854025).\n * scsi_dh_alua: Simplify state machine (bnc#854025).\n * xhci: Fix resume issues on Renesas chips in Samsung\n laptops (bnc#866253).\n * bonding: disallow enslaving a bond to itself\n (bnc#599263).\n * USB: hub: handle -ETIMEDOUT during enumeration\n (bnc#855825).\n * dm-multipath: Do not stall on invalid ioctls\n (bnc#865342).\n * scsi_dh_alua: endless STPG retries for a failed LUN\n (bnc#865342).\n * net/mlx4_en: Fix pages never dma unmapped on rx\n (bnc#858604).\n * dlm: remove get_comm (bnc#827670).\n * dlm: Avoid LVB truncation (bnc#827670).\n * dlm: disable nagle for SCTP (bnc#827670).\n * dlm: retry failed SCTP sends (bnc#827670).\n * dlm: try other IPs when sctp init assoc fails\n (bnc#827670).\n * dlm: clear correct bit during sctp init failure\n handling (bnc#827670).\n * dlm: set sctp assoc id during setup (bnc#827670).\n * dlm: clear correct init bit during sctp setup\n (bnc#827670).\n * dlm: fix deadlock between dlm_send and dlm_controld\n (bnc#827670).\n * dlm: Fix return value from lockspace_busy()\n (bnc#827670).\n * Avoid occasional hang with NFS (bnc#852488).\n * mpt2sas: Fix unsafe using smp_processor_id() in\n preemptible (bnc#853166).\n * lockd: send correct lock when granting a delayed lock\n (bnc#859342).\n\n Security Issues references:\n\n * CVE-2013-4470\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4470</a>\n >\n * CVE-2013-6885\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>\n >\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>\n >\n * CVE-2013-7264\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264</a>\n >\n * CVE-2013-7265\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265</a>\n >\n * CVE-2014-0069\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0069</a>\n >\n", "edition": 1, "reporter": "Suse", "published": "2014-03-28T02:04:16", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "title": "Security update for Linux Kernel (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7265", "CVE-2013-7264", "CVE-2013-7263", "CVE-2013-6885", "CVE-2013-4470", "CVE-2014-0069"], "modified": "2014-03-28T02:04:16", "id": "SUSE-SU-2014:0459-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:21", "references": ["https://bugzilla.novell.com/852967", "https://bugzilla.novell.com/854445", "https://bugzilla.novell.com/866253", "https://bugzilla.novell.com/859342", "https://bugzilla.novell.com/852488", "https://bugzilla.novell.com/858534", "https://bugzilla.novell.com/854516", "https://bugzilla.novell.com/853162", "https://bugzilla.novell.com/769644", "https://bugzilla.novell.com/865783", "https://bugzilla.novell.com/846654", "https://bugzilla.novell.com/862957", "https://bugzilla.novell.com/864058", "https://bugzilla.novell.com/857643", "https://bugzilla.novell.com/846790", "https://bugzilla.novell.com/863178", "https://bugzilla.novell.com/852153", "https://bugzilla.novell.com/805740", "https://bugzilla.novell.com/849855", "https://bugzilla.novell.com/845621", "https://bugzilla.novell.com/849364", "https://bugzilla.novell.com/820434", "https://bugzilla.novell.com/864025", "https://bugzilla.novell.com/827670", "https://bugzilla.novell.com/823618", "https://bugzilla.novell.com/856848", "https://bugzilla.novell.com/865342", "https://bugzilla.novell.com/848055", "https://bugzilla.novell.com/857358", "https://bugzilla.novell.com/858831", "https://bugzilla.novell.com/864833", "https://bugzilla.novell.com/863526", "https://bugzilla.novell.com/833968", "https://bugzilla.novell.com/847672", "https://bugzilla.novell.com/793727", "https://bugzilla.novell.com/853166", "https://bugzilla.novell.com/599263", "https://bugzilla.novell.com/846984", "https://bugzilla.novell.com/853455", "https://bugzilla.novell.com/844513", "https://bugzilla.novell.com/855885", "https://bugzilla.novell.com/851603", "https://bugzilla.novell.com/798050", "https://bugzilla.novell.com/862796", "https://bugzilla.novell.com/854025", "https://bugzilla.novell.com/853052", "https://bugzilla.novell.com/845378", "https://bugzilla.novell.com/866428", "https://bugzilla.novell.com/861093", "https://bugzilla.novell.com/858604", "https://bugzilla.novell.com/805114", "https://bugzilla.novell.com/859225", "https://bugzilla.novell.com/864880", "https://bugzilla.novell.com/855825", "http://download.suse.com/patch/finder/?keywords=8d7793c0cc8432bc1d41b3b09abc3f8a", "https://bugzilla.novell.com/870801", "https://bugzilla.novell.com/857919", "https://bugzilla.novell.com/769035"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "3.0.101.rt130-0.14.1", "arch": "x86_64", "packageFilename": "kernel-rt_trace-3.0.101.rt130-0.14.1.x86_64.rpm", "packageName": "kernel-rt_trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "2.1.1_3.0.101_rt130_0.14-0.11.36", "arch": "x86_64", "packageFilename": "lttng-modules-kmp-rt-2.1.1_3.0.101_rt130_0.14-0.11.36.x86_64.rpm", "packageName": "lttng-modules-kmp-rt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_rt130_0.14-0.20.55", "arch": "x86_64", "packageFilename": "ocfs2-kmp-rt-1.6_3.0.101_rt130_0.14-0.20.55.x86_64.rpm", "packageName": "ocfs2-kmp-rt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_rt130_0.14-2.27.55", "arch": "x86_64", "packageFilename": "cluster-network-kmp-rt-1.4_3.0.101_rt130_0.14-2.27.55.x86_64.rpm", "packageName": "cluster-network-kmp-rt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "3.0.101.rt130-0.14.1", "arch": "x86_64", "packageFilename": "kernel-source-rt-3.0.101.rt130-0.14.1.x86_64.rpm", "packageName": "kernel-source-rt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "1.4_3.0.101_rt130_0.14-2.27.55", "arch": "x86_64", "packageFilename": "cluster-network-kmp-rt_trace-1.4_3.0.101_rt130_0.14-2.27.55.x86_64.rpm", "packageName": "cluster-network-kmp-rt_trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "3.0.101.rt130-0.14.1", "arch": "x86_64", "packageFilename": "kernel-rt_trace-base-3.0.101.rt130-0.14.1.x86_64.rpm", "packageName": "kernel-rt_trace-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "8.4.4_3.0.101_rt130_0.14-0.22.21", "arch": "x86_64", "packageFilename": "drbd-kmp-rt_trace-8.4.4_3.0.101_rt130_0.14-0.22.21.x86_64.rpm", "packageName": "drbd-kmp-rt_trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "1.5.4.1_3.0.101_rt130_0.14-0.13.46", "arch": "x86_64", "packageFilename": "ofed-kmp-rt-1.5.4.1_3.0.101_rt130_0.14-0.13.46.x86_64.rpm", "packageName": "ofed-kmp-rt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "1.4.20_3.0.101_rt130_0.14-0.38.40", "arch": "x86_64", "packageFilename": "iscsitarget-kmp-rt_trace-1.4.20_3.0.101_rt130_0.14-0.38.40.x86_64.rpm", "packageName": "iscsitarget-kmp-rt_trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "1.4.20_3.0.101_rt130_0.14-0.38.40", "arch": "x86_64", "packageFilename": "iscsitarget-kmp-rt-1.4.20_3.0.101_rt130_0.14-0.38.40.x86_64.rpm", "packageName": "iscsitarget-kmp-rt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "1.6_3.0.101_rt130_0.14-0.20.55", "arch": "x86_64", "packageFilename": "ocfs2-kmp-rt_trace-1.6_3.0.101_rt130_0.14-0.20.55.x86_64.rpm", "packageName": "ocfs2-kmp-rt_trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "3.0.101.rt130-0.14.1", "arch": "x86_64", "packageFilename": "kernel-rt_trace-devel-3.0.101.rt130-0.14.1.x86_64.rpm", "packageName": "kernel-rt_trace-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "2.1.1_3.0.101_rt130_0.14-0.11.36", "arch": "x86_64", "packageFilename": "lttng-modules-kmp-rt_trace-2.1.1_3.0.101_rt130_0.14-0.11.36.x86_64.rpm", "packageName": "lttng-modules-kmp-rt_trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "3.0.101.rt130-0.14.1", "arch": "x86_64", "packageFilename": "kernel-syms-rt-3.0.101.rt130-0.14.1.x86_64.rpm", "packageName": "kernel-syms-rt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "8.4.4_3.0.101_rt130_0.14-0.22.21", "arch": "x86_64", "packageFilename": "drbd-kmp-rt-8.4.4_3.0.101_rt130_0.14-0.22.21.x86_64.rpm", "packageName": "drbd-kmp-rt", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "3.0.101.rt130-0.14.1", "arch": "x86_64", "packageFilename": "kernel-rt-devel-3.0.101.rt130-0.14.1.x86_64.rpm", "packageName": "kernel-rt-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "1.5.4.1_3.0.101_rt130_0.14-0.13.46", "arch": "x86_64", "packageFilename": "ofed-kmp-rt_trace-1.5.4.1_3.0.101_rt130_0.14-0.13.46.x86_64.rpm", "packageName": "ofed-kmp-rt_trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "3.0.101.rt130-0.14.1", "arch": "x86_64", "packageFilename": "kernel-rt-base-3.0.101.rt130-0.14.1.x86_64.rpm", "packageName": "kernel-rt-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Real Time Extension", "OSVersion": "11.3", "packageVersion": "3.0.101.rt130-0.14.1", "arch": "x86_64", "packageFilename": "kernel-rt-3.0.101.rt130-0.14.1.x86_64.rpm", "packageName": "kernel-rt", "operator": "lt"}], "description": "The SUSE Linux Enterprise 11 Service Pack 3 RealTime\n Extension kernel has been updated to fix various bugs and\n security issues.\n\n ------------------------------------------------------------\n ------------ WARNING: If you are running KVM with PCI\n pass-through on a system with one of the following Intel\n chipsets: 5500 (revision 0x13), 5520 (revision 0x13) or\n X58 (revisions 0x12, 0x13, 0x22), please make sure to read\n the following support document before installing this\n update: <a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc.php?id=7014344\">https://www.suse.com/support/kb/doc.php?id=7014344</a>\n <<a rel=\"nofollow\" href=\"https://www.suse.com/support/kb/doc.php?id=7014344\">https://www.suse.com/support/kb/doc.php?id=7014344</a>> You\n will have to update your KVM setup to no longer make use\n of PCI pass-through before rebooting to the updated\n kernel.\n ------------------------------------------------------------\n ------------\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP\n Fragmentation Offload (UFO) is enabled, does not properly\n initialize certain data structures, which allows local\n users to cause a denial of service (memory corruption and\n system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt\n system call and sends both short and long packets, related\n to the ip_ufo_append_data function in net/ipv4/ip_output.c\n and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-6368: The KVM subsystem in the Linux kernel\n through 3.12.5 allows local users to gain privileges or\n cause a denial of service (system crash) via a VAPIC\n synchronization operation involving a page-end address.\n (bnc#853052)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through\n 0Fh processors does not properly handle the interaction\n between locked instructions and write-combined memory\n types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates\n certain length values before ensuring that associated data\n structures have been initialized, which allows local users\n to obtain sensitive information from kernel stack memory\n via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system\n call, related to net/ipv4/ping.c, net/ipv4/raw.c,\n net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.\n (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in\n net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4\n updates a certain length value before ensuring that an\n associated data structure has been initialized, which\n allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#857643)\n\n *\n\n CVE-2013-7265: The pn_recvmsg function in\n net/phonet/datagram.c in the Linux kernel before 3.12.4\n updates a certain length value before ensuring that an\n associated data structure has been initialized, which\n allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#857643)\n\n *\n\n CVE-2014-0069: The cifs_iovec_write function in\n fs/cifs/file.c in the Linux kernel through 3.13.5 does not\n properly handle uncached write operations that copy fewer\n than the requested number of bytes, which allows local\n users to obtain sensitive information from kernel memory,\n cause a denial of service (memory corruption and system\n crash), or possibly gain privileges via a writev system\n call with a crafted pointer. (bnc#864025)\n\n Also the following non-security bugs have been fixed:\n\n * sched/rt: Fix rqs cpupri leak while enqueue/dequeue\n child RT entities.\n * sched/rt: Use root_domain of rt_rq not current\n processor (bnc#857919).\n * kernel: oops due to linkage stack instructions\n (bnc#862796, LTC#103860).\n * kabi: protect symbols modified by bnc#864833 fix\n (bnc#864833).\n * kabi: protect bind_conflict callback in struct\n inet_connection_sock_af_ops (bnc#823618).\n * mm: mempolicy: fix mbind_range() && vma_adjust()\n interaction (VM Functionality (bnc#866428)).\n * mm: merging memory blocks resets mempolicy (VM\n Functionality (bnc#866428)).\n * mm/page-writeback.c: do not count anon pages as\n dirtyable memory (High memory utilisation performance\n (bnc#859225)).\n * mm: vmscan: Do not force reclaim file pages until it\n exceeds anon (High memory utilisation performance\n (bnc#859225)).\n * mm: vmscan: fix endless loop in kswapd balancing\n (High memory utilisation performance (bnc#859225)).\n * mm: vmscan: Update rotated and scanned when force\n reclaimed (High memory utilisation performance\n (bnc#859225)).\n * mm: fix return type for functions nr_free_*_pages\n kabi fixup (bnc#864058).\n * mm: fix return type for functions nr_free_*_pages\n (bnc#864058).\n * mm: swap: Use swapfiles in priority order (Use swap\n files in priority order (bnc#862957)).\n * mm: exclude memory less nodes from zone_reclaim\n (bnc#863526).\n *\n\n mm: reschedule to avoid RCU stall triggering during\n boot of large machines (bnc#820434,bnc#852153).\n\n *\n\n arch/x86: Fix incorrect config symbol in #ifdef\n (bnc#844513).\n\n * arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing\n SLIT (bnc#863178).\n * vmscan: change type of vm_total_pages to unsigned\n long (bnc#864058).\n * crypto: s390 - fix des and des3_ede ctr concurrency\n issue (bnc#862796, LTC#103744).\n * crypto: s390 - fix concurrency issue in aes-ctr mode\n (bnc#862796, LTC#103742).\n * X.509: Fix certificate gathering (bnc#805114).\n * dump: Fix dump memory detection\n (bnc#862796,LTC#103575).\n * lockd: send correct lock when granting a delayed lock\n (bnc#859342).\n * nohz: Check for nohz active instead of nohz enabled\n (bnc#846790).\n * nohz: Fix another inconsistency between\n CONFIG_NO_HZ=n and nohz=off (bnc#846790).\n * futex: move user address verification up to common\n code (bnc#851603).\n * futexes: Clean up various details (bnc#851603).\n * futexes: Increase hash table size for better\n performance (bnc#851603).\n * futexes: Document multiprocessor ordering guarantees\n (bnc#851603).\n * futexes: Avoid taking the hb->lock if there is\n nothing to wake up (bnc#851603).\n * efifb: prevent null-deref when iterating dmi_list\n (bnc#848055).\n * x86/PCI: reduce severity of host bridge window\n conflict warnings (bnc#858534).\n *\n\n x86/dumpstack: Fix printk_address for direct\n addresses (bnc#845621).\n\n *\n\n ipv6 routing, NLM_F_* flag support: REPLACE and EXCL\n flags support, warn about missing CREATE flag (bnc#865783).\n\n * ipv6: send router reachability probe if route has an\n unreachable gateway (bnc#853162).\n * inet: handle rt{,6}_bind_peer() failure correctly\n (bnc#870801).\n * inet: Avoid potential NULL peer dereference\n (bnc#864833).\n * inet: Hide route peer accesses behind helpers\n (bnc#864833).\n * inet: Pass inetpeer root into inet_getpeer*()\n interfaces (bnc#864833).\n * tcp: syncookies: reduce cookie lifetime to 128\n seconds (bnc#833968).\n * tcp: syncookies: reduce mss table to four values\n (bnc#833968).\n * tcp: bind() fix autoselection to share ports\n (bnc#823618).\n * tcp: bind() use stronger condition for bind_conflict\n (bnc#823618).\n * tcp: ipv6: bind() use stronger condition for\n bind_conflict (bnc#823618).\n * net: change type of virtio_chan->p9_max_pages\n (bnc#864058).\n * sctp: Implement quick failover draft from tsvwg\n (bnc#827670).\n * ipvs: fix AF assignment in ip_vs_conn_new()\n (bnc#856848).\n * net: Do not enable tx-nocache-copy by default\n (bnc#845378).\n * macvlan: introduce IFF_MACVLAN flag and helper\n function (bnc#846984).\n * macvlan: introduce macvlan_dev_real_dev() helper\n function (bnc#846984).\n *\n\n macvlan: disable LRO on lower device instead of\n macvlan (bnc#846984).\n\n *\n\n dlm: remove get_comm (bnc#827670).\n\n * dlm: Avoid LVB truncation (bnc#827670).\n * dlm: disable nagle for SCTP (bnc#827670).\n * dlm: retry failed SCTP sends (bnc#827670).\n * dlm: try other IPs when sctp init assoc fails\n (bnc#827670).\n * dlm: clear correct bit during sctp init failure\n handling (bnc#827670).\n * dlm: set sctp assoc id during setup (bnc#827670).\n * dlm: clear correct init bit during sctp setup\n (bnc#827670).\n * dlm: fix deadlock between dlm_send and dlm_controld\n (bnc#827670).\n *\n\n dlm: fix return value from lockspace_busy()\n (bnc#827670).\n\n *\n\n NFSD/sunrpc: avoid deadlock on TCP connection due to\n memory pressure (bnc#853455).\n\n * ncpfs: fix rmdir returns Device or resource busy\n (bnc#864880).\n * btrfs: bugfix collection\n * fs/fs-cache: Handle removal of unadded object to the\n fscache_object_list rb tree (bnc#855885).\n * fs/nfsd: change type of max_delegations,\n nfsd_drc_max_mem and nfsd_drc_mem_used (bnc#864058).\n * fs/nfs: Avoid occasional hang with NFS (bnc#852488).\n *\n\n fs/buffer.c: change type of max_buffer_heads to\n unsigned long (bnc#864058).\n\n *\n\n dm-multipath: abort all requests when failing a path\n (bnc#798050).\n\n *\n\n dm-multipath: Do not stall on invalid ioctls\n (bnc#865342).\n\n *\n\n scsi: kABI fixes (bnc#798050).\n\n * scsi: remove check for "resetting" (bnc#798050).\n * scsi: Add "eh_deadline" to limit SCSI EH runtime\n (bnc#798050).\n * scsi: Allow error handling timeout to be specified\n (bnc#798050).\n * scsi: Fixup compilation warning (bnc#798050).\n * scsi: Retry failfast commands after EH (bnc#798050).\n * scsi: Warn on invalid command completion (bnc#798050).\n * scsi: cleanup setting task state in\n scsi_error_handler() (bnc#798050).\n * scsi_dh_alua: fixup misplaced brace in\n alua_initialize() (bnc#858831).\n * scsi_dh_alua: fixup RTPG retry delay miscalculation\n (bnc#854025).\n * scsi_dh_alua: Simplify state machine (bnc#854025).\n * scsi_dh_alua: endless STPG retries for a failed LUN\n (bnc#865342).\n *\n\n scsi_dh_rdac: Add new IBM 1813 product id to rdac\n devlist (bnc#846654).\n\n *\n\n xhci: Fix resume issues on Renesas chips in Samsung\n laptops (bnc#866253).\n\n * bonding: disallow enslaving a bond to itself\n (bnc#599263).\n * net/mlx4_en: Fix pages never dma unmapped on rx\n (bnc#858604).\n * USB: hub: handle -ETIMEDOUT during enumeration\n (bnc#855825).\n * powerpc: Add VDSO version of getcpu (fate#316816,\n bnc#854445).\n * privcmd: allow preempting long running user-mode\n originating hypercalls (bnc#861093).\n * audit: dynamically allocate audit_names when not\n enough space is in the names array (bnc#857358).\n * audit: make filetype matching consistent with other\n filters (bnc#857358).\n * mpt2sas: Fix unsafe using smp_processor_id() in\n preemptible (bnc#853166).\n * balloon: do not crash in HVM-with-PoD guests.\n * hwmon: (coretemp) Fix truncated name of alarm\n attributes.\n * rtc-cmos: Add an alarm disable quirk (bnc#805740).\n *\n\n md: Change handling of save_raid_disk and metadata\n update during recovery (bnc#849364).\n\n *\n\n s390: Avoid kabi change due to newly visible\n structures.\n\n *\n\n s390/pci: remove PCI/MSI interruption class\n (FATE#83037, LTC#94737).\n\n *\n\n advansys: Remove "last_reset" references (bnc#798050).\n\n * dc395: Move "last_reset" into internal host structure\n (bnc#798050).\n * dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).\n * dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset\n (bnc#798050).\n * tmscsim: Move "last_reset" into host structure\n (bnc#798050).\n *\n\n bnx2x: remove false warning regarding interrupt\n number (bnc#769035).\n\n *\n\n block: factor out vector mergeable decision to a\n helper function (bnc#769644).\n\n *\n\n block: modify __bio_add_page check to accept pages\n that do not start a new segment (bnc#769644).\n\n *\n\n HID: multitouch: Add support for NextWindow 0340\n touchscreen (bnc#849855).\n\n * HID: multitouch: Add support for Qaunta 3027\n touchscreen (bnc#854516).\n * HID: multitouch: add support for Atmel 212c\n touchscreen (bnc#793727).\n * HID: multitouch: partial support of win8 devices\n (bnc#854516,bnc#793727,bnc#849855).\n * HID: hid-multitouch: add support for the IDEACOM 6650\n chip (bnc#854516,bnc#793727,bnc#849855).\n", "edition": 1, "reporter": "Suse", "published": "2014-04-17T02:05:07", "title": "Security update for Linux kernel (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7265", "CVE-2013-7264", "CVE-2013-6368", "CVE-2013-7263", "CVE-2013-6885", "CVE-2013-4470", "CVE-2014-0069"], "modified": "2014-04-17T02:05:07", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00014.html", "id": "SUSE-SU-2014:0537-1", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:45", "references": ["https://bugzilla.novell.com/860302", "https://bugzilla.novell.com/860163", "https://bugzilla.novell.com/853049", "http://download.suse.com/patch/finder/?keywords=39ca3113e56362a1b6ff0a74f08124b2", "https://bugzilla.novell.com/849667", "https://bugzilla.novell.com/861256", "https://bugzilla.novell.com/842417", "https://bugzilla.novell.com/848014", "https://bugzilla.novell.com/831120", "https://bugzilla.novell.com/833483", "https://bugzilla.novell.com/849668", "https://bugzilla.novell.com/846849"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "x86_64", "packageFilename": "xen-tools-domU-4.1.6_06-0.5.1.x86_64.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "x86_64", "packageFilename": "xen-doc-pdf-4.1.6_06-0.5.1.x86_64.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "x86_64", "packageFilename": "xen-libs-32bit-4.1.6_06-0.5.1.x86_64.rpm", "packageName": "xen-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "x86_64", "packageFilename": "xen-devel-4.1.6_06-0.5.1.x86_64.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "i586", "packageFilename": "xen-tools-domU-4.1.6_06-0.5.1.i586.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "x86_64", "packageFilename": "xen-tools-4.1.6_06-0.5.1.x86_64.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "i586", "packageFilename": "xen-devel-4.1.6_06-0.5.1.i586.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06_3.0.101_0.7.17-0.5.1", "arch": "x86_64", "packageFilename": "xen-kmp-trace-4.1.6_06_3.0.101_0.7.17-0.5.1.x86_64.rpm", "packageName": "xen-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06_3.0.101_0.7.17-0.5.1", "arch": "i586", "packageFilename": "xen-kmp-pae-4.1.6_06_3.0.101_0.7.17-0.5.1.i586.rpm", "packageName": "xen-kmp-pae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "i586", "packageFilename": "xen-libs-4.1.6_06-0.5.1.i586.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06_3.0.101_0.7.17-0.5.1", "arch": "i586", "packageFilename": "xen-kmp-default-4.1.6_06_3.0.101_0.7.17-0.5.1.i586.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06_3.0.101_0.7.17-0.5.1", "arch": "x86_64", "packageFilename": "xen-kmp-default-4.1.6_06_3.0.101_0.7.17-0.5.1.x86_64.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "x86_64", "packageFilename": "xen-doc-html-4.1.6_06-0.5.1.x86_64.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "x86_64", "packageFilename": "xen-libs-4.1.6_06-0.5.1.x86_64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06_3.0.101_0.7.17-0.5.1", "arch": "i586", "packageFilename": "xen-kmp-trace-4.1.6_06_3.0.101_0.7.17-0.5.1.i586.rpm", "packageName": "xen-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "4.1.6_06-0.5.1", "arch": "x86_64", "packageFilename": "xen-4.1.6_06-0.5.1.x86_64.rpm", "packageName": "xen", "operator": "lt"}], "description": "The SUSE Linux Enterprise Server 11 Service Pack 2 LTSS Xen\n hypervisor and toolset has been updated to fix various\n security issues and several bugs.\n\n The following security issues have been addressed:\n\n *\n\n XSA-88: CVE-2014-1950: Use-after-free vulnerability\n in the xc_cpupool_getinfo function in Xen 4.1.x through\n 4.3.x, when using a multithreaded toolstack, does not\n properly handle a failure by the xc_cpumap_alloc function,\n which allows local users with access to management\n functions to cause a denial of service (heap corruption)\n and possibly gain privileges via unspecified vectors.\n (bnc#861256)\n\n *\n\n XSA-87: CVE-2014-1666: The do_physdev_op function in\n Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\n properly restrict access to the (1) PHYSDEVOP_prepare_msix\n and (2) PHYSDEVOP_release_msix operations, which allows\n local PV guests to cause a denial of service (host or guest\n malfunction) or possibly gain privileges via unspecified\n vectors. (bnc#860302)\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n\n *\n\n XSA-74: CVE-2013-4553: The XEN_DOMCTL_getmemlist\n hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does\n not always obtain the page_alloc_lock and mm_rwlock in the\n same order, which allows local guest administrators to\n cause a denial of service (host deadlock). (bnc#849667)\n\n *\n\n XSA-60: CVE-2013-2212: The vmx_set_uc_mode function\n in Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O regions\n to cause a denial of service (CPU consumption and possibly\n hypervisor or guest kernel panic) via a crafted GFN range.\n (bnc#831120)\n\n Also the following non-security bugs have been fixed:\n\n * Boot Failure with xen kernel in UEFI mode with error\n "No memory for trampoline" (bnc#833483)\n * Fixed Xen hypervisor panic on 8-blades nPar with\n 46-bit memory addressing. (bnc#848014)\n * In HP's UEFI x86_64 platform and sles11sp3 with xen\n environment, dom0 will soft lockup on multiple blades nPar.\n (bnc#842417)\n * Soft lockup with PCI passthrough and many VCPUs\n (bnc#846849)\n", "edition": 1, "reporter": "Suse", "published": "2014-03-14T00:04:13", "title": "Security update for Xen (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1891", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-4553", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "modified": "2014-03-14T00:04:13", "id": "SUSE-SU-2014:0372-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:35:13", "references": ["https://bugzilla.novell.com/860302", "https://bugzilla.novell.com/860163", "https://bugzilla.novell.com/853049", "https://bugzilla.novell.com/833251", "https://bugzilla.novell.com/860300", "https://bugzilla.novell.com/853048", "http://download.suse.com/patch/finder/?keywords=5a8bffedb3efaf6c22dfa94d3dbd6a2a", "https://bugzilla.novell.com/861256", "https://bugzilla.novell.com/860165", "https://bugzilla.novell.com/860092", "https://bugzilla.novell.com/848014", "https://bugzilla.novell.com/831120", "https://bugzilla.novell.com/863297", "https://bugzilla.novell.com/858311"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-libs-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.15-0.7.1", "arch": "i586", "packageFilename": "xen-kmp-pae-4.2.4_02_3.0.101_0.15-0.7.1.i586.rpm", "packageName": "xen-kmp-pae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-libs-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.15-0.7.1", "arch": "x86_64", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1.x86_64.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-libs-32bit-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-doc-html-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-doc-pdf-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.15-0.7.1", "arch": "i586", "packageFilename": "xen-kmp-pae-4.2.4_02_3.0.101_0.15-0.7.1.i586.rpm", "packageName": "xen-kmp-pae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "i586", "packageFilename": "xen-tools-domU-4.2.4_02-0.7.1.i586.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-libs-32bit-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "i586", "packageFilename": "xen-tools-domU-4.2.4_02-0.7.1.i586.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-doc-html-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-tools-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-devel-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-tools-domU-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.15-0.7.1", "arch": "x86_64", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1.x86_64.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.15-0.7.1", "arch": "i586", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1.i586.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Software Development Kit", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "i586", "packageFilename": "xen-devel-4.2.4_02-0.7.1.i586.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-doc-pdf-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02_3.0.101_0.15-0.7.1", "arch": "i586", "packageFilename": "xen-kmp-default-4.2.4_02_3.0.101_0.15-0.7.1.i586.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-tools-domU-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-tools-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "i586", "packageFilename": "xen-libs-4.2.4_02-0.7.1.i586.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "i586", "packageFilename": "xen-libs-4.2.4_02-0.7.1.i586.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "11.3", "packageVersion": "4.2.4_02-0.7.1", "arch": "x86_64", "packageFilename": "xen-4.2.4_02-0.7.1.x86_64.rpm", "packageName": "xen", "operator": "lt"}], "description": "The SUSE Linux Enterprise Server 11 Service Pack 3 Xen\n hypervisor and toolset has been updated to 4.2.4 to fix\n various bugs and security issues:\n\n The following security issues have been addressed:\n\n *\n\n XSA-60: CVE-2013-2212: The vmx_set_uc_mode function\n in Xen 3.3 through 4.3, when disabling chaches, allows\n local HVM guests with access to memory mapped I/O regions\n to cause a denial of service (CPU consumption and possibly\n hypervisor or guest kernel panic) via a crafted GFN range.\n (bnc#831120)\n\n *\n\n XSA-80: CVE-2013-6400: Xen 4.2.x and 4.3.x, when\n using Intel VT-d and a PCI device has been assigned, does\n not clear the flag that suppresses IOMMU TLB flushes when\n unspecified errors occur, which causes the TLB entries to\n not be flushed and allows local guest administrators to\n cause a denial of service (host crash) or gain privileges\n via unspecified vectors. (bnc#853048)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n *\n\n XSA-83: CVE-2014-1642: The IRQ setup in Xen 4.2.x and\n 4.3.x, when using device passthrough and configured to\n support a large number of CPUs, frees certain memory that\n may still be intended for use, which allows local guest\n administrators to cause a denial of service (memory\n corruption and hypervisor crash) and possibly execute\n arbitrary code via vectors related to an out-of-memory\n error that triggers a (1) use-after-free or (2) double\n free. (bnc#860092)\n\n *\n\n XSA-84: CVE-2014-1891: The FLASK_{GET,SET}BOOL,\n FLASK_USER and FLASK_CONTEXT_TO_SID suboperations of the\n flask hypercall are vulnerable to an integer overflow on\n the input size. The hypercalls attempt to allocate a buffer\n which is 1 larger than this size and is therefore\n vulnerable to integer overflow and an attempt to allocate\n then access a zero byte buffer. (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1892 CVE-2014-1893: Xen 3.3 through\n 4.1, while not affected by the above overflow, have a\n different overflow issue on FLASK_{GET,SET}BOOL and expose\n unreasonably large memory allocation to aribitrary guests.\n (bnc#860163)\n\n *\n\n XSA-84: CVE-2014-1894: Xen 3.2 (and presumably\n earlier) exhibit both problems with the overflow issue\n being present for more than just the suboperations listed\n above. (bnc#860163)\n\n *\n\n XSA-85: CVE-2014-1895: The FLASK_AVC_CACHESTAT\n hypercall, which provides access to per-cpu statistics on\n the Flask security policy, incorrectly validates the CPU\n for which statistics are being requested. (bnc#860165)\n\n *\n\n XSA-86: CVE-2014-1896: libvchan (a library for\n inter-domain communication) does not correctly handle\n unusual or malicious contents in the xenstore ring. A\n malicious guest can exploit this to cause a libvchan-using\n facility to read or write past the end of the ring.\n (bnc#860300)\n\n *\n\n XSA-87: CVE-2014-1666: The do_physdev_op function in\n Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not\n properly restrict access to the (1) PHYSDEVOP_prepare_msix\n and (2) PHYSDEVOP_release_msix operations, which allows\n local PV guests to cause a denial of service (host or guest\n malfunction) or possibly gain privileges via unspecified\n vectors. (bnc#860302)\n\n *\n\n XSA-88: CVE-2014-1950: Use-after-free vulnerability\n in the xc_cpupool_getinfo function in Xen 4.1.x through\n 4.3.x, when using a multithreaded toolstack, does not\n properly handle a failure by the xc_cpumap_alloc function,\n which allows local users with access to management\n functions to cause a denial of service (heap corruption)\n and possibly gain privileges via unspecified vectors.\n (bnc#861256)\n\n Also the following non-security bugs have been fixed:\n\n * Fixed boot problems with Xen kernel. "(XEN) setup\n 0000:00:18.0 for d0 failed (-19)" (bnc#858311)\n * Fixed Xen hypervisor panic on 8-blades nPar with\n 46-bit memory addressing. (bnc#848014)\n * Fixed Xen hypervisor panic in HP's UEFI x86_64\n platform and with xen environment, in booting stage.\n (bnc#833251)\n * xend/pvscsi: recognize also SCSI CDROM devices\n (bnc#863297)\n * pygrub: Support (/dev/xvda) style disk specifications\n", "edition": 1, "reporter": "Suse", "published": "2014-03-14T00:06:40", "title": "Security update for Xen (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1891", "CVE-2014-1642", "CVE-2014-1895", "CVE-2014-1894", "CVE-2014-1892", "CVE-2013-6400", "CVE-2014-1896", "CVE-2014-1893", "CVE-2013-6885", "CVE-2014-1666", "CVE-2014-1950", "CVE-2013-2212"], "modified": "2014-03-14T00:06:40", "id": "SUSE-SU-2014:0373-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:38", "references": ["https://bugzilla.novell.com/813677", "https://bugzilla.novell.com/853049", "https://bugzilla.novell.com/848657", "https://bugzilla.novell.com/840592", "https://bugzilla.novell.com/813673", "https://bugzilla.novell.com/787163", "https://bugzilla.novell.com/842511", "https://bugzilla.novell.com/823011", "https://bugzilla.novell.com/849668", "http://download.suse.com/patch/finder/?keywords=5877b583cb5aa03d08203d887cc47ee3"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-devel-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-vmipae-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.i586.rpm", "packageName": "xen-kmp-vmipae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-vmi-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.i586.rpm", "packageName": "xen-kmp-vmi", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-doc-ps-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-doc-ps", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-libs-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen-libs", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-libs-32bit-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-libs-32bit", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-libs-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-libs", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.x86_64.rpm", "packageName": "xen-kmp-smp", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.i586.rpm", "packageName": "xen-kmp-debug", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-kdumppae-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.i586.rpm", "packageName": "xen-kmp-kdumppae", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.x86_64.rpm", "packageName": "xen-kmp-kdump", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-devel-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-doc-html-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-doc-html", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-tools-ioemu-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen-tools-ioemu", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-smp-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.i586.rpm", "packageName": "xen-kmp-smp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-tools-domU-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen-tools-domU", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-doc-pdf-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-doc-pdf", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-tools-domU-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-tools-domU", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-doc-ps-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen-doc-ps", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.x86_64.rpm", "packageName": "xen-kmp-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-debug-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.x86_64.rpm", "packageName": "xen-kmp-debug", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-kdump-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.i586.rpm", "packageName": "xen-kmp-kdump", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-default-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.i586.rpm", "packageName": "xen-kmp-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-tools-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen-tools", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-doc-pdf-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen-doc-pdf", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1", "packageFilename": "xen-kmp-bigsmp-3.2.3_17040_46_2.6.16.60_0.103.13-0.7.1.i586.rpm", "packageName": "xen-kmp-bigsmp", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-tools-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-tools", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-doc-html-3.2.3_17040_46-0.7.1.i586.rpm", "packageName": "xen-doc-html", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.4", "packageVersion": "3.2.3_17040_46-0.7.1", "packageFilename": "xen-tools-ioemu-3.2.3_17040_46-0.7.1.x86_64.rpm", "packageName": "xen-tools-ioemu", "arch": "x86_64", "operator": "lt"}], "description": "The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS Xen\n hypervisor and toolset have been updated to fix various\n security issues.\n\n The following security issues have been addressed:\n\n * XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n * XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n * XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and\n 4.3.x does not take the page_alloc_lock and\n grant_table.lock in the same order, which allows local\n guest administrators with access to multiple vcpus to cause\n a denial of service (host deadlock) via unspecified\n vectors. (bnc#848657)\n * XSA-67: CVE-2013-4368: The outs instruction emulation\n in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or\n GS: segment override, uses an uninitialized variable as a\n segment base, which allows local 64-bit PV guests to obtain\n sensitive information (hypervisor stack content) via\n unspecified vectors related to stale data in a segment\n register. (bnc#842511)\n * XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not\n properly handle certain errors, which allows local HVM\n guests to obtain hypervisor stack memory via a (1) port or\n (2) memory mapped I/O write or (3) other unspecified\n operations related to addresses without associated memory.\n (bnc#840592)\n * XSA-55: CVE-2013-2196: Multiple unspecified\n vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and\n earlier allow local guest administrators with certain\n permissions to have an unspecified impact via a crafted\n kernel, related to "other problems" that are not\n CVE-2013-2194 or CVE-2013-2195. (bnc#823011)\n * XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen\n 4.2.x and earlier allow local guest administrators with\n certain permissions to have an unspecified impact via a\n crafted kernel, related to "pointer dereferences" involving\n unexpected calculations. (bnc#823011)\n * XSA-55: CVE-2013-2194: Multiple integer overflows in\n the Elf parser (libelf) in Xen 4.2.x and earlier allow\n local guest administrators with certain permissions to have\n an unspecified impact via a crafted kernel. (bnc#823011)\n * XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,\n when the hypervisor is running "under memory pressure" and\n the Xen Security Module (XSM) is enabled, uses the wrong\n ordering of operations when extending the per-domain event\n channel tracking table, which causes a use-after-free and\n allows local guest kernels to inject arbitrary events and\n gain privileges via unspecified vectors. (bnc#813677)\n * XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when\n running 64-bit hosts on Intel CPUs, does not clear the NT\n flag when using an IRET after a SYSENTER instruction, which\n allows PV guest users to cause a denial of service\n (hypervisor crash) by triggering a #GP fault, which is not\n properly handled by another IRET instruction. (bnc#813673)\n * XSA-25: CVE-2012-4544: The PV domain builder in Xen\n 4.2 and earlier does not validate the size of the kernel or\n ramdisk (1) before or (2) after decompression, which allows\n local guest administrators to cause a denial of service\n (domain 0 memory consumption) via a crafted (a) kernel or\n (b) ramdisk. (bnc#787163)\n", "edition": 1, "reporter": "Suse", "published": "2014-03-20T13:04:14", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "title": "Security update for Xen (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1920", "CVE-2013-2196", "CVE-2013-4368", "CVE-2013-1917", "CVE-2013-4554", "CVE-2013-2194", "CVE-2012-4544", "CVE-2013-6885", "CVE-2013-2195", "CVE-2013-4494", "CVE-2013-4355"], "modified": "2014-03-20T13:04:14", "id": "SUSE-SU-2014:0411-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:49", "references": ["https://bugzilla.novell.com/630970", "https://bugzilla.novell.com/852967", "https://bugzilla.novell.com/854634", "https://bugzilla.novell.com/875690", "https://bugzilla.novell.com/866102", "https://bugzilla.novell.com/868488", "https://bugzilla.novell.com/875798", "https://bugzilla.novell.com/852553", "https://bugzilla.novell.com/876102", "https://bugzilla.novell.com/857643", "http://download.suse.com/patch/finder/?keywords=1f7d34dea2e5092125c31d9d0a405f5a", "https://bugzilla.novell.com/878289", "https://bugzilla.novell.com/663516", "http://download.suse.com/patch/finder/?keywords=d036686eebebfe198fe470f1df9f08cb", "https://bugzilla.novell.com/868049", "https://bugzilla.novell.com/869563", "https://bugzilla.novell.com/865310", "http://download.suse.com/patch/finder/?keywords=9ef95d829298aaa37050f0a54e442fe4", "https://bugzilla.novell.com/873070", "http://download.suse.com/patch/finder/?keywords=c146be129d24b739d74708b50d2cc532", "https://bugzilla.novell.com/661605", "https://bugzilla.novell.com/863335", "https://bugzilla.novell.com/761774", "https://bugzilla.novell.com/874108", "https://bugzilla.novell.com/792407", "https://bugzilla.novell.com/868653", "https://bugzilla.novell.com/880892", "https://bugzilla.novell.com/854743", "http://download.suse.com/patch/finder/?keywords=518a51bcce5e0cc4e53c7e7bccd832c3", "http://download.suse.com/patch/finder/?keywords=fdf0b5f57e08d67cb242abf486c62992", "https://bugzilla.novell.com/856756", "https://bugzilla.novell.com/871561"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-ec2-devel-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-ec2-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.3.163", "arch": "s390x", "packageFilename": "btrfs-kmp-default-0_2.6.32.59_0.13-0.3.163.s390x.rpm", "packageName": "btrfs-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-xen-devel-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "i586", "packageFilename": "ext4dev-kmp-trace-0_2.6.32.59_0.13-7.9.130.i586.rpm", "packageName": "ext4dev-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-xen-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "x86_64", "packageFilename": "ext4dev-kmp-trace-0_2.6.32.59_0.13-7.9.130.x86_64.rpm", "packageName": "ext4dev-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-ec2-devel-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-ec2-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-ec2-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-ec2", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-default-man-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-default-man", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-trace-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-ec2-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-ec2", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-default-base-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-default-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-syms-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-syms", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-source-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-source", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-ec2-base-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-ec2-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-pae-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-pae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "s390x", "packageFilename": "ext4dev-kmp-trace-0_2.6.32.59_0.13-7.9.130.s390x.rpm", "packageName": "ext4dev-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.18.39", "arch": "x86_64", "packageFilename": "hyper-v-kmp-trace-0_2.6.32.59_0.13-0.18.39.x86_64.rpm", "packageName": "hyper-v-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-xen-base-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-xen-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-xen-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "i586", "packageFilename": "ext4dev-kmp-default-0_2.6.32.59_0.13-7.9.130.i586.rpm", "packageName": "ext4dev-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.18.39", "arch": "i586", "packageFilename": "hyper-v-kmp-pae-0_2.6.32.59_0.13-0.18.39.i586.rpm", "packageName": "hyper-v-kmp-pae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.3.163", "arch": "x86_64", "packageFilename": "btrfs-kmp-xen-0_2.6.32.59_0.13-0.3.163.x86_64.rpm", "packageName": "btrfs-kmp-xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-trace-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "s390x", "packageFilename": "ext4dev-kmp-default-0_2.6.32.59_0.13-7.9.130.s390x.rpm", "packageName": "ext4dev-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.3.163", "arch": "i586", "packageFilename": "btrfs-kmp-default-0_2.6.32.59_0.13-0.3.163.i586.rpm", "packageName": "btrfs-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-default-base-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-default-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.18.39", "arch": "x86_64", "packageFilename": "hyper-v-kmp-default-0_2.6.32.59_0.13-0.18.39.x86_64.rpm", "packageName": "hyper-v-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-trace-devel-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-trace-devel", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-xen-extra-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-xen-extra", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "i586", "packageFilename": "ext4dev-kmp-pae-0_2.6.32.59_0.13-7.9.130.i586.rpm", "packageName": "ext4dev-kmp-pae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-trace-base-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-trace-base", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-pae-extra-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-pae-extra", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-source-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-source", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-default-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-default", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-xen-extra-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-xen-extra", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "x86_64", "packageFilename": "ext4dev-kmp-xen-0_2.6.32.59_0.13-7.9.130.x86_64.rpm", "packageName": "ext4dev-kmp-xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-default-devel-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-default-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-syms-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-syms", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-trace-base-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-trace-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-trace-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.3.163", "arch": "i586", "packageFilename": "btrfs-kmp-xen-0_2.6.32.59_0.13-0.3.163.i586.rpm", "packageName": "btrfs-kmp-xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-pae-base-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-pae-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-default-base-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-default-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-pae-devel-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-pae-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-trace-base-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-trace-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.18.39", "arch": "i586", "packageFilename": "hyper-v-kmp-default-0_2.6.32.59_0.13-0.18.39.i586.rpm", "packageName": "hyper-v-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-default-devel-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-default-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-trace-devel-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-trace-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-xen-devel-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-ec2-base-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-ec2-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.3.163", "arch": "i586", "packageFilename": "btrfs-kmp-pae-0_2.6.32.59_0.13-0.3.163.i586.rpm", "packageName": "btrfs-kmp-pae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-source-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-source", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-default-extra-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-default-extra", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-default-devel-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-default-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-default-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-default", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-default-extra-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-default-extra", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.18.39", "arch": "i586", "packageFilename": "hyper-v-kmp-trace-0_2.6.32.59_0.13-0.18.39.i586.rpm", "packageName": "hyper-v-kmp-trace", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "i586", "packageFilename": "ext4dev-kmp-xen-0_2.6.32.59_0.13-7.9.130.i586.rpm", "packageName": "ext4dev-kmp-xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-7.9.130", "arch": "x86_64", "packageFilename": "ext4dev-kmp-default-0_2.6.32.59_0.13-7.9.130.x86_64.rpm", "packageName": "ext4dev-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-xen-base-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-xen-base", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "x86_64", "packageFilename": "kernel-default-2.6.32.59-0.13.1.x86_64.rpm", "packageName": "kernel-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "i586", "packageFilename": "kernel-trace-devel-2.6.32.59-0.13.1.i586.rpm", "packageName": "kernel-trace-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-syms-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-syms", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.1", "packageVersion": "0_2.6.32.59_0.13-0.3.163", "arch": "x86_64", "packageFilename": "btrfs-kmp-default-0_2.6.32.59_0.13-0.3.163.x86_64.rpm", "packageName": "btrfs-kmp-default", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "2.6.32.59-0.13.1", "arch": "s390x", "packageFilename": "kernel-default-extra-2.6.32.59-0.13.1.s390x.rpm", "packageName": "kernel-default-extra", "operator": "lt"}], "description": "The SUSE Linux Enterprise Server 11 SP1 LTSS kernel received a roll-up\n update to fix security and non-security issues.\n\n The following security issues have been fixed:\n\n *\n\n CVE-2014-3153: The futex acquisition code in kernel/futex.c can be\n used to gain ring0 access via the futex syscall. This could be used for\n privilege escalation for non root users. (bnc#880892)\n\n *\n\n CVE-2012-6647: The futex_wait_requeue_pi function in kernel/futex.c\n in the Linux kernel before 3.5.1 does not ensure that calls have two\n different futex addresses, which allows local users to cause a denial\n of service (NULL pointer dereference and system crash) or possibly\n have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command.\n (bnc#878289)\n\n *\n\n CVE-2013-6382: Multiple buffer underflows in the XFS implementation\n in the Linux kernel through 3.12.1 allow local users to cause a denial of\n service (memory corruption) or possibly have unspecified\n other impact by leveraging the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call\n with a crafted length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle\n function in fs/xfs/xfs_ioctl32.c. (bnc#852553)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors\n does not properly handle the interaction between locked instructions and\n write-combined memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the errata 793 issue.\n (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in\n the Linux kernel before 3.12.8 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#869563)\n\n *\n\n CVE-2014-0101: The sctp_sf_do_5_1D_ce function in\n net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not\n validate certain auth_enable and auth_capable fields before making an\n sctp_sf_authenticate call, which allows remote attackers to cause a denial\n of service (NULL pointer dereference and system crash) via an SCTP\n handshake with a modified INIT chunk and a crafted AUTH chunk before a\n COOKIE_ECHO chunk. (bnc#866102)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the "LECHO & !OPOST" case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1874: The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows\n local users to cause a denial of service (system crash) by leveraging the\n CAP_MAC_ADMIN capability to set a zero-length security context.\n (bnc#863335)\n\n *\n\n CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows\n remote attackers to cause a denial of service (system crash)\n or possibly execute arbitrary code via a DCCP packet that triggers a\n call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.\n (bnc#868653)\n\n *\n\n CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in\n the Linux kernel through 3.14 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#871561)\n\n *\n\n CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the\n Linux kernel before 3.14.3 does not properly consider which pages must be\n locked, which allows local users to cause a denial of service (system\n crash) by triggering a memory-usage pattern that requires removal of\n page-table mappings. (bnc#876102)\n\n *\n\n CVE-2013-7027: The ieee80211_radiotap_iterator_init function in\n net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check\n whether a frame contains any data outside of the header, which might allow\n attackers to cause a denial of service (buffer over-read) via a crafted\n header. (bnc#854634)\n\n The following non-security issues have been fixed:\n\n * sched: protect scale_rt_power() from clock aberations (bnc#630970,\n bnc#661605, bnc#865310).\n * sched: fix divide by zero at {thread_group,task}_times (bnc#761774,\n bnc#873070).\n * clocksource: avoid unnecessary overflow in cyclecounter_cyc2ns()\n (bnc#865310).\n * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)\n (bnc#874108).\n * block: Wait for queue cleanup until the queue is empty before queue\n cleanup (bnc#792407).\n * fs: do_add_mount()/umount -l races (bnc#663516).\n * vfs,proc: guarantee unique inodes in /proc (bnc#868049).\n * nfs: Allow nfsdv4 to work when fips=1 (bnc#868488).\n * inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state\n (bnc#854743).\n * bonding: send unsolicited NA for all addresses (bnc#856756).\n * bonding: send unsolicited neighbour advertisements to all-nodes\n (bnc#856756).\n\n Security Issues references:\n\n * CVE-2012-6647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6647</a>>\n * CVE-2013-6382\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6382</a>>\n * CVE-2013-6885\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>>\n * CVE-2013-7027\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7027</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2013-7264\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7264</a>>\n * CVE-2013-7265\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7265</a>>\n * CVE-2013-7339\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7339</a>>\n * CVE-2014-0101\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101</a>>\n * CVE-2014-0196\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196</a>>\n * CVE-2014-1737\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737</a>>\n * CVE-2014-1738\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738</a>>\n * CVE-2014-1874\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874</a>>\n * CVE-2014-2523\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523</a>>\n * CVE-2014-2678\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2678</a>>\n * CVE-2014-3122\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122</a>>\n * CVE-2014-3153\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153</a>>\n", "edition": 1, "reporter": "Suse", "published": "2014-06-18T01:04:38", "title": "Security update for Linux Kernel (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3122", "CVE-2013-7027", "CVE-2012-6647", "CVE-2013-7265", "CVE-2014-1737", "CVE-2014-1874", "CVE-2014-1738", "CVE-2013-7264", "CVE-2013-7339", "CVE-2014-0196", "CVE-2014-2678", "CVE-2013-6382", "CVE-2014-3153", "CVE-2013-7263", "CVE-2013-6885", "CVE-2014-2523", "CVE-2014-0101"], "modified": "2014-06-18T01:04:38", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00022.html", "id": "SUSE-SU-2014:0807-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:01:48", "references": ["https://bugzilla.novell.com/813677", "https://bugzilla.novell.com/789951", "http://download.suse.com/patch/finder/?keywords=6f43bf900a8ce3d35255c35946732753", "https://bugzilla.novell.com/853049", "https://bugzilla.novell.com/848657", "https://bugzilla.novell.com/786516", "https://bugzilla.novell.com/840592", "https://bugzilla.novell.com/813673", "https://bugzilla.novell.com/787163", "https://bugzilla.novell.com/789950", "https://bugzilla.novell.com/842511", "https://bugzilla.novell.com/786517", "https://bugzilla.novell.com/823011", "https://bugzilla.novell.com/849668"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-tools-domU-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "i586", "packageFilename": "xen-kmp-kdumppae-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.i586.rpm", "packageName": "xen-kmp-kdumppae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "i586", "packageFilename": "xen-kmp-default-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.i586.rpm", "packageName": "xen-kmp-default", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "i586", "packageFilename": "xen-kmp-vmipae-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.i586.rpm", "packageName": "xen-kmp-vmipae", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-devel-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-tools-ioemu-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen-tools-ioemu", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-devel-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen-devel", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "i586", "packageFilename": "xen-kmp-kdump-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.i586.rpm", "packageName": "xen-kmp-kdump", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-doc-ps-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen-doc-ps", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "i586", "packageFilename": "xen-kmp-smp-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.i586.rpm", "packageName": "xen-kmp-smp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "i586", "packageFilename": "xen-kmp-vmi-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.i586.rpm", "packageName": "xen-kmp-vmi", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-doc-pdf-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-doc-ps-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-doc-ps", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-doc-html-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-libs-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-tools-ioemu-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-tools-ioemu", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-tools-domU-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-tools-domU", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-libs-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-libs", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-doc-html-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-doc-html", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-kmp-kdump-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.x86_64.rpm", "packageName": "xen-kmp-kdump", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-tools-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-kmp-smp-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.x86_64.rpm", "packageName": "xen-kmp-smp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-libs-32bit-3.2.3_17040_28-0.6.21.3.x86_64.rpm", "packageName": "xen-libs-32bit", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-kmp-debug-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.x86_64.rpm", "packageName": "xen-kmp-debug", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-doc-pdf-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen-doc-pdf", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28-0.6.21.3", "arch": "i586", "packageFilename": "xen-tools-3.2.3_17040_28-0.6.21.3.i586.rpm", "packageName": "xen-tools", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "i586", "packageFilename": "xen-kmp-debug-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.i586.rpm", "packageName": "xen-kmp-debug", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "i586", "packageFilename": "xen-kmp-bigsmp-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.i586.rpm", "packageName": "xen-kmp-bigsmp", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "10.3", "packageVersion": "3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3", "arch": "x86_64", "packageFilename": "xen-kmp-default-3.2.3_17040_28_2.6.16.60_0.113.9-0.6.21.3.x86_64.rpm", "packageName": "xen-kmp-default", "operator": "lt"}], "description": "The SUSE Linux Enterprise 10 Service Pack 3 LTSS Xen\n hypervisor and toolset have been updated to fix various\n security issues:\n\n The following security issues have been addressed:\n\n *\n\n XSA-20: CVE-2012-4535: Xen 3.4 through 4.2, and\n possibly earlier versions, allows local guest OS\n administrators to cause a denial of service (Xen infinite\n loop and physical CPU consumption) by setting a VCPU with\n an "inappropriate deadline". (bnc#786516)\n\n *\n\n XSA-22: CVE-2012-4537: Xen 3.4 through 4.2, and\n possibly earlier versions, does not properly synchronize\n the p2m and m2p tables when the set_p2m_entry function\n fails, which allows local HVM guest OS administrators to\n cause a denial of service (memory consumption and assertion\n failure), aka "Memory mapping failure DoS vulnerability".\n (bnc#786517)\n\n *\n\n XSA-25: CVE-2012-4544: The PV domain builder in Xen\n 4.2 and earlier does not validate the size of the kernel or\n ramdisk (1) before or (2) after decompression, which allows\n local guest administrators to cause a denial of service\n (domain 0 memory consumption) via a crafted (a) kernel or\n (b) ramdisk. (bnc#787163)\n\n *\n\n XSA-29: CVE-2012-5513: The XENMEM_exchange handler in\n Xen 4.2 and earlier does not properly check the memory\n address, which allows local PV guest OS administrators to\n cause a denial of service (crash) or possibly gain\n privileges via unspecified vectors that overwrite memory in\n the hypervisor reserved range. (bnc#789951)\n\n *\n\n XSA-31: CVE-2012-5515: The (1)\n XENMEM_decrease_reservation, (2) XENMEM_populate_physmap,\n and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier\n allow local guest administrators to cause a denial of\n service (long loop and hang) via a crafted extent_order\n value. (bnc#789950)\n\n *\n\n XSA-44: CVE-2013-1917: Xen 3.1 through 4.x, when\n running 64-bit hosts on Intel CPUs, does not clear the NT\n flag when using an IRET after a SYSENTER instruction, which\n allows PV guest users to cause a denial of service\n (hypervisor crash) by triggering a #GP fault, which is not\n properly handled by another IRET instruction. (bnc#813673)\n\n *\n\n XSA-47: CVE-2013-1920: Xen 4.2.x, 4.1.x, and earlier,\n when the hypervisor is running "under memory pressure" and\n the Xen Security Module (XSM) is enabled, uses the wrong\n ordering of operations when extending the per-domain event\n channel tracking table, which causes a use-after-free and\n allows local guest kernels to inject arbitrary events and\n gain privileges via unspecified vectors. (bnc#813677)\n\n *\n\n XSA-55: CVE-2013-2196: Multiple unspecified\n vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and\n earlier allow local guest administrators with certain\n permissions to have an unspecified impact via a crafted\n kernel, related to "other problems" that are not\n CVE-2013-2194 or CVE-2013-2195. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2195: The Elf parser (libelf) in Xen\n 4.2.x and earlier allow local guest administrators with\n certain permissions to have an unspecified impact via a\n crafted kernel, related to "pointer dereferences" involving\n unexpected calculations. (bnc#823011)\n\n *\n\n XSA-55: CVE-2013-2194: Multiple integer overflows in\n the Elf parser (libelf) in Xen 4.2.x and earlier allow\n local guest administrators with certain permissions to have\n an unspecified impact via a crafted kernel. (bnc#823011)\n\n *\n\n XSA-63: CVE-2013-4355: Xen 4.3.x and earlier does not\n properly handle certain errors, which allows local HVM\n guests to obtain hypervisor stack memory via a (1) port or\n (2) memory mapped I/O write or (3) other unspecified\n operations related to addresses without associated memory.\n (bnc#840592)\n\n *\n\n XSA-67: CVE-2013-4368: The outs instruction emulation\n in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or\n GS: segment override, uses an uninitialized variable as a\n segment base, which allows local 64-bit PV guests to obtain\n sensitive information (hypervisor stack content) via\n unspecified vectors related to stale data in a segment\n register. (bnc#842511)\n\n *\n\n XSA-73: CVE-2013-4494: Xen before 4.1.x, 4.2.x, and\n 4.3.x does not take the page_alloc_lock and\n grant_table.lock in the same order, which allows local\n guest administrators with access to multiple vcpus to cause\n a denial of service (host deadlock) via unspecified\n vectors. (bnc#848657)\n\n *\n\n XSA-76: CVE-2013-4554: Xen 3.0.3 through 4.1.x\n (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x\n (possibly 4.3.1) does not properly prevent access to\n hypercalls, which allows local guest users to gain\n privileges via a crafted application running in ring 1 or\n 2. (bnc#849668)\n\n *\n\n XSA-82: CVE-2013-6885: The microcode on AMD 16h 00h\n through 0Fh processors does not properly handle the\n interaction between locked instructions and write-combined\n memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the\n errata 793 issue. (bnc#853049)\n\n Security Issues references:\n\n * CVE-2012-4535\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4535</a>\n >\n * CVE-2012-4537\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4537</a>\n >\n * CVE-2012-4544\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4544</a>\n >\n * CVE-2012-5513\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5513</a>\n >\n * CVE-2012-5515\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5515</a>\n >\n * CVE-2013-1917\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1917</a>\n >\n * CVE-2013-1920\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1920</a>\n >\n * CVE-2013-2194\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2194</a>\n >\n * CVE-2013-2195\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2195</a>\n >\n * CVE-2013-2196\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2196</a>\n >\n * CVE-2013-4355\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4355</a>\n >\n * CVE-2013-4368\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4368</a>\n >\n * CVE-2013-4494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4494</a>\n >\n * CVE-2013-4554\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4554</a>\n >\n * CVE-2013-6885\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885</a>\n >\n", "edition": 1, "reporter": "Suse", "published": "2014-04-01T20:04:15", "title": "Security update for Xen (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1920", "CVE-2013-2196", "CVE-2012-5515", "CVE-2013-4368", "CVE-2012-4535", "CVE-2013-1917", "CVE-2013-4554", "CVE-2012-5513", "CVE-2012-4537", "CVE-2013-2194", "CVE-2012-4544", "CVE-2013-6885", "CVE-2013-2195", "CVE-2013-4494", "CVE-2013-4355"], "modified": "2014-04-01T20:04:15", "id": "SUSE-SU-2014:0470-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:50", "references": ["https://bugzilla.novell.com/814788", "https://bugzilla.novell.com/708296", "https://bugzilla.novell.com/852967", "https://bugzilla.novell.com/852488", "https://bugzilla.novell.com/873061", "https://bugzilla.novell.com/875690", "https://bugzilla.novell.com/866102", "http://download.suse.com/patch/finder/?keywords=da132fe457db88249d2db18bc5c22de5", "https://bugzilla.novell.com/858534", "https://bugzilla.novell.com/871861", "https://bugzilla.novell.com/875798", "https://bugzilla.novell.com/852553", "https://bugzilla.novell.com/865783", "https://bugzilla.novell.com/819351", "https://bugzilla.novell.com/736697", "https://bugzilla.novell.com/865330", "http://download.suse.com/patch/finder/?keywords=be4d02e114cf7bfcc6687ae18820db1d", "https://bugzilla.novell.com/876102", "https://bugzilla.novell.com/857643", "http://download.suse.com/patch/finder/?keywords=d8a4989ab7c16d4dac2badacf2d0efa8", "https://bugzilla.novell.com/831029", "https://bugzilla.novell.com/871325", "http://download.suse.com/patch/finder/?keywords=ffc3bcce4bbb0dc6b7c0acc2c40fba06", "https://bugzilla.novell.com/836347", "https://bugzilla.novell.com/849364", "https://bugzilla.novell.com/864025", "http://download.suse.com/patch/finder/?keywords=8e83fb23e69fc57ddd82e1ab0aa469b8", "https://bugzilla.novell.com/746500", "https://bugzilla.novell.com/856083", "https://bugzilla.novell.com/865342", "https://bugzilla.novell.com/869563", "https://bugzilla.novell.com/864833", "https://bugzilla.novell.com/865310", "https://bugzilla.novell.com/862429", "https://bugzilla.novell.com/867953", "https://bugzilla.novell.com/865307", "https://bugzilla.novell.com/847672", "https://bugzilla.novell.com/863300", "https://bugzilla.novell.com/858280", "https://bugzilla.novell.com/853455", "https://bugzilla.novell.com/844513", "https://bugzilla.novell.com/855885", "https://bugzilla.novell.com/854025", "https://bugzilla.novell.com/868528", "https://bugzilla.novell.com/863335", "https://bugzilla.novell.com/869033", "https://bugzilla.novell.com/874108", "https://bugzilla.novell.com/868653", "https://bugzilla.novell.com/843185", "https://bugzilla.novell.com/858604", "https://bugzilla.novell.com/857499", "https://bugzilla.novell.com/858870", "https://bugzilla.novell.com/851426", "https://bugzilla.novell.com/858872", "https://bugzilla.novell.com/855347", "https://bugzilla.novell.com/858869", "https://bugzilla.novell.com/870801", "http://download.suse.com/patch/finder/?keywords=787d82dbb16377714bc927d02557c4ee", "https://bugzilla.novell.com/871561"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-pae-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-pae", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-extra-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-default-extra", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-pae-devel-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-pae-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-trace", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-base-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-trace-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-extra-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-default-extra", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-xen-extra-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-xen-extra", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-ec2-base-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-ec2-base", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-extra-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-default-extra", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-syms-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-syms", "arch": "i586", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-pae-extra-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-pae-extra", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-xen-devel-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-xen-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-source-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-source", "arch": "x86_64", "operator": "lt"}, {"OS": "SLE SERVER Unsupported Extras", "OSVersion": "11", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-xen-extra-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-xen-extra", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-pae-base-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-pae-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-default", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-ec2-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-ec2", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-ec2-devel-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-ec2-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-trace", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-base-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-default-base", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-man-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-default-man", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-source-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-source", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-devel-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-trace-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-source-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-source", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-ec2-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-ec2", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-base-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-default-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-default", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-devel-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-default-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-devel-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-trace-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-syms-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-syms", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-devel-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-default-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-base-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-default-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-ec2-devel-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-ec2-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-devel-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-trace-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-xen-base-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-xen-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-default", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-ec2-base-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-ec2-base", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-xen-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-xen", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-xen-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-xen", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-base-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-trace-base", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-xen-devel-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-xen-devel", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-default-devel-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-default-devel", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-syms-3.0.101-0.7.19.1.x86_64.rpm", "packageName": "kernel-syms", "arch": "x86_64", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-base-3.0.101-0.7.19.1.s390x.rpm", "packageName": "kernel-trace-base", "arch": "s390x", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-trace-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-trace", "arch": "i586", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server LTSS", "OSVersion": "11.2", "packageVersion": "3.0.101-0.7.19.1", "packageFilename": "kernel-xen-base-3.0.101-0.7.19.1.i586.rpm", "packageName": "kernel-xen-base", "arch": "i586", "operator": "lt"}], "edition": 1, "description": "The SUSE Linux Enterprise Server 11 SP2 LTSS kernel received a roll-up\n update to fix security and non-security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation\n Offload (UFO) is enabled, does not properly initialize certain data\n structures, which allows local users to cause a denial of service (memory\n corruption and system crash) or possibly gain privileges via a crafted\n application that uses the UDP_CORK option in a setsockopt system call and\n sends both short and long packets, related to the ip_ufo_append_data\n function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in\n net/ipv6/ip6_output.c. (bnc#847672)\n\n *\n\n CVE-2013-4579: The ath9k_htc_set_bssid_mask function in\n drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through\n 3.12 uses a BSSID masking approach to determine the set of MAC addresses\n on which a Wi-Fi device is listening, which allows remote attackers to\n discover the original MAC address after spoofing by sending a series of\n packets to MAC addresses with certain bit manipulations. (bnc#851426)\n\n *\n\n CVE-2013-6382: Multiple buffer underflows in the XFS implementation\n in the Linux kernel through 3.12.1 allow local users to cause a denial of\n service (memory corruption) or possibly have unspecified\n other impact by leveraging the CAP_SYS_ADMIN capability for a (1)\n XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call\n with a crafted length value, related to the xfs_attrlist_by_handle\n function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle\n function in fs/xfs/xfs_ioctl32.c. (bnc#852553)\n\n *\n\n CVE-2013-6885: The microcode on AMD 16h 00h through 0Fh processors\n does not properly handle the interaction between locked instructions and\n write-combined memory types, which allows local users to cause a denial of\n service (system hang) via a crafted application, aka the errata 793 issue.\n (bnc#852967)\n\n *\n\n CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allows local users to obtain sensitive information from\n kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)\n\n *\n\n CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in\n the Linux kernel before 3.12.4 updates a certain length value before\n ensuring that an associated data structure has been initialized, which\n allows local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#857643)\n\n *\n\n CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in\n the Linux kernel before 3.12.8 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#869563)\n\n *\n\n CVE-2014-0069: The cifs_iovec_write function in fs/cifs/file.c in\n the Linux kernel through 3.13.5 does not properly handle uncached write\n operations that copy fewer than the requested number of bytes, which\n allows local users to obtain sensitive information from kernel memory,\n cause a denial of service (memory corruption and system crash), or\n possibly gain privileges via a writev system call with a crafted pointer.\n (bnc#864025)\n\n *\n\n CVE-2014-0101: The sctp_sf_do_5_1D_ce function in\n net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not\n validate certain auth_enable and auth_capable fields before making an\n sctp_sf_authenticate call, which allows remote attackers to cause a denial\n of service (NULL pointer dereference and system crash) via an SCTP\n handshake with a modified INIT chunk and a crafted AUTH chunk before a\n COOKIE_ECHO chunk. (bnc#866102)\n\n *\n\n CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in\n the Linux kernel through 3.14.3 does not properly manage tty driver access\n in the "LECHO & !OPOST" case, which allows local users to cause a denial\n of service (memory corruption and system crash) or gain privileges by\n triggering a race condition involving read and write operations with long\n strings. (bnc#875690)\n\n *\n\n CVE-2014-1444: The fst_get_iface function in\n drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not\n properly initialize a certain data structure, which allows local users to\n obtain sensitive information from kernel memory by leveraging the\n CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869)\n\n *\n\n CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c\n in the Linux kernel before 3.11.7 does not properly initialize a certain\n data structure, which allows local users to obtain sensitive information\n from kernel memory via an ioctl call. (bnc#858870)\n\n *\n\n CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c\n in the Linux kernel before 3.12.8 does not initialize a certain structure\n member, which allows local users to obtain sensitive information from\n kernel memory by leveraging the CAP_NET_ADMIN capability for an\n SIOCYAMGCFG ioctl call. (bnc#858872)\n\n *\n\n CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c\n in the Linux kernel through 3.14.3 does not properly handle error\n conditions during processing of an FDRAWCMD ioctl call, which allows local\n users to trigger kfree operations and gain privileges by leveraging write\n access to a /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1738: The raw_cmd_copyout function in\n drivers/block/floppy.c in the Linux kernel through 3.14.3 does not\n properly restrict access to certain pointers during processing of an\n FDRAWCMD ioctl call, which allows local users to obtain sensitive\n information from kernel heap memory by leveraging write access to a\n /dev/fd device. (bnc#875798)\n\n *\n\n CVE-2014-1874: The security_context_to_sid_core function in\n security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows\n local users to cause a denial of service (system crash) by leveraging the\n CAP_MAC_ADMIN capability to set a zero-length security context.\n (bnc#863335)\n\n *\n\n CVE-2014-2039: arch/s390/kernel/head64.S in the Linux kernel before\n 3.13.5 on the s390 platform does not properly handle attempted use of the\n linkage stack, which allows local users to cause a denial of service\n (system crash) by executing a crafted instruction. (bnc#865307)\n\n *\n\n CVE-2014-2523: net/netfilter/nf_conntrack_proto_dccp.c in the Linux\n kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows\n remote attackers to cause a denial of service (system crash)\n or possibly execute arbitrary code via a DCCP packet that triggers a\n call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.\n (bnc#868653)\n\n *\n\n CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in\n the Linux kernel through 3.14 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a bind system call for an RDS socket on a\n system that lacks RDS transports. (bnc#871561)\n\n *\n\n CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the\n Linux kernel before 3.14.3 does not properly consider which pages must be\n locked, which allows local users to cause a denial of service (system\n crash) by triggering a memory-usage pattern that requires removal of\n page-table mappings. (bnc#876102)\n\n Also the following non-security bugs have been fixed:\n\n * kabi: protect symbols modified by bnc#864833 fix (bnc#864833).\n * arch: Fix incorrect config symbol in #ifdef (bnc#844513).\n * ACPICA: Add a lock to the internal object reference count mechanism\n (bnc#857499).\n * x86/PCI: reduce severity of host bridge window conflict warnings\n (bnc#858534).\n * ia64: Change default PSR.ac from "1" to "0" (Fix erratum #237)\n (bnc#874108).\n * timer: Prevent overflow in apply_slack (bnc#873061).\n * xen: Close a race condition in Xen nested spinlock (bnc#858280,\n bnc#819351).\n * storvsc: NULL pointer dereference fix (bnc#865330).\n * sched: Make scale_rt_power() deal with backward clocks (bnc#865310).\n * sched: Use CPUPRI_NR_PRIORITIES instead of MAX_RT_PRIO in cpupri\n check (bnc#871861).\n *\n\n sched: update_rq_clock() must skip ONE update (bnc#868528,\n bnc#869033).\n\n *\n\n md: Change handling of save_raid_disk and metadata update during\n recovery (bnc#849364).\n\n * dm-mpath: Fixup race condition in activate_path() (bnc#708296).\n * dm-mpath: do not detach stale hardware handler (bnc#708296).\n * dm-multipath: Improve logging (bnc#708296).\n * scsi_dh_alua: Simplify state machine (bnc#854025).\n * scsi_dh_alua: endless STPG retries for a failed LUN (bnc#865342).\n *\n\n scsi_dh_alua: fixup RTPG retry delay miscalculation (bnc#854025).\n\n *\n\n vfs,proc: guarantee unique inodes in /proc.\n\n * FS-Cache: Handle removal of unadded object to the\n fscache_object_list rb tree (bnc#855885).\n * NFSD/sunrpc: avoid deadlock on TCP connection due to memory pressure\n (bnc#853455).\n * NFS: Avoid occasional hang with NFS (bnc#852488).\n * NFS: do not try to use lock state when we hold a delegation\n (bnc#831029) - add to series.conf\n * btrfs: do not loop on large offsets in readdir (bnc#863300).\n * btrfs: restrict snapshotting to own subvolumes (bnc#736697).\n * btrfs: fix extent boundary check in bio_readpage_error.\n *\n\n btrfs: fix extent_map block_len after merging.\n\n *\n\n net: add missing bh_unlock_sock() calls (bnc#862429).\n\n * inet: Pass inetpeer root into inet_getpeer*() interfaces\n (bnc#864833).\n * inet: Hide route peer accesses behind helpers (bnc#864833).\n * inet: Avoid potential NULL peer dereference (bnc#864833).\n * inet: handle rt{,6}_bind_peer() failure correctly (bnc#870801).\n * inetpeer: prevent unlinking from unused list twice (bnc#867953).\n * net/mlx4_en: Fix pages never dma unmapped on rx (bnc#858604).\n * tcp: clear xmit timers in tcp_v4_syn_recv_sock() (bnc#862429).\n * ipv6: fix race condition regarding dst->expires and dst->from\n (bnc#843185).\n *\n\n ipv6 routing, NLM_F_* flag support: REPLACE and EXCL flags support,\n warn about missing CREATE flag (bnc#865783).\n\n *\n\n mpt2sas: Do not check DIF for unwritten blocks (bnc#746500,\n bnc#836347).\n\n * mpt2sas: Add a module parameter that permits overriding protection\n capabilities (bnc#746500).\n *\n\n mpt2sas: Return the correct sense key for DIF errors (bnc#746500).\n\n *\n\n s390/cio: Delay scan for newly available I/O devices (bnc#855347,\n bnc#814788, bnc#856083).\n\n * s390/cio: More efficient handling of CHPID availability events\n (bnc#855347, bnc#814788, bnc#856083).\n * s390/cio: Relax subchannel scan loop (bnc#855347, bnc#814788,\n bnc#856083).\n *\n\n s390/css: stop stsch loop after cc 3 (bnc#855347, bnc#814788,\n bnc#856083).\n\n *\n\n supported.conf: Driver corgi_bl was renamed to generic_bl in kernel\n 2.6.29.\n\n * supported.conf: Add drivers/of/of_mdio That was a missing dependency\n for mdio-gpio on ppc64.\n * supported.conf: Fix mdio-gpio module name Module mdio-ofgpio was\n renamed to mdio-gpio in kernel 2.6.29, this should have been\n reflected in supported.conf.\n * supported.conf: Adjust radio-si470x module names\n * Update config files: re-enable twofish crypto support. (bnc#871325)\n", "reporter": "Suse", "published": "2014-05-22T02:04:17", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "title": "Security update for Linux kernel (important)", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3122", "CVE-2013-7265", "CVE-2014-1737", "CVE-2014-1874", "CVE-2014-1738", "CVE-2013-7264", "CVE-2014-1446", "CVE-2013-7339", "CVE-2014-0196", "CVE-2014-2678", "CVE-2013-6382", "CVE-2014-2039", "CVE-2013-4579", "CVE-2013-7263", "CVE-2014-1444", "CVE-2013-6885", "CVE-2014-1445", "CVE-2013-4470", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069"], "modified": "2014-05-22T02:04:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00013.html", "id": "SUSE-SU-2014:0696-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:26:04", "references": ["https://bugzilla.novell.com/852967", "https://bugzilla.novell.com/858638", "https://bugzilla.novell.com/875690", "https://bugzilla.novell.com/866102", "https://bugzilla.novell.com/860835", "https://bugzilla.novell.com/875798", "https://bugzilla.novell.com/871148", "https://bugzilla.novell.com/871325", "https://bugzilla.novell.com/869414", "https://bugzilla.novell.com/733022", "https://bugzilla.novell.com/864025", "https://bugzilla.novell.com/869898", "https://bugzilla.novell.com/871252", "https://bugzilla.novell.com/858233", "https://bugzilla.novell.com/852652", "https://bugzilla.novell.com/862145", "https://bugzilla.novell.com/873717", "https://bugzilla.novell.com/833968", "https://bugzilla.novell.com/811746", "https://bugzilla.novell.com/863335", "https://bugzilla.novell.com/837111", "https://bugzilla.novell.com/868653", "https://bugzilla.novell.com/858870", "https://bugzilla.novell.com/851426", "https://bugzilla.novell.com/858872", "https://bugzilla.novell.com/858869"], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-trace-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-trace-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "noarch", "packageFilename": "kernel-source-3.7.10-1.32.1.noarch.rpm", "packageName": "kernel-source", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-xen-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-xen-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-trace-devel-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-trace-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-debug-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i586", "packageFilename": "kernel-syms-3.7.10-1.32.1.i586.rpm", "packageName": "kernel-syms", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-syms-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-syms", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-ec2-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-ec2", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-ec2-base-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-ec2-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-ec2-base-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-ec2-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-xen-devel-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-xen-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i586", "packageFilename": "kernel-default-devel-3.7.10-1.32.1.i586.rpm", "packageName": "kernel-default-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-vanilla-devel-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-vanilla-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-debug-base-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-debug-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-ec2-base-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-ec2-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.2", "arch": "noarch", "packageFilename": "kernel-docs-3.7.10-1.32.2.noarch.rpm", "packageName": "kernel-docs", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "noarch", "packageFilename": "kernel-source-vanilla-3.7.10-1.32.1.noarch.rpm", "packageName": "kernel-source-vanilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-desktop-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-desktop", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-desktop-debugsource-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-desktop-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-debug-debugsource-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-debug-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i586", "packageFilename": "kernel-default-devel-debuginfo-3.7.10-1.32.1.i586.rpm", "packageName": "kernel-default-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-trace-devel-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-trace-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-desktop-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-desktop", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-default-devel-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-default-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-xen-devel-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i586", "packageFilename": "kernel-default-debugsource-3.7.10-1.32.1.i586.rpm", "packageName": "kernel-default-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-desktop-debugsource-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-desktop-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-default-base-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-default-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-debug-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-debug-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i586", "packageFilename": "kernel-default-base-debuginfo-3.7.10-1.32.1.i586.rpm", "packageName": "kernel-default-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-xen-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-xen-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-trace-debugsource-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-trace-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-trace-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-trace-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-desktop-base-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-desktop-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-pae-base-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-pae-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-xen-base-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-xen-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-ec2-debugsource-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-ec2-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-trace-base-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-trace-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-desktop-devel-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-desktop-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-default-base-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-default-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-ec2-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-ec2-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-vanilla-devel-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-vanilla-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-desktop-base-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-desktop-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-desktop-base-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-desktop-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-pae-base-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-pae-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-ec2-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-ec2-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-default-debugsource-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-default-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-ec2-devel-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-ec2-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-vanilla-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-vanilla-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-ec2-devel-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-ec2-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-trace-base-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-trace-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-debug-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-debug-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-default-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-default-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-vanilla-debugsource-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-vanilla-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i586", "packageFilename": "kernel-default-debuginfo-3.7.10-1.32.1.i586.rpm", "packageName": "kernel-default-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-vanilla-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-vanilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-ec2-debugsource-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-ec2-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-desktop-devel-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-desktop-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-trace-base-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-trace-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-xen-base-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-xen-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-desktop-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-desktop-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-xen-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-pae-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-pae-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-vanilla-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-vanilla", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "noarch", "packageFilename": "kernel-devel-3.7.10-1.32.1.noarch.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-xen-devel-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-xen-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-vanilla-devel-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-vanilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i586", "packageFilename": "kernel-default-base-3.7.10-1.32.1.i586.rpm", "packageName": "kernel-default-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-debug-devel-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-ec2-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-ec2", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-trace-devel-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-trace-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-debug-base-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-debug-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-debug-base-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-debug-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-debug-base-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-debug-base-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-desktop-devel-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-desktop-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-default-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-default", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-debug-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-pae-debugsource-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-pae-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-vanilla-devel-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-vanilla-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-pae-devel-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-pae-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-ec2-base-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-ec2-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-trace-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-trace", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-vanilla-debugsource-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-vanilla-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-pae-devel-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-pae-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-trace-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-trace", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-xen-base-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-xen-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-trace-devel-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-trace-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i586", "packageFilename": "kernel-default-3.7.10-1.32.1.i586.rpm", "packageName": "kernel-default", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-debug-devel-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-trace-debugsource-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-trace-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-debug-devel-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-debug-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-xen-debugsource-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-xen-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-xen-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-pae-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-pae", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-debug-debugsource-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-debug-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-trace-base-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-trace-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-desktop-base-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-desktop-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-ec2-devel-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-ec2-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-desktop-devel-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-desktop-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-xen-debugsource-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-xen-debugsource", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-default-devel-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-default-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-ec2-devel-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-ec2-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-desktop-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-desktop-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-xen-base-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-xen-base", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-debug-devel-debuginfo-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-debug-devel-debuginfo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "i686", "packageFilename": "kernel-xen-devel-3.7.10-1.32.1.i686.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "12.3", "packageVersion": "3.7.10-1.32.1", "arch": "x86_64", "packageFilename": "kernel-vanilla-debuginfo-3.7.10-1.32.1.x86_64.rpm", "packageName": "kernel-vanilla-debuginfo", "operator": "lt"}], "description": "The Linux Kernel was updated to fix various security issues and bugs.\n\n Main security issues fixed:\n\n A security issue in the tty layer that was fixed that could be used by\n local attackers for code execution (CVE-2014-0196).\n\n Two security issues in the floppy driver were fixed that could be used by\n local attackers on machines with the floppy to crash the kernel or\n potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).\n\n Other security issues and bugs that were fixed:\n - netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper\n (bnc#860835 CVE-2014-1690).\n\n - net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH\n (bnc#866102, CVE-2014-0101).\n\n - n_tty: Fix a n_tty_write crash and code execution when echoing in raw\n mode (bnc#871252 bnc#875690 CVE-2014-0196).\n\n - netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones (bnc#873717).\n\n - Update config files: re-enable twofish crypto support Software twofish\n crypto support was disabled in several architectures since openSUSE\n 10.3. For i386 and x86_64 it was on purpose, because\n hardware-accelerated alternatives exist. However for all other\n architectures it was by accident. Re-enable software twofish crypto\n support in arm, ia64 and ppc configuration files, to guarantee that at\n least one implementation is always available (bnc#871325).\n\n - Update config files: disable CONFIG_TOUCHSCREEN_W90X900 The w90p910_ts\n driver only makes sense on the W90x900 architecture, which we do not\n support.\n\n - ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672).\n\n - Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug\n (bnc#869898).\n\n - SELinux: Fix kernel BUG on empty security contexts\n (bnc#863335,CVE-2014-1874).\n\n - hamradio/yam: fix info leak in ioctl (bnc#858872, CVE-2014-1446).\n\n - wanxl: fix info leak in ioctl (bnc#858870, CVE-2014-1445).\n\n - farsync: fix info leak in ioctl (bnc#858869, CVE-2014-1444).\n\n - ARM: 7809/1: perf: fix event validation for software group leaders\n (CVE-2013-4254, bnc#837111).\n\n - netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages\n (bnc#868653, CVE-2014-2523).\n\n - ath9k_htc: properly set MAC address and BSSID mask (bnc#851426,\n CVE-2013-4579).\n\n - drm/ttm: don't oops if no invalidate_caches() (bnc#869414).\n\n - Apply missing patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patch\n\n - xfs: growfs: use uncached buffers for new headers (bnc#858233).\n\n - xfs: use btree block initialisation functions in growfs (bnc#858233).\n\n - Revert "Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end\n ." (bnc#858233) Put back again the patch\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end\n back as there is a better fix than reverting the affecting patch.\n\n - Delete\n patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end\n . It turned out that this patch causes regressions (bnc#858233) The\n upstream 3.7.x also reverted it in the end (commit c3793e0d94af2).\n\n - tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).\n - tcp: syncookies: reduce mss table to four values (bnc#833968).\n\n - x86, cpu, amd: Add workaround for family 16h, erratum 793 (bnc#852967\n CVE-2013-6885).\n\n - cifs: ensure that uncached writes handle unmapped areas correctly\n (bnc#864025 CVE-2014-0069).\n\n - x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (bnc#858638\n CVE-2014-1438).\n\n - xencons: generalize use of add_preferred_console() (bnc#733022,\n bnc#852652).\n - balloon: don't crash in HVM-with-PoD guests.\n - hwmon: (coretemp) Fix truncated name of alarm attributes.\n\n - NFS: Avoid PUTROOTFH when managing leases (bnc#811746).\n\n - cifs: delay super block destruction until all cifsFileInfo objects are\n gone (bnc#862145).\n\n", "edition": 1, "reporter": "Suse", "published": "2014-05-19T14:04:14", "title": "kernel: security and bugfix update (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2014-2672", "CVE-2014-1737", "CVE-2014-1874", "CVE-2013-4254", "CVE-2014-1738", "CVE-2014-1446", "CVE-2014-0196", "CVE-2013-4579", "CVE-2014-1444", "CVE-2014-1438", "CVE-2013-6885", "CVE-2014-1445", "CVE-2014-2523", "CVE-2014-0101", "CVE-2014-0069", "CVE-2014-1690"], "modified": "2014-05-19T14:04:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00009.html", "id": "OPENSUSE-SU-2014:0677-1", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2017-09-09T07:19:32", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "enchantments_done": [], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-debuginfo-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-xen-debuginfo-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-xen-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-PAE-debuginfo-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-PAE-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-debug-debuginfo-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debug-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-debuginfo-common-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debuginfo-common", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "src", "packageFilename": "kernel-2.6.18-371.6.1.el5.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-xen-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-xen-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-debug-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debug-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-debuginfo-common-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debuginfo-common", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "noarch", "packageFilename": "kernel-doc-2.6.18-371.6.1.el5.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-xen-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i386", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.i386.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-PAE-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-PAE-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-PAE", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-xen-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-debuginfo-common-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-debuginfo-common", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-kdump-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-kdump-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-debug-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-debug-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-debuginfo-common-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-debuginfo-common", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-kdump-debuginfo-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-kdump-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-debuginfo-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-debug-debuginfo-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-debug-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-kdump-devel-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-kdump-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.ppc.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-kdump-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-kdump", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ppc64", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.ppc64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-kdump-devel-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-kdump-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-kdump-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-kdump", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "s390x", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.s390x.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-debuginfo-common-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-debuginfo-common", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-debug-debuginfo-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-debug-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-debuginfo-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-xen-debuginfo-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-xen-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-xen-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-xen", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n* A flaw was found in the way the ipc_rcu_putref() function in the Linux\nkernel's IPC implementation handled reference counter decrementing.\nA local, unprivileged user could use this flaw to trigger an Out of Memory\n(OOM) condition and, potentially, crash the system. (CVE-2013-4483,\nModerate)\n\n* It was found that the Xen hypervisor implementation did not correctly\ncheck privileges of hypercall attempts made by HVM guests, allowing\nhypercalls to be invoked from protection rings 1 and 2 in addition to ring\n0. A local attacker in an HVM guest able to execute code on privilege\nlevels 1 and 2 could potentially use this flaw to further escalate their\nprivileges in that guest. Note: Xen HVM guests running unmodified versions\nof Red Hat Enterprise Linux and Microsoft Windows are not affected by this\nissue because they are known to only use protection rings 0 (kernel) and 3\n(userspace). (CVE-2013-4554, Moderate)\n\n* A flaw was found in the way the Linux kernel's Adaptec RAID controller\n(aacraid) checked permissions of compat IOCTLs. A local attacker could use\nthis flaw to bypass intended security restrictions. (CVE-2013-6383,\nModerate)\n\n* It was found that, under specific circumstances, a combination of write\noperations to write-combined memory and locked CPU instructions may cause a\ncore hang on certain AMD CPUs (for more information, refer to AMD CPU\nerratum 793 linked in the References section). A privileged user in a guest\nrunning under the Xen hypervisor could use this flaw to cause a denial of\nservice on the host system. This update adds a workaround to the Xen\nhypervisor implementation, which mitigates the AMD CPU issue. Note: this\nissue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs\nare not vulnerable. (CVE-2013-6885, Moderate)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls. (CVE-2013-7263, Low)\n\n* A flaw was found in the way the get_dumpable() function return value was\ninterpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user could\nuse this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\nRed Hat would like to thank Vladimir Davydov of Parallels for reporting\nCVE-2013-4483 and the Xen project for reporting CVE-2013-4554 and\nCVE-2013-6885. Upstream acknowledges Jan Beulich as the original reporter\nof CVE-2013-4554 and CVE-2013-6885.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. The system must be rebooted for this update to take effect.\n", "reporter": "RedHat", "published": "2014-03-12T04:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "redhat", "title": "(RHSA-2014:0285) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T12:14:14", "id": "RHSA-2014:0285", "href": "https://access.redhat.com/errata/RHSA-2014:0285", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2017-08-22T10:02:55", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "x86_64", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5debug-1.4.10-1.el5.x86_64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "i686", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5-2.0.5-1.el5.i686.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i686", "packageFilename": "kernel-devel-2.6.18-371.6.1.0.1.el5.i686.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i686", "packageFilename": "kernel-debug-2.6.18-371.6.1.0.1.el5.i686.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "ia64", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5debug-1.4.10-1.el5.ia64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "i686", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5xen-1.4.10-1.el5.i686.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "noarch", "packageFilename": "kernel-doc-2.6.18-371.6.1.0.1.el5.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "noarch", "packageFilename": "kernel-doc-2.6.18-371.6.1.0.1.el5.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "noarch", "packageFilename": "kernel-doc-2.6.18-371.6.1.0.1.el5.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "ia64", "packageFilename": "kernel-debug-2.6.18-371.6.1.0.1.el5.ia64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i386", "packageFilename": "kernel-headers-2.6.18-371.6.1.0.1.el5.i386.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "x86_64", "packageFilename": "kernel-2.6.18-371.6.1.0.1.el5.x86_64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i686", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.0.1.el5.i686.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "i686", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5-1.4.10-1.el5.i686.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "src", "packageFilename": "kernel-2.6.18-371.6.1.0.1.el5.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "src", "packageFilename": "kernel-2.6.18-371.6.1.0.1.el5.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "src", "packageFilename": "kernel-2.6.18-371.6.1.0.1.el5.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "src", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5-2.0.5-1.el5.src.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "src", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5-2.0.5-1.el5.src.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "src", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5-2.0.5-1.el5.src.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "x86_64", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5debug-2.0.5-1.el5.x86_64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "x86_64", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.0.1.el5.x86_64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "i686", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5xen-2.0.5-1.el5.i686.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "i686", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5PAE-1.4.10-1.el5.i686.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5PAE", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "x86_64", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.0.1.el5.x86_64.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i686", "packageFilename": "kernel-PAE-2.6.18-371.6.1.0.1.el5.i686.rpm", "packageName": "kernel-PAE", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i686", "packageFilename": "kernel-xen-2.6.18-371.6.1.0.1.el5.i686.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "ia64", "packageFilename": "kernel-devel-2.6.18-371.6.1.0.1.el5.ia64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "ia64", "packageFilename": "kernel-xen-2.6.18-371.6.1.0.1.el5.ia64.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "x86_64", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5xen-1.4.10-1.el5.x86_64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i686", "packageFilename": "kernel-PAE-devel-2.6.18-371.6.1.0.1.el5.i686.rpm", "packageName": "kernel-PAE-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "ia64", "packageFilename": "kernel-headers-2.6.18-371.6.1.0.1.el5.ia64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "ia64", "packageFilename": "kernel-2.6.18-371.6.1.0.1.el5.ia64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "i686", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5debug-1.4.10-1.el5.i686.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "x86_64", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5-2.0.5-1.el5.x86_64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "x86_64", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5xen-2.0.5-1.el5.x86_64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "ia64", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5-1.4.10-1.el5.ia64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i686", "packageFilename": "kernel-2.6.18-371.6.1.0.1.el5.i686.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "ia64", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.0.1.el5.ia64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "ia64", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5xen-1.4.10-1.el5.ia64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "ia64", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5debug-2.0.5-1.el5.ia64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "i686", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.0.1.el5.i686.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "ia64", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5xen-2.0.5-1.el5.ia64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "i686", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5PAE-2.0.5-1.el5.i686.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5PAE", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "x86_64", "packageFilename": "kernel-headers-2.6.18-371.6.1.0.1.el5.x86_64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "ia64", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.0.1.el5.ia64.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "x86_64", "packageFilename": "kernel-debug-2.6.18-371.6.1.0.1.el5.x86_64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "i686", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5debug-2.0.5-1.el5.i686.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "x86_64", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5-1.4.10-1.el5.x86_64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "src", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5-1.4.10-1.el5.src.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "src", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5-1.4.10-1.el5.src.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "src", "packageFilename": "ocfs2-2.6.18-371.6.1.0.1.el5-1.4.10-1.el5.src.rpm", "packageName": "ocfs2-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "ia64", "packageFilename": "oracleasm-2.6.18-371.6.1.0.1.el5-2.0.5-1.el5.ia64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.0.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "x86_64", "packageFilename": "kernel-xen-2.6.18-371.6.1.0.1.el5.x86_64.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.0.1.el5", "arch": "x86_64", "packageFilename": "kernel-devel-2.6.18-371.6.1.0.1.el5.x86_64.rpm", "packageName": "kernel-devel", "operator": "lt"}], "edition": 2, "description": "kernel\n[2.6.18-371.6.1.0.1]\n- i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649]\n- [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030]\n- [oprofile] export __get_user_pages_fast() function [orabug 14277030]\n- [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030]\n- [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030]\n- [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030]\n- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]\n- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]\n- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding\n hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]\n- [mm] Enhance shrink_zone patch allow full swap utilization, and also be\n NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]", "reporter": "Oracle", "published": "2014-03-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "oraclelinux", "title": "1 ", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6383", "CVE-2013-2929", "CVE-2013-4554", "CVE-2013-7263", "CVE-2013-4483", "CVE-2013-6885", "CVE-2013-6381"], "modified": "2014-03-13T00:00:00", "id": "ELSA-2014-0285-1", "href": "http://linux.oracle.com/errata/ELSA-2014-0285-1.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-06T15:00:36", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "noarch", "packageFilename": "kernel-doc-2.6.18-371.6.1.el5.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "noarch", "packageFilename": "kernel-doc-2.6.18-371.6.1.el5.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "noarch", "packageFilename": "kernel-doc-2.6.18-371.6.1.el5.noarch.rpm", "packageName": "kernel-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "i686", "packageFilename": "ocfs2-2.6.18-371.6.1.el5-1.4.10-1.el5.i686.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-xen-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "i686", "packageFilename": "oracleasm-2.6.18-371.6.1.el5-2.0.5-1.el5.i686.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "x86_64", "packageFilename": "ocfs2-2.6.18-371.6.1.el5xen-1.4.10-1.el5.x86_64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "ia64", "packageFilename": "oracleasm-2.6.18-371.6.1.el5xen-2.0.5-1.el5.ia64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-PAE-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "src", "packageFilename": "oracleasm-2.6.18-371.6.1.el5-2.0.5-1.el5.src.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "src", "packageFilename": "oracleasm-2.6.18-371.6.1.el5-2.0.5-1.el5.src.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "src", "packageFilename": "oracleasm-2.6.18-371.6.1.el5-2.0.5-1.el5.src.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "ia64", "packageFilename": "ocfs2-2.6.18-371.6.1.el5-1.4.10-1.el5.ia64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "x86_64", "packageFilename": "oracleasm-2.6.18-371.6.1.el5xen-2.0.5-1.el5.x86_64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "src", "packageFilename": "ocfs2-2.6.18-371.6.1.el5-1.4.10-1.el5.src.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "src", "packageFilename": "ocfs2-2.6.18-371.6.1.el5-1.4.10-1.el5.src.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "src", "packageFilename": "ocfs2-2.6.18-371.6.1.el5-1.4.10-1.el5.src.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "i686", "packageFilename": "ocfs2-2.6.18-371.6.1.el5xen-1.4.10-1.el5.i686.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "ia64", "packageFilename": "oracleasm-2.6.18-371.6.1.el5debug-2.0.5-1.el5.ia64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "i686", "packageFilename": "oracleasm-2.6.18-371.6.1.el5PAE-2.0.5-1.el5.i686.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5PAE", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-xen-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "ia64", "packageFilename": "ocfs2-2.6.18-371.6.1.el5debug-1.4.10-1.el5.ia64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "x86_64", "packageFilename": "ocfs2-2.6.18-371.6.1.el5-1.4.10-1.el5.x86_64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i386", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.i386.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-xen-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "ia64", "packageFilename": "oracleasm-2.6.18-371.6.1.el5-2.0.5-1.el5.ia64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "ia64", "packageFilename": "ocfs2-2.6.18-371.6.1.el5xen-1.4.10-1.el5.ia64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-PAE-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-PAE", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-xen-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "i686", "packageFilename": "oracleasm-2.6.18-371.6.1.el5debug-2.0.5-1.el5.i686.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "i686", "packageFilename": "oracleasm-2.6.18-371.6.1.el5xen-2.0.5-1.el5.i686.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5xen", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "x86_64", "packageFilename": "ocfs2-2.6.18-371.6.1.el5debug-1.4.10-1.el5.x86_64.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "x86_64", "packageFilename": "oracleasm-2.6.18-371.6.1.el5-2.0.5-1.el5.x86_64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "src", "packageFilename": "kernel-2.6.18-371.6.1.el5.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "src", "packageFilename": "kernel-2.6.18-371.6.1.el5.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "src", "packageFilename": "kernel-2.6.18-371.6.1.el5.src.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "i686", "packageFilename": "kernel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "ia64", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.ia64.rpm", "packageName": "kernel-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "i686", "packageFilename": "ocfs2-2.6.18-371.6.1.el5PAE-1.4.10-1.el5.i686.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5PAE", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "arch": "x86_64", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "1.4.10-1.el5", "arch": "i686", "packageFilename": "ocfs2-2.6.18-371.6.1.el5debug-1.4.10-1.el5.i686.rpm", "packageName": "ocfs2-2.6.18-371.6.1.el5debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.0.5-1.el5", "arch": "x86_64", "packageFilename": "oracleasm-2.6.18-371.6.1.el5debug-2.0.5-1.el5.x86_64.rpm", "packageName": "oracleasm-2.6.18-371.6.1.el5debug", "operator": "lt"}], "edition": 1, "description": "kernel\n[2.6.18-371.6.1]\n- [net] be2net: don't use skb_get_queue_mapping() (Ivan Vecera) [1066302 1063955]\n- [ipc] change refcount to atomic_t (Phillip Lougher) [1024866 1024868] {CVE-2013-4483}\n- [s390] qeth: buffer overflow in snmp ioctl (Jacob Tanenbaum) [1034402 1034404] {CVE-2013-6381}\n- [scsi] AACRAID Driver compat IOCTL missing capability check (Jacob Tanenbaum) [1033531 1033532] {CVE-2013-6383}\n- [xen] x86/AMD: work around erratum 793 (Radim Krcmar) [1035834 1035836] {CVE-2013-6885}\n- [xen] do not expose hypercalls to rings 1 and 2 of HVM guests (Andrew Jones) [1029112 1029113] {CVE-2013-4554}\n- [redhat] kabi: Adding symbol print_hex_dump (Jiri Olsa) [1054055 662558]\n- [scsi] Add 'eh_deadline' to limit SCSI EH runtime (Ewan Milne) [1050097 956132]\n- [scsi] remove check for 'resetting' (Ewan Milne) [1050097 956132]\n- [scsi] dc395: Move 'last_reset' into internal host structure (Ewan Milne) [1050097 956132]\n- [scsi] tmscsim: Move 'last_reset' into host structure (Ewan Milne) [1050097 956132]\n- [scsi] advansys: Remove 'last_reset' references (Ewan Milne) [1050097 956132]\n- [scsi] dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (Ewan Milne) [1050097 956132]\n- [scsi] dpt_i2o: Remove DPTI_STATE_IOCTL (Ewan Milne) [1050097 956132]\n- [net] ipv6: fix leaking uninit port number of offender sockaddr (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}\n- [net] fix addr_len/msg->msg_namelen assign in recv_error funcs (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}\n- [net] prevent leakage of uninitialized memory to user in recv (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}\n- [net] be2net: prevent Tx stall on SH-R when packet size < 32 (Ivan Vecera) [1051535 1007995]\n- [net] be2net: Trim padded packets for Lancer (Ivan Vecera) [1051535 1007995]\n- [net] be2net: Pad skb to meet min Tx pkt size in lancer (Ivan Vecera) [1051535 1007995]\n- [net] be2net: refactor HW workarounds in be_xmit() (Ivan Vecera) [1051535 1007995]\n- [fs] exec/ptrace: fix get_dumpable() incorrect tests (Petr Oros) [1039483 1039484] {CVE-2013-2929}\n[2.6.18-371.5.1]\n- [fs] cifs: stop trying to use virtual circuits (Sachin Prabhu) [1044328 1013469]", "reporter": "Oracle", "published": "2014-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7265", "CVE-2013-6383", "CVE-2013-2929", "CVE-2013-4554", "CVE-2013-7264", "CVE-2013-7263", "CVE-2013-4483", "CVE-2013-6885", "CVE-2013-7281", "CVE-2013-6381"], "modified": "2014-03-12T00:00:00", "id": "ELSA-2014-0285", "href": "http://linux.oracle.com/errata/ELSA-2014-0285.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-04T13:06:31", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-35.el6uek", "packageFilename": "kernel-uek-doc-3.8.13-35.el6uek.noarch.rpm", "arch": "noarch", "packageName": "kernel-uek-doc", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-35.el6uek", "packageFilename": "kernel-uek-3.8.13-35.el6uek.src.rpm", "arch": "src", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-35.el6uek", "packageFilename": "kernel-uek-firmware-3.8.13-35.el6uek.noarch.rpm", "arch": "noarch", "packageName": "kernel-uek-firmware", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-35.el6uek", "packageFilename": "kernel-uek-debug-devel-3.8.13-35.el6uek.x86_64.rpm", "arch": "x86_64", "packageName": "kernel-uek-debug-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-35.el6uek", "packageFilename": "kernel-uek-devel-3.8.13-35.el6uek.x86_64.rpm", "arch": "x86_64", "packageName": "kernel-uek-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.4.3-4.el6", "packageFilename": "dtrace-modules-provider-headers-0.4.3-4.el6.x86_64.rpm", "arch": "x86_64", "packageName": "dtrace-modules-provider-headers", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.4.3-4.el6", "packageFilename": "dtrace-modules-3.8.13-35.el6uek-0.4.3-4.el6.src.rpm", "arch": "src", "packageName": "dtrace-modules-3.8.13-35.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.4.3-4.el6", "packageFilename": "dtrace-modules-3.8.13-35.el6uek-0.4.3-4.el6.x86_64.rpm", "arch": "x86_64", "packageName": "dtrace-modules-3.8.13-35.el6uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-35.el6uek", "packageFilename": "kernel-uek-debug-3.8.13-35.el6uek.x86_64.rpm", "arch": "x86_64", "packageName": "kernel-uek-debug", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "3.8.13-35.el6uek", "packageFilename": "kernel-uek-3.8.13-35.el6uek.x86_64.rpm", "arch": "x86_64", "packageName": "kernel-uek", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "0.4.3-4.el6", "packageFilename": "dtrace-modules-headers-0.4.3-4.el6.x86_64.rpm", "arch": "x86_64", "packageName": "dtrace-modules-headers", "operator": "lt"}], "description": "kernel-uek \r\n[3.8.13-35.el6uek] \r\n- n_tty: Fix n_tty_write crash when echoing in raw mode (Peter Hurley) [Orabug: 18754908] {CVE-2014-0196} {CVE-2014-0196} \r\n \n[3.8.13-34.el6uek] \r\n- aacraid: missing capable() check in compat ioctl (Dan Carpenter) [Orabug: 18721960] {CVE-2013-6383} \r\n- vhost: fix total length when packets are too short (Michael S. Tsirkin) [Orabug: 18721975] {CVE-2014-0077} \r\n \n[3.8.13-33.el6uek] \r\n- dtrace: ensure one can try to get user pages without locking or faulting (Kris Van Hees) [Orabug: 18653173] \r\n- ipv6: don't set DST_NOCOUNT for remotely added routes (Sabrina Dubroca) [Orabug: 18681501] {CVE-2014-2309} \r\n- kvm: x86: fix emulator buffer overflow (CVE-2014-0049) (Andrew Honig) [Orabug: 18681519] {CVE-2014-0049} \r\n- ib_core: fmr pool hard lock up when cache enabled (Shamir Rabinovitch) [Orabug: 18408531] \r\n- bnx2x: disable PTP clock support (Jerry Snitselaar) [Orabug: 18605376] \r\n- x86, mm: Revert back good_end setting for 64bit (Brian Maly) [Orabug: 17648536] \r\n- IB/sdp: disable APM by default (Shamir Rabinovitch) [Orabug: 18443201] \r\n- vxlan: kernel panic when bringing up vxlan (Venkat Venkatsubra) [Orabug: 18295741] \r\n- ocfs2: call ocfs2_update_inode_fsync_trans when updating any inode (Darrick J. Wong) [Orabug: 18257094] \r\n- ocfs2: improve fsync efficiency and fix deadlock between aio_write and sync_file (Darrick J. Wong) [Orabug: 18257094] \r\n- Revert \"ocfs2: fix i_mutex deadlock between aio_write and sync_file\" (Jerry Snitselaar) [Orabug: 18257094] \r\n- config: align with rhck (Jerry Snitselaar) [Orabug: 18685975] \r\n- config: disable atmel drivers for ol7 (Jerry Snitselaar) [Orabug: 18665656] \r\n- config: enable support for squashfs features (Jerry Snitselaar) [Orabug: 18655723] \r\n- qla4xxx: Update driver verion to v5.04.00.05.06.02-uek3 (Tej Parkash) [Orabug: 18552248] \r\n- net: ipv4: current group_info should be put after using. (Wang, Xiaoming) [Orabug: 18603519] {CVE-2014-2851} \r\n \n[3.8.13-32.el6uek] \r\n- mm / dtrace: Allow DTrace to entirely disable page faults. (Nick Alcock) [Orabug: 18412802] \r\n- mm: allow __get_user_pages() callers to avoid triggering page faults. (Nick Alcock) [Orabug: 18412802] \r\n- config: enable nfs client support for rdma (Jerry Snitselaar) [Orabug: 18560595] \r\n- NFS: Fix negative overflow in SETATTR timestamps (Chuck Lever) [Orabug: 18476361] \r\n- NFS: Transfer full int64 for NFSv4 SETATTR timestamps (Chuck Lever) [Orabug: 18476361] \r\n- NFS: Block file size updates during async READ (Chuck Lever) [Orabug: 18391310] \r\n- NFS: Use an RPC/RDMA long request for NFS symlink operations (Chuck Lever) [Orabug: 18261861] \r\n- SUNRPC: Support long RPC/RDMA requests (Chuck Lever) [Orabug: 18261861] \r\n- xprtrdma: Split the completion queue (Chuck Lever) [Orabug: 18560595] \r\n- xprtrdma: Make rpcrdma_ep_destroy() return void (Chuck Lever) [Orabug: 18560595] \r\n- xprtrdma: Simplify rpcrdma_deregister_external() synopsis (Chuck Lever) [Orabug: 18560595] \r\n- xprtrdma: Remove support for MEMWINDOWS registration mode (Chuck Lever) [Orabug: 18560595] \r\n- xprtrdma: Disable ALLPHYSICAL mode by default (Chuck Lever) [Orabug: 18560595] \r\n- xprtrdma: Remove BOUNCEBUFFERS memory registration mode (Chuck Lever) [Orabug: 18560595] \r\n- SUNRPC: RPC/RDMA must invoke xprt_wake_pending_tasks() in process context (Chuck Lever) [Orabug: 18560595] \r\n- xprtrdma: add separate Kconfig options for NFSoRDMA client and server support (Jeff Layton) [Orabug: 18560595] \r\n- NFS: incorrect \"port=\" value in /proc/mounts (Chuck Lever) [Orabug: 18560595] \r\n- NFS: advertise only supported callback netids (Chuck Lever) [Orabug: 18560595] \r\n- SUNRPC: remove KERN_INFO from dprintk() call sites (Chuck Lever) [Orabug: 18560595] \r\n- SUNRPC: Fix large reads on NFS/RDMA (Chuck Lever) [Orabug: 18560595] \r\n- fnic: Failing to queue aborts due to Q full cause terminate driver timeout (Simha) [Orabug: 18548644] \r\n- net: enic: include irq.h for irqreturn_t definitions (Josh Boyer) [Orabug: 18548634] \r\n- enic: Call dev_kfree_skb_any instead of dev_kfree_skb. (Eric W. Biederman) [Orabug: 18548634] \r\n- enic: Don't receive packets when the napi budget == 0 (Eric W. Biederman) [Orabug: 18548634] \r\n- net: enic: slight optimization of addr compare (dingtianhong) [Orabug: 18548634] \r\n- net: enic: remove unnecessary pci_set_drvdata() (Jingoo Han) [Orabug: 18548634] \r\n- driver/net: enic: update enic maintainers and driver (govindarajulu.v) [Orabug: 18548634] \r\n- driver/net: enic: Exposing symbols for Cisco's low latency driver (govindarajulu.v) [Orabug: 18548634] \r\n- driver/net: enic: Try DMA 64 first, then failover to DMA (govindarajulu.v) [Orabug: 18548634] \r\n- driver/net: enic: record q_number and rss_hash for skb (govindarajulu.v) [Orabug: 18548634] \r\n- driver/net: enic: Add multi tx support for enic (govindarajulu.v) [Orabug: 18548634] \r\n- drivers/net: enic: Generate notification of hardware crash (Neel Patel) [Orabug: 18548634] \r\n- drivers/net: enic: Add an interface for USNIC to interact with firmware (Neel Patel) [Orabug: 18548634] \r\n- drivers/net: enic: Adding support for Cisco Low Latency NIC (Neel Patel) [Orabug: 18548634] \r\n- drivers/net: enic: Move ethtool code to a separate file (Neel Patel) [Orabug: 18548634] \r\n- drivers/net: enic: release rtnl_lock on error-path (Konstantin Khlebnikov) [Orabug: 18548634] \r\n- enic: be less verbose about non-critical firmware errors (Stefan Assmann) [Orabug: 18548634] \r\n- enic: change sprintf() to snprintf() (Dan Carpenter) [Orabug: 18548634] \r\n- dtrace: implement omni-present cyclics (Kris Van Hees) [Orabug: 18323501] \r\n- Update .gitignore with generated SDT files. (Nick Alcock) [Orabug: 17851716] \r\n- dtrace: avoid unreliable entries in stack() output (Kris Van Hees) [Orabug: 18323450] \r\n- drm/i915: hsw: replace !is_pch_edp() with port==PORT_A (Imre Deak) [Orabug: 18429992] \r\n- drm/i915: IVB/HSW have 32 fence register (Ville Syrjala) [Orabug: 18429992] \r\n- drm/i915: Configure GAM_ECOCHK appropriatly for Gen7 (Ville Syrjala) [Orabug: 18429992] \r\n- drm/i915: use lower aux clock divider on non-ULT HSW (Jani Nikula) [Orabug: 18429992] \r\n- drm/i915: HSW PM Frequency bits fix (Rodrigo Vivi) [Orabug: 18429992] \r\n- drm/i915: there's no PIPESTAT on HAS_PCH_SPLIT platforms (Paulo Zanoni) [Orabug: 18429992] \r\n- drm/i915: there's no DSPPOS register on gen4+ (Paulo Zanoni) [Orabug: 18429992] \r\n- drm/i915: reorganize intel_lvds_supported (Paulo Zanoni) [Orabug: 18429992] \r\n- drm/i915: fix DSPADDR Gen check (Paulo Zanoni) [Orabug: 18429992] \r\n- drm/i915: there's no DSPADDR register on Haswell (Paulo Zanoni) [Orabug: 18429992] \r\n- drm/i915: there's no DSPSIZE register on gen4+ (Paulo Zanoni) [Orabug: 18429992] \r\n- drm/i915: Use cpu_transcoder for HSW_TVIDEO_DIP_* instead of pipe (Rodrigo Vivi) [Orabug: 18429992] \r\n- PM: intel_powerclamp: enable driver in defconfigs (Brian Maly) [Orabug: 18429987] \r\n- intel_powerclamp: Fix cstate counter detection. (Yuxuan Shui) [Orabug: 18429987] \r\n- thermal/intel_powerclamp: Add newer CPU models (Jacob Pan) [Orabug: 18429987] \r\n- PM: Introduce Intel PowerClamp Driver (Jacob Pan) [Orabug: 18429987] \r\n- tick: export nohz tick idle symbols for module use (Jacob Pan) [Orabug: 18429987] \r\n- x86/nmi: export local_touch_nmi() symbol for modules (Jacob Pan) [Orabug: 18429987] \r\n- ioatdma: disable RAID on non-Atom platforms and reenable unaligned copies (Brice Goglin) [Orabug: 18430022] \r\n- ioatdma: ioat3_alloc_sed can be static (Fengguang Wu) [Orabug: 18430022] \r\n- ioatdma: Adding write back descriptor error status support for ioatdma 3.3 (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: S1200 platforms ioatdma channel 2 and 3 falsely advertise RAID cap (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: Adding support for 16 src PQ ops and super extended descriptors (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: skip silicon bug workaround for pq_align for cb3.3 (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: Removing PQ val disable for cb3.3 (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: channel reset scheme fixup on Intel Atom S1200 platforms (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: Add 64bit chansts register read for ioat v3.3. (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: Adding PCI IDs for Intel Atom S1200 product family ioatdma devices (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: Adding Haswell devid for ioatdma (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: allow all channels to have irq coalescing support (Dave Jiang) [Orabug: 18430022] \r\n- ioatdma: make debug output more readable (Dave Jiang) [Orabug: 18430022] \r\n- ioat/dca: Update DCA BIOS workarounds to use TAINT_FIRMWARE_WORKAROUND (Alexander Duyck) [Orabug: 18430022] \r\n- dmaengine: ioat - fix spare sparse complain (Fengguang Wu) [Orabug: 18430022] \r\n- ioatdma: fix race between updating ioat->head and IOAT_COMPLETION_PENDING (Dave Jiang) [Orabug: 18430022] \r\n- ioat: remove chanerr mask setting for IOAT v3.x (Dave Jiang) [Orabug: 18430022] \r\n- PCI: Remove Intel Haswell D3 delays (Todd E Brandt) [Orabug: 18559933] \r\n- hyperv-fb: kick off efifb early (Gerd Hoffmann) [Orabug: 18276803] \r\n- hyperv-fb: add support for generation 2 virtual machines. (Gerd Hoffmann) [Orabug: 18276803] \r\n- vmbus: use resource for hyperv mmio region (Gerd Hoffmann) [Orabug: 18276803] \r\n- vmbus: add missing breaks (Gerd Hoffmann) [Orabug: 18276803] \r\n- Drivers: hv: fcopy_open() can be static (Fengguang Wu) [Orabug: 18276803] \r\n- Drivers: hv: Implement the file copy service (K. Y. Srinivasan) [Orabug: 18276803] \r\n- hv: Add hyperv.h to uapi headers (Bjarke Istrup Pedersen) [Orabug: 18276803] \r\n- Drivers: hv: Ballon: Make pressure posting thread sleep interruptibly (K. Y. Srinivasan) [Orabug: 18276803] \r\n- Drivers: hv: vmbus: Cleanup the packet send path (K. Y. Srinivasan) [Orabug: 18276803] \r\n- Drivers: hv: vmbus: Extract the mmio information from DSDT (K. Y. Srinivasan) [Orabug: 18276803] \r\n- add support for Hyper-V reference time counter (Vadim Rozenfeld) [Orabug: 18276803] \r\n- hyperv: enable framebuffer and keyboard drivers (Jerry Snitselaar) [Orabug: 18276803] \r\n- Drivers: hv: remove HV_DRV_VERSION (Olaf Hering) [Orabug: 18276803] \r\n- x86, hyperv: Move a variable to avoid an unused variable warning (H. Peter Anvin) [Orabug: 18276803] \r\ninclude (David Rientjes) [Orabug: 18276803] \r\n- x86, hyperv: Correctly guard the local APIC calibration code (K. Y. Srinivasan) [Orabug: 18276803] \r\n- x86, hyperv: Get the local APIC timer frequency from the hypervisor (K. Y. Srinivasan) [Orabug: 18276803] \r\n- x86: Correctly detect hypervisor (Jason Wang) [Orabug: 18276803] \r\n- x86, hyperv: Handle Xen emulation of Hyper-V more gracefully (K. Y. Srinivasan) [Orabug: 18276803] \r\n- X86: Handle Hyper-V vmbus interrupts as special hypervisor interrupts (K. Y. Srinivasan) [Orabug: 18276803] \r\n- X86: Add a check to catch Xen emulation of Hyper-V (K. Y. Srinivasan) [Orabug: 18276803] \r\n- Input: hyperv-keyboard - pass through 0xE1 prefix (K. Y. Srinivasan) [Orabug: 18276803] \r\n- Input: add a driver to support Hyper-V synthetic keyboard (K. Y. Srinivasan) [Orabug: 18276803] \r\n- [SCSI] storvsc: NULL pointer dereference fix (Ales Novak) [Orabug: 18276803] \r\n- [SCSI] storvsc: Increase the value of STORVSC_MAX_IO_REQUESTS (K. Y. Srinivasan) [Orabug: 18276803] \r\n- [SCSI] storvsc: Support FC devices (K. Y. Srinivasan) [Orabug: 18276803] \r\n- Drivers: hv: Add the GUID fot synthetic fibre channel device (K. Y. Srinivasan) [Orabug: 18276803] \r\n- [SCSI] storvsc: Implement multi-channel support (K. Y. Srinivasan) [Orabug: 18276803] \r\n- [SCSI] storvsc: Update the storage protocol to win8 level (K. Y. Srinivasan) [Orabug: 18276803] \r\n- [SCSI] storvsc: Increase the value of scsi timeout for storvsc devices (K. Y. Srinivasan) [Orabug: 18276803] \r\n- [SCSI] storvsc: Handle dynamic resizing of the device (K. Y. Srinivasan) [Orabug: 18276803] \r\n- [SCSI] storvsc: Restructure error handling code on command completion (K. Y. Srinivasan) [Orabug: 18276803] \r\n- Drivers: scsi: storvsc: Use the consolidated GUID definition (K. Y. Srinivasan) [Orabug: 18276803] \r\n- HID: hyperv: make sure input buffer is big enough (David Herrmann) [Orabug: 18276803] \r\n- HID: hyperv: convert alloc+memcpy to memdup (Thomas Meyer) [Orabug: 18276803] \r\n- Drivers: hid: hid-hyperv: Use consolidated G U I D d e f i n i t i o n s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v : M o v e s t a t e s e t t i n g f o r l i n k q u e r y ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v : F i x t h e c a r r i e r s t a t u s s e t t i n g ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v : F i x r a c e b e t w e e n p r o b e a n d o p e n c a l l s ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v : F i x t h e N E T I F _ F _ S G f l a g s e t t i n g i n n e t v s c ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - F i x t h e V L A N _ T A G _ P R E S E N T i n n e t v s c _ r e c v _ c a l l b a c k ( ) ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v : F i x v l a n _ p r o t o s e t t i n g i n n e t v s c _ r e c v _ c a l l b a c k ( ) ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v : F i x a c o m p i l e r w a r n i n g i n n e t v s c _ s e n d ( ) ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v : F i x a k e r n e l w a r n i n g f r o m n e t v s c _ l i n k s t a t u s _ c a l l b a c k ( ) ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : n e t : h y p e r v : U s e t h e c o n s o l i d a t e d G U I D d e f i n i t i o n ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v - f b : a d d b l a n k i n g s u p p o r t ( G e r d H o f f m a n n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v - f b : a d d p c i s t u b ( G e r d H o f f m a n n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - d r i v e r s / v i d e o : a d d H y p e r - V S y n t h e t i c V i d e o F r a m e B u f f e r D r i v e r ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : D o n ' t t i m e o u t d u r i n g t h e i n i t i a l c o n n e c t i o n w i t h h o s t ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : S p e c i f y t h e t a r g e t C P U t h a t s h o u l d r e c e i v e n o t i f i c a t i o n ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h y p e r v : A d d s u p p o r t f o r p h y s i c a l l y d i s c o n t i n u o u s r e c e i v e b u f f e r ( H a i y a n g Z h a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - d r i v e r s : h v : M a r k t h e f u n c t i o n h v _ s y n i c _ f r e e _ c p u ( ) a s s t a t i c i n h v . c ( R a s h i k a K h e r i a ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : F i x a b u g i n c h a n n e l r e s c i n d c o d e ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - d r i v e r s : h v : F i x w r o n g c h e c k f o r s y n i c _ e v e n t _ p a g e ( F e l i p e P e n a ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : T e r m i n a t e v m b u s v e r s i o n n e g o t i a t i o n o n t i m e o u t ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : u t i l : C o r r e c t l y s u p p o r t w s 2 0 0 8 R 2 a n d e a r l i e r ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h v : v m b u s : f i x v m b u s _ r e c v p a c k e t _ r a w ( ) r e t u r n c o d e ( D a n C a r p e n t e r ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h v : C h a n g e v a r i a b l e t y p e t o b o o l ( P e t e r S e n n a T s c h u d i n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : D o n o t a t t e m p t t o n e g o a t i a t e a n e w v e r s i o n p r e m a t u r e l y ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : F i x a b u g i n t h e h a n d l i n g o f c h a n n e l o f f e r s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : D o n o t p o s t p r e s s u r e s t a t u s i f i n t e r r u p t e d ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : F i x a b u g i n t h e h o t - a d d c o d e ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : i n c o r r e c t d e v i c e n a m e i s p r i n t e d w h e n c h i l d d e v i c e i s u n r e g i s t e r e d ( F e r n a n d o S o t o ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : I n i t i a l i z e t h e t r a n s a c t i o n I D j u s t b e f o r e s e n d i n g t h e p a c k e t ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : u t i l : F i x a b u g i n v e r s i o n n e g o t i a t i o n c o d e f o r u t i l s e r v i c e s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - d r i v e r s : h v : a l l o c a t e s y n i c s t r u c t u r e s b e f o r e h v _ s y n i c _ i n i t ( ) ( J a s o n W a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - d r i v e r s : h v : c h e c k i n t e r r u p t m a s k b e f o r e r e a d _ i n d e x ( J a s o n W a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - d r i v e r s : h v : s w i t c h t o u s e m b ( ) i n s t e a d o f s m p _ m b ( ) ( J a s o n W a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : I m p l e m e n t m u l t i - c h a n n e l s u p p o r t ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : F i x a b u g i n g e t _ v p _ i n d e x ( ) ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : F i x a b u g i n h v _ n e e d _ t o _ s i g n a l ( ) ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : N o t i f y t h e h o s t o f p e r m a n e n t h o t - a d d f a i l u r e s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : S u p p o r t 2 M p a g e a l l o c a t i o n s f o r b a l l o o n i n g ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : P e r m i t L i n u x t o s p e c i f y h o t - a d d a l i g n m e n t r e q u i r e m e n t s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : m a k e l o c a l f u n c t i o n s s t a t i c ( W e i Y o n g j u n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : A d d a n e w d r i v e r t o s u p p o r t h o s t i n i t i a t e d b a c k u p ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : H a n d l e c h a n n e l r e s c i n d m e s s a g e c o r r e c t l y ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : I m p l e m e n t h o t - a d d f u n c t i o n a l i t y ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : M a k e t h e b a l l o o n d r i v e r n o t u n l o a d a b l e ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : E x e c u t e h o t - a d d c o d e i n a s e p a r a t e c o n t e x t ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : E x e c u t e b a l l o o n i n f l a t i o n i n a s e p a r a t e c o n t e x t ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : D o n o t r e q u e s t c o m p l e t i o n n o t i f i c a t i o n ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - d r i v e r : h v : r e m o v e c a s t f o r k m a l l o c r e t u r n v a l u e ( Z h a n g Y a n f e i ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : U s e t h e n e w i n f r a s t r u c t u r e f o r d e l i v e r i n g V M B U S i n t e r r u p t s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : P r e v e n t t h e h o s t f r o m b a l l o o n i n g t h e g u e s t t o o l o w ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : A d d a p a r a m e t e r t o d e l a y p r e s s u r e r e p o r t i n g ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : b a l l o o n : M a k e a d j u s t m e n t s t o t h e p r e s s u r e r e p o r t ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : U s e c o n s o l i d a t e d G U I D d e f i n i t i o n s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s : C o n s o l i d a t e a l l o f f e r G U I D d e f i n i t i o n s i n h y p e r v . h ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : B i n d a l l v m b b u s i n t e r r u p t s t o t h e b o o t C P U ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : v m b u s _ f l o w _ h a n d l e r ( ) c a n b e s t a t i c ( F e n g g u a n g W u ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : r e m o v e u n u s e d v a r i a b l e i n v m b u s _ r e c v p a c k e t _ r a w ( ) ( W e i Y o n g j u n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : C l e a n u p a n d c o n s o l i d a t e r e p o r t i n g o f b u i l d / v e r s i o n i n f o ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : C a p t u r e t h e h o s t b u i l d i n f o r m a t i o n ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : I m p l e m e n t f l o w m a n a g e m e n t o n t h e s e n d s i d e ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : E n a b l e p r o t o c o l n e g o t i a t i o n w i t h w i n 8 h o s t s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : A d d a c h e c k t o d e a l w i t h s p u r i o u s i n t e r r u p t s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : H a n d l e v m b u s i n t e r r u p t s c o n c u r r e n t l y o n a l l c p u s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : M a n a g e e v e n t t a s k l e t s o n p e r - c p u b a s i s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : G e t r i d o f u n n e c e s s a r y r e q u e s t f o r o f f e r s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : G e t r i d o f t h e u n u s e d g l o b a l s i g n a l i n g s t a t e ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : A d d c o d e t o d i s t r i b u t e c h a n n e l i n t e r r u p t l o a d ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : M o d i f y t h e i n t e r r u p t h a n d l i n g c o d e t o s u p p o r t w i n 8 a n d b e y o n d ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : A d d s t a t e t o m a n a g e i n c o m i n g c h a n n e l i n t e r r u p t l o a d ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : S e t u p a m a p p i n g f o r H y p e r - V ' s n o t i o n c p u I D ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : C l e a n u p v m b u s _ s e t _ e v e n t ( ) t o s u p p o r t w i n 7 a n d b e y o n d ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : M a n a g e s i g n a l i n g s t a t e o n a p e r - c o n n e c t i o n b a s i s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : M o v e v m b u s v e r s i o n d e f i n i t i o n s t o h y p e r v . h ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : C h a n g e t h e s i g n a t u r e o f v m b u s _ s e t _ e v e n t ( ) ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : C h a n g e t h e s i g n a t u r e f o r h v _ s i g n a l _ e v e n t ( ) ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : S a v e a n d e x p o r t n e g o t i a t e d v m b u s v e r s i o n ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : E x t e n d / m o d i f y v m b u s _ c h a n n e l _ o f f e r _ c h a n n e l f o r w i n 7 a n d b e y o n d ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : U p d a t e t h e r i n g b u f f e r s t r u c t u r e t o m a t c h w i n 8 f u n c t i o n a l i t y ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : S u p p o r t h a n d l i n g m u l t i p l e V M B U S v e r s i o n s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : G e t r i d o f h v _ g e t _ r i n g b u f f e r _ i n t e r r u p t _ m a s k ( ) ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : O p t i m i z e t h e s i g n a l i n g o n t h e w r i t e p a t h ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : O p t i m i z e s i g n a l i n g i n t h e r e a d p a t h ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : T u r n o f f b a t c h e d r e a d i n g f o r u t i l d r i v e r s ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : A d d s t a t e t o m a n a g e b a t c h e d r e a d i n g ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - D r i v e r s : h v : I m p l e m e n t r o u t i n e s f o r r e a d s i d e s i g n a l i n g o p t i m i z a t i o n ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - h v : h v _ b a l l o o n : r e m o v e d u p l i c a t e d i n c l u d e f r o m h v _ b a l l o o n . c ( W e i Y o n g j u n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - x 8 6 , k v m : S w i t c h t o u s e h y p e r v i s o r _ c p u i d _ b a s e ( ) ( J a s o n W a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - x 8 6 : I n t r o d u c e h y p e r v i s o r _ c p u i d _ b a s e ( ) ( J a s o n W a n g ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - x 8 6 , m m : C r e a t e s l o w _ v i r t _ t o _ p h y s ( ) ( D a v e H a n s e n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - x 8 6 , m m : P a g e t a b l e l e v e l s i z e / s h i f t / m a s k h e l p e r s ( D a v e H a n s e n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - m m : e x p o r t s p l i t _ p a g e ( ) ( K . Y . S r i n i v a s a n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - x 8 6 , h y p e r v : H Y P E R V d e p e n d s o n X 8 6 _ L O C A L _ A P I C ( H . P e t e r A n v i n ) [ O r a b u g : 1 8 2 7 6 8 0 3 ] \r b r > - q l a 2 x x x : U p d a t e t h e d r i v e r v e r s i o n t o 8 . 0 7 . 0 0 . 0 8 . 3 9 . 0 - k 1 . ( S a u r a v K a s h y a p ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : R e m o v e I S P 8 0 4 4 I D f r o m t h e p c i t a b l e . ( S a u r a v K a s h y a p ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : R e m o v e m a p p e d v p i n d e x i t e r a t o r m a c r o d e a d c o d e . ( H i m a n s h u M a d h a n i ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A d d M B C o p t i o n f o r f a s t S F P d a t a a c c e s s . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : F i x I S P F X 0 0 n o t d i s p l a y i n g t h e c o r r e c t F W v e r s i o n a f t e r F W u p d a t e t h r o u g h s y s f s I n t e r f a c e . ( A r m e n B a l o y a n ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : F i x b e a c o n b l i n k l o g i c f o r I S P 2 6 x x / 8 3 x x . ( H i m a n s h u M a d h a n i ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : D o n ' t c h e c k f o r f i r m w a r e h u n g d u r i n g t h e r e s e t c o n t e x t f o r I S P 8 2 X X . ( T e j P r a k a s h ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : F i x u p l o o k i n g f o r a s p a c e i n t h e o u t s t a n d i n g _ c m d s a r r a y i n q l a 2 x 0 0 _ a l l o c _ i o c b s ( ) . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : D e l a y d r i v e r u n l o a d i f t h e r e i s a n y p e n d i n g a c t i v i t y g o i n g o n . ( S a w a n C h a n d a k ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : I S P 2 7 x x q u e u e i n d e x s h a d o w r e g i s t e r s . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : I S P 2 7 x x f i r m w a r e d u m p t e m p l a t e s p e c u p d a t e s ( i n c l u d i n g T 2 7 4 ) . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : R e d u c e t h e t i m e w e w a i t f o r a c o m m a n d t o c o m p l e t e d u r i n g S C S I e r r o r h a n d l i n g . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : C h e c k t h e Q L A 8 0 4 4 _ C R B _ D R V _ A C T I V E _ I N D E X r e g i s t e r w h e n w e a r e n o t t h e o w n e r o f t h e r e s e t . ( H i r a l P a t e l ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : C l e a r l o o p _ i d f o r p o r t s t h a t a r e m a r k e d l o s t d u r i n g f a b r i c s c a n n i n g . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A d j u s t a d a p t e r r e s e t r o u t i n e t o t h e c h a n g e s i n f i r m w a r e s p e c i f i c a t i o n f o r I S P F x 0 0 . ( A r m e n B a l o y a n ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A v o i d e s c a l a t i n g t h e S C S I e r r o r h a n d l e r i f t h e c o m m a n d i s n o t f o u n d i n f i r m w a r e . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : I O C B d a t a s h o u l d b e c o p i e d t o I / O m e m u s i n g m e m c p y _ t o i o . ( A t u l D e s h m u k h ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : U s e p r o p e r l o g m e s s a g e f o r f l a s h l o c k f a i l e d e r r o r f o r I S P 8 2 X X . ( A t u l D e s h m u k h ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : R e m o v e c o n f i g u r e V F s m a i l b o x c o m m a n d c a l l . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : I S P 8 0 4 4 p o l l i p m d i o b u s t i m e o u t i m p r o v e m e n t . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : P o l l d u r i n g i n i t i a l i z a t i o n f o r I S P 2 5 x x a n d I S P 8 3 x x . ( G i r i d h a r M a l a v a l i ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : F i x b u i l d e r r o r s r e l a t e d t o i n v a l i d p r i n t f i e l d s o n s o m e a r c h i t e c t u r e s . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > f i l e f o r m s l e e p d e c l a r t i o n i n q l a _ n x 2 . c f i l e . ( A t u l D e s h m u k h ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : U s e p r o p e r l o g m e s s a g e f o r f l a s h l o c k f a i l e d e r r o r . ( A t u l D e s h m u k h ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : D e c r e a s e p c i a c c e s s f o r r e s p o n s e q u e u e p r o c e s s i n g f o r I S P F X 0 0 . ( A r m e n B a l o y a n ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : U s e j i f f i e s i n s t e a d o f s t r u c t t i m e v a l a n d g e t t i m e o f d a y ( ) . ( A t u l D e s h m u k h ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : U p d a t e e n t r y t y p e 2 7 0 t o m a t c h s p e c u p d a t e . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : E n a b l e f w _ d u m p _ s i z e f o r h e l g a ( H i r a l P a t e l ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : R e m o v e u n n e c e s s a r y c o d e f r o m q l a f x 0 0 _ i n t r _ h a n d l e r ( H i r a l P a t e l ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : I n t r o d u c e f w _ d u m p _ f l a g t o t r a c k f w d u m p p r o g r e s s ( H i r a l P a t e l ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : R e m o v e u n n e c e s s a r y d e l a y s f r o m f w d u m p c o d e p a t h ( H i r a l P a t e l ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : T r a c k t h e p r o c e s s w h e n t h e R O M _ L O C K f a i l u r e h a p p e n s ( H i r a l P a t e l ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : C o r r e c t i o n t o 2 7 x x t e m p l a t e e n t r y t y p e s 2 5 6 a n d 2 5 8 . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A d d 8 0 4 4 s e r d e s b s g i n t e r f a c e . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : F i x P 3 P m a x d e b u g I D . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : C h e c k f o r p e g a l i v e c o u n t e r a n d c l e a r a n y o u t s t a n d i n g m a i l b o x c o m m a n d . ( G i r i d h a r M a l a v a l i ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : S u p p o r t o f n e w H e l g a m i n i d u m p o p c o d e s Q L A 8 0 4 4 _ R D D F E ( 3 8 ) , Q L A 8 0 4 4 _ R D M D I O ( 3 9 ) , Q L A 8 0 4 4 _ P O L L W R ( 4 0 ) . ( P r a t i k M o h a n t y ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A l l o w t h e n e x t f i r m w a r e d u m p i f t h e p r e v i o u s d u m p c a p t u r e f a i l s f o r I S P 8 0 4 4 . ( S a u r a v K a s h y a p ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A d d p c i d e v i c e i d 0 x 2 2 7 1 . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : I s s u e a b o r t c o m m a n d f o r o u t s t a n d i n g c o m m a n d s d u r i n g c l e a n u p w h e n o n l y f i r m w a r e i s a l i v e . ( G i r i d h a r M a l a v a l i ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : L o g w h e n d e v i c e s t a t e i s m o v e d t o f a i l e d s t a t e . ( G i r i d h a r M a l a v a l i ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : F i x s p a r s e w a r n i n g s i n q l a _ m r . c ( A r m e n B a l o y a n ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : C o r r e c t o p e r a t i o n s f o r I S P 2 7 x x t e m p l a t e t y p e s 2 7 0 a n d 2 7 1 . ( J o e C a r n u c c i o ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A d d a n d u s e 3 2 G b p s F C - G S d e f i n i t i o n s . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : D o n o t s c h e d u l e r e s e t w h e n o n e i s a l r e a d y a c t i v e w h e n r e c e i v i n g a n i n v a l i d s t a t u s h a n d l e . ( C h a d D u p u i s ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A d d I O C B A b o r t c o m m a n d a s y n c h r o n o u s h a n d l i n g ( A r m e n B a l o y a n ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - q l a 2 x x x : A d d I S P 2 7 0 1 t o P C I I D t a b l e . ( S a w a n C h a n d a k ) [ O r a b u g : 1 8 5 2 4 7 6 7 ] \r b r > - U p d a t e q l g e d r i v e r t o v 1 . 0 0 . 0 0 . 3 4 ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 8 5 5 2 2 2 5 ] \r b r > - [ S C S I ] h p s a : u p d a t e d r i v e r v e r s i o n t o 3 . 4 . 4 - 1 ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 8 5 2 4 7 6 6 ] \r b r > - [ S C S I ] h p s a : f i x b a d e n d i f p l a c e m e n t i n R A I D 5 m a p p e r c o d e ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 8 5 2 4 7 6 6 ] \r b r > - [ S C S I ] h p s a : D o n o t z e r o f i e l d s o f i o a c c e l 2 c o m m a n d s t r u c t u r e t w i c e ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 8 5 2 4 7 6 6 ] \r b r > - [ S C S I ] h p s a : A d d h b a m o d e t o t h e h p s a d r i v e r ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 8 5 2 4 7 6 6 ] \r b r > - [ S C S I ] h p s a : r e m o v e u n u s e d s t r u c t r e q u e s t f r o m C o m m a n d L i s t ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 8 5 2 4 7 6 6 ] \r b r > - [ S C S I ] h p s a : i n c r e a s e t h e p r o b a b i l i t y o f a r e p o r t e d s u c c e s s a f t e r a d e v i c e r e s e t ( T o m a s H e n z l ) [ O r a b u g : 1 8 5 2 4 7 6 6 ] \r b r > - [ S C S I ] h p s a : b r i n g f o r m a t - i n - p r o g r e s s d r i v e s o n l i n e w h e n r e a d y ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 8 5 2 4 7 6 6 ] \r b r > - [ S C S I ] h p s a : r e m o v e u n u s e d k t h r e a d . h h e a d e r ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 8 5 2 4 7 6 6 ] \r b r > - b o n d i n g : I n a c t i v e s l a v e s s h o u l d k e e p i n a c t i v e f l a g ' s v a l u e ( z h e n g . l i ) [ O r a b u g : 1 8 3 4 5 4 8 2 ] \r b r > - d t r a c e : f i x l e a k i n g p s i n f o o b j e c t s ( K r i s V a n H e e s ) [ O r a b u g : 1 8 3 8 3 0 2 7 ] \r b r > - x e n / p v h v m : S u p p o r t m o r e t h a n 3 2 V C P U s w h e n m i g r a t i n g . ( K o n r a d R z e s z u t e k W i l k ) [ O r a b u g : 1 8 5 5 2 6 6 4 ] \r b r > - x e n / m i c r o c o d e : O n l y l o a d u n d e r i n i t i a l d o m a i n . ( K o n r a d R z e s z u t e k W i l k ) [ O r a b u g : 1 8 3 7 9 8 2 4 ] \r b r > - a u d i t : M a k e t e s t i n g f o r a v a l i d l o g i n u i d e x p l i c i t . ( E r i c W . B i e d e r m a n ) [ O r a b u g : 1 8 3 4 6 9 0 1 ] \r b r > - a u d i t : m a k e v a l i d i t y c h e c k i n g g e n e r i c ( E r i c P a r i s ) [ O r a b u g : 1 8 3 4 6 9 0 1 ] \r b r > - a u d i t : a l l o w c h e c k i n g t h e t y p e o f a u d i t m e s s a g e i n t h e u s e r f i l t e r ( E r i c P a r i s ) [ O r a b u g : 1 8 3 4 6 9 0 1 ] \r b r > - i 4 0 e : e n a b l e C O N F I G _ I 4 0 E b y d e f a u l t ( B r i a n M a l y ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : a d d k c o m p a t c a l l s ( B r i a n M a l y ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : i n c l u d e i 4 0 e i n k e r n e l p r o p e r ( J e s s e B r a n d e b u r g ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : d e b u g f s i n t e r f a c e ( J e s s e B r a n d e b u r g ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : i n i t c o d e a n d h a r d w a r e s u p p o r t ( J e s s e B r a n d e b u r g ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : i m p l e m e n t v i r t u a l d e v i c e i n t e r f a c e ( J e s s e B r a n d e b u r g ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : d r i v e r c o r e h e a d e r s ( J e s s e B r a n d e b u r g ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : d r i v e r e t h t o o l c o r e ( J e s s e B r a n d e b u r g ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : t r a n s m i t , r e c e i v e , a n d N A P I ( J e s s e B r a n d e b u r g ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - i 4 0 e : m a i n d r i v e r c o r e ( J e s s e B r a n d e b u r g ) [ O r a b u g : 1 8 4 2 9 9 7 3 ] \r b r > - o c f s 2 : p a s s \" n e w \" p a r a m e t e r t o o c f s 2 _ i n i t _ x a t t r _ b u c k e t ( W e n g a n g W a n g ) [ O r a b u g : 1 8 4 4 7 7 6 5 ] \r b r > - q l c n i c : m a k e K c o n f i g / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 0 1 9 6 . h t m l \" > C V E - 2 0 1 4 - 0 1 9 6 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 2 3 0 9 . h t m l \" > C V E - 2 0 1 4 - 2 3 0 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 0 0 4 9 . h t m l \" > C V E - 2 0 1 4 - 0 0 4 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 0 0 3 8 . h t m l \" > C V E - 2 0 1 4 - 0 0 3 8 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 3 - 4 5 8 7 . h t m l \" > C V E - 2 0 1 3 - 4 5 8 7 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 3 - 7 2 6 6 . h t m l \" > C V E - 2 0 1 3 - 7 2 6 6 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 3 - 6 8 8 5 . h t m l \" > C V E - 2 0 1 3 - 6 8 8 5 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 6 ( x 8 6 _ 6 4 ) / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 3 5 . e l 6 u e k - 0 . 4 . 3 - 4 . e l 6 . s r c . r p m / t d > t d > 4 9 f a a d b 4 c 0 f 6 e 0 9 0 2 d 7 d 0 4 e a d 7 5 d 3 4 3 2 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 3 5 . e l 6 u e k . s r c . r p m / t d > t d > 2 1 3 4 9 e 3 2 4 b d 3 5 a 8 7 f c 2 d e d e 5 7 c 4 9 2 0 1 a / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 3 5 . e l 6 u e k - 0 . 4 . 3 - 4 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > 9 e 1 a b 5 d 5 2 8 7 b 9 b 2 4 2 0 4 0 b e 8 6 8 5 3 6 f 1 a c / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - h e a d e r s - 0 . 4 . 3 - 4 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > a d e 5 6 a d 5 d 1 6 3 a 5 0 1 2 0 b 1 5 4 0 f c 4 e 3 c 9 6 9 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - p r o v i d e r - h e a d e r s - 0 . 4 . 3 - 4 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > f 1 7 7 2 1 2 6 8 3 4 1 8 2 d 0 2 2 5 6 7 9 7 d 5 0 9 c e f 7 1 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L B A - 2 0 1 7 - 3 5 4 3 . h t m l \" > E L B A - 2 0 1 7 - 3 5 4 3 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 3 5 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 1 a c c 5 e c 8 6 d 3 5 3 8 3 0 9 e 9 4 c c d b a 0 0 0 b f 6 5 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - 3 . 8 . 1 3 - 3 5 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 4 d 3 f 5 9 4 c 7 c 0 3 c b 4 3 f 4 b 6 6 e e 1 b c e 7 3 e 0 c / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - d e v e l - 3 . 8 . 1 3 - 3 5 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 6 a e 2 7 b 0 8 0 e a 2 6 e a 6 6 8 6 8 5 1 2 8 2 e 3 9 5 d e 4 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e v e l - 3 . 8 . 1 3 - 3 5 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > b 3 1 5 6 3 d a a 3 3 e c 7 e 4 c 0 9 c 0 1 2 4 3 e c b a e b b / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d o c - 3 . 8 . 1 3 - 3 5 . e l 6 u e k . n o a r c h . r p m / t d > t d > b 5 4 5 6 2 1 f 0 5 6 0 2 b 0 a f 4 f c 6 0 2 e c 4 0 3 0 e 8 5 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - f i r m w a r e - 3 . 8 . 1 3 - 3 5 . e l 6 u e k . n o a r c h . r p m / t d > t d > b a 2 a 4 1 a 0 7 0 9 6 5 e 6 1 8 c 9 b 6 7 c 6 9 6 2 7 2 3 3 3 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "edition": 2, "reporter": "Oracle", "published": "2014-05-19T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0038", "CVE-2013-6383", "CVE-2013-7266", "CVE-2014-0196", "CVE-2014-2851", "CVE-2014-2309", "CVE-2014-0049", "CVE-2013-6885", "CVE-2014-0077", "CVE-2013-4587"], "modified": "2014-05-19T00:00:00", "id": "ELSA-2014-3034", "href": "http://linux.oracle.com/errata/ELSA-2014-3034.html", "cvss": {"score": 7.4, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:26:26", "references": ["https://rhn.redhat.com/errata/RHSA-2014-0285.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-xen-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-xen", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-headers", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-PAE-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-xen-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-headers-2.6.18-371.6.1.el5.i386.rpm", "packageName": "kernel-headers", "arch": "i386", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-xen-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-xen", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debug", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-PAE-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-PAE", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-xen-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-doc-2.6.18-371.6.1.el5.noarch.rpm", "packageName": "kernel-doc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-doc-2.6.18-371.6.1.el5.noarch.rpm", "packageName": "kernel-doc", "arch": "noarch", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-debug-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-debug-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debug", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel-debug-devel", "arch": "i686", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-devel-2.6.18-371.6.1.el5.x86_64.rpm", "packageName": "kernel-devel", "arch": "x86_64", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-2.6.18-371.6.1.el5.src.rpm", "packageName": "kernel", "arch": "any", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.6.18-371.6.1.el5", "packageFilename": "kernel-2.6.18-371.6.1.el5.i686.rpm", "packageName": "kernel", "arch": "i686", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2014:0285\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel's QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n* A flaw was found in the way the ipc_rcu_putref() function in the Linux\nkernel's IPC implementation handled reference counter decrementing.\nA local, unprivileged user could use this flaw to trigger an Out of Memory\n(OOM) condition and, potentially, crash the system. (CVE-2013-4483,\nModerate)\n\n* It was found that the Xen hypervisor implementation did not correctly\ncheck privileges of hypercall attempts made by HVM guests, allowing\nhypercalls to be invoked from protection rings 1 and 2 in addition to ring\n0. A local attacker in an HVM guest able to execute code on privilege\nlevels 1 and 2 could potentially use this flaw to further escalate their\nprivileges in that guest. Note: Xen HVM guests running unmodified versions\nof Red Hat Enterprise Linux and Microsoft Windows are not affected by this\nissue because they are known to only use protection rings 0 (kernel) and 3\n(userspace). (CVE-2013-4554, Moderate)\n\n* A flaw was found in the way the Linux kernel's Adaptec RAID controller\n(aacraid) checked permissions of compat IOCTLs. A local attacker could use\nthis flaw to bypass intended security restrictions. (CVE-2013-6383,\nModerate)\n\n* It was found that, under specific circumstances, a combination of write\noperations to write-combined memory and locked CPU instructions may cause a\ncore hang on certain AMD CPUs (for more information, refer to AMD CPU\nerratum 793 linked in the References section). A privileged user in a guest\nrunning under the Xen hypervisor could use this flaw to cause a denial of\nservice on the host system. This update adds a workaround to the Xen\nhypervisor implementation, which mitigates the AMD CPU issue. Note: this\nissue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs\nare not vulnerable. (CVE-2013-6885, Moderate)\n\n* It was found that certain protocol handlers in the Linux kernel's\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls. (CVE-2013-7263, Low)\n\n* A flaw was found in the way the get_dumpable() function return value was\ninterpreted in the ptrace subsystem of the Linux kernel. When\n'fs.suid_dumpable' was set to 2, a local, unprivileged local user could\nuse this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\nRed Hat would like to thank Vladimir Davydov of Parallels for reporting\nCVE-2013-4483 and the Xen project for reporting CVE-2013-4554 and\nCVE-2013-6885. Upstream acknowledges Jan Beulich as the original reporter\nof CVE-2013-4554 and CVE-2013-6885.\n\nThis update also fixes several bugs and adds one enhancement.\nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/020199.html\n\n**Affected packages:**\nkernel\nkernel-PAE\nkernel-PAE-devel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-xen\nkernel-xen-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0285.html", "edition": 1, "reporter": "CentOS Project", "published": "2014-03-13T10:35:06", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "title": "kernel security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6383", "CVE-2013-2929", "CVE-2013-4554", "CVE-2013-7263", "CVE-2013-4483", "CVE-2013-6885", "CVE-2013-6381"], "modified": "2014-03-13T10:35:06", "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/020199.html", "id": "CESA-2014:0285", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:32", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893", "https://bugs.gentoo.org/show_bug.cgi?id=486354", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400", "https://bugs.gentoo.org/show_bug.cgi?id=505714", "https://bugs.gentoo.org/show_bug.cgi?id=509054", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375", "https://bugs.gentoo.org/show_bug.cgi?id=499054", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891", "https://bugs.gentoo.org/show_bug.cgi?id=497086", "https://bugs.gentoo.org/show_bug.cgi?id=513824", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551", "https://bugs.gentoo.org/show_bug.cgi?id=501080", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895", "https://bugs.gentoo.org/show_bug.cgi?id=500528", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896", "https://bugs.gentoo.org/show_bug.cgi?id=501906", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124", "https://bugs.gentoo.org/show_bug.cgi?id=440768", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356", "https://bugs.gentoo.org/show_bug.cgi?id=484478", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642", "https://bugs.gentoo.org/show_bug.cgi?id=497084", "https://bugs.gentoo.org/show_bug.cgi?id=500530", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329", "https://bugs.gentoo.org/show_bug.cgi?id=497082", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355", "https://bugs.gentoo.org/show_bug.cgi?id=500536", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553", "https://bugs.gentoo.org/show_bug.cgi?id=499124", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.3.2-r5", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulations/xen-tools", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.3.2-r4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulations/xen", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.3.2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-emulations/xen-pvgrub", "operator": "lt"}], "edition": 1, "description": "### Background\n\nXen is a bare-metal hypervisor.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Xen 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulations/xen-4.3.2-r2\"\n \n\nAll Xen 4.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulations/xen-4.2.4-r2\"\n \n\nAll xen-tools 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulations/xen-tools-4.3.2-r2\"\n \n\nAll xen-tools 4.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-emulations/xen-tools-4.2.4-r2\"\n \n\nAll Xen PVGRUB 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulations/xen-pvgrub-4.3.2\"\n \n\nAll Xen PVGRUB 4.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-emulations/xen-pvgrub-4.2.4\"", "reporter": "Gentoo Foundation", "published": "2014-07-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Xen: Multiple Vunlerabilities", "bulletinFamily": "unix", "cvelist": ["CVE-2014-1891", "CVE-2014-4021", "CVE-2014-1642", "CVE-2013-4368", "CVE-2013-4370", "CVE-2013-4329", "CVE-2014-1895", "CVE-2013-4356", "CVE-2014-1894", "CVE-2013-4554", "CVE-2014-1892", "CVE-2013-4416", "CVE-2013-4361", "CVE-2014-3124", "CVE-2013-6400", "CVE-2014-1896", "CVE-2013-4553", "CVE-2013-6375", "CVE-2014-2599", "CVE-2014-1893", "CVE-2013-4369", "CVE-2013-6885", "CVE-2013-4371", "CVE-2013-1442", "CVE-2013-4551", "CVE-2014-1666", "CVE-2013-4494", "CVE-2013-4355", "CVE-2013-4375"], "modified": "2014-07-16T00:00:00", "id": "GLSA-201407-03", "href": "https://security.gentoo.org/glsa/201407-03", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}
