drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.
{"redhatcve": [{"lastseen": "2021-10-13T19:55:32", "description": "System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2020-04-08T16:59:31", "type": "redhatcve", "title": "CVE-2016-6327", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6327"], "modified": "2021-10-13T17:23:44", "id": "RH:CVE-2016-6327", "href": "https://access.redhat.com/security/cve/CVE-2016-6327", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-06-28T14:36:58", "description": "drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1\nallows local users to cause a denial of service (NULL pointer dereference\nand system crash) by using an ABORT_TASK command to abort a device write\noperation.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-16T00:00:00", "type": "ubuntucve", "title": "CVE-2016-6327", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6327"], "modified": "2016-10-16T00:00:00", "id": "UB:CVE-2016-6327", "href": "https://ubuntu.com/security/CVE-2016-6327", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-06-03T14:41:17", "description": "drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-10-16T21:59:00", "type": "debiancve", "title": "CVE-2016-6327", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6327"], "modified": "2016-10-16T21:59:00", "id": "DEBIANCVE:CVE-2016-6327", "href": "https://security-tracker.debian.org/tracker/CVE-2016-6327", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-05-19T14:11:59", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3645 advisory.\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956)\n\n - The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. (CVE-2016-2053)\n\n - The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. (CVE-2016-4569)\n\n - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.\n (CVE-2016-4578)\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. (CVE-2016-6327)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. (CVE-2016-3070)\n\n - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. (CVE-2016-3699)\n\n - Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a double fetch vulnerability. (CVE-2016-6136)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3645)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8956", "CVE-2016-2053", "CVE-2016-3070", "CVE-2016-3699", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-6136", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.14.2.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.14.2.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2016-3645.NASL", "href": "https://www.tenable.com/plugins/nessus/95043", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3645.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95043);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-8956\",\n \"CVE-2016-2053\",\n \"CVE-2016-3070\",\n \"CVE-2016-3699\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-6136\",\n \"CVE-2016-6327\",\n \"CVE-2016-6480\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3645)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2016-3645 advisory.\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local\n users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956)\n\n - The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to\n cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. (CVE-2016-2053)\n\n - The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via crafted use of the ALSA timer interface. (CVE-2016-4569)\n\n - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which\n allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA\n timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.\n (CVE-2016-4578)\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a\n denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation. (CVE-2016-6327)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel\n before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service\n (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a\n certain page move. (CVE-2016-3070)\n\n - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted\n with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute\n untrusted code by appending ACPI tables to the initrd. (CVE-2016-3699)\n\n - Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through\n 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by\n changing a certain string, aka a double fetch vulnerability. (CVE-2016-6136)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2016-3645.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3699\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.14.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.14.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.14.2.el6uek', '3.8.13-118.14.2.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2016-3645');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.14.2.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.14.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.14.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.14.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.14.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.14.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.14.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.14.2.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.14.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.14.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.14.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.14.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.14.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.14.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.14.2.el6uek / dtrace-modules-3.8.13-118.14.2.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:13", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060050] (CVE-2016-6480) (CVE-2016-6480)\n\n - IB/srpt: Simplify srpt_handle_tsk_mgmt (Bart Van Assche) [Orabug: 25060011] (CVE-2016-6327)\n\n - audit: fix a double fetch in audit_log_single_execve_arg (Paul Moore) [Orabug: 25059945] (CVE-2016-6136)\n\n - ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug:\n 25059899] (CVE-2016-4578)\n\n - ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059899] (CVE-2016-4578)\n\n - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059753] (CVE-2016-4569)\n\n - acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058991] (CVE-2016-3699)\n\n - Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058903] (CVE-2015-8956)\n\n - ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059046] (CVE-2016-2053)\n\n - mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059194] (CVE-2016-3070)", "cvss3": {}, "published": "2016-11-22T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0163)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8956", "CVE-2016-2053", "CVE-2016-3070", "CVE-2016-3699", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-6136", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2016-0163.NASL", "href": "https://www.tenable.com/plugins/nessus/95046", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0163.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95046);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-3070\", \"CVE-2016-3699\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-6136\", \"CVE-2016-6327\", \"CVE-2016-6480\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0163)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - aacraid: Check size values after double-fetch from user\n (Dave Carroll) [Orabug: 25060050] (CVE-2016-6480)\n (CVE-2016-6480)\n\n - IB/srpt: Simplify srpt_handle_tsk_mgmt (Bart Van Assche)\n [Orabug: 25060011] (CVE-2016-6327)\n\n - audit: fix a double fetch in audit_log_single_execve_arg\n (Paul Moore) [Orabug: 25059945] (CVE-2016-6136)\n\n - ALSA: timer: Fix leak in events via\n snd_timer_user_tinterrupt (Kangjie Lu) [Orabug:\n 25059899] (CVE-2016-4578)\n\n - ALSA: timer: Fix leak in events via\n snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059899]\n (CVE-2016-4578)\n\n - ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS\n (Kangjie Lu) [Orabug: 25059753] (CVE-2016-4569)\n\n - acpi: Disable ACPI table override if securelevel is set\n (Linn Crosetto) [Orabug: 25058991] (CVE-2016-3699)\n\n - Bluetooth: Fix potential NULL dereference in RFCOMM bind\n callback (Jaganath Kanakkassery) [Orabug: 25058903]\n (CVE-2015-8956)\n\n - ASN.1: Fix non-match detection failure on data overrun\n (David Howells) [Orabug: 25059046] (CVE-2016-2053)\n\n - mm: migrate dirty page without clear_page_dirty_for_io\n etc (Hugh Dickins) [Orabug: 25059194] (CVE-2016-3070)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-November/000588.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8247686e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.14.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.14.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:19:03", "description": "The openSUSE 13.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).\n\n - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418).\n\n - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748).\n\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152)\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608).\n\n - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689).\n\n - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570).\n\nThe following non-security bugs were fixed :\n\n - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520).\n\n - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094)\n\n - MSI-X: fix an error path (luckily none so far).\n\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n\n - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).\n\n - Update patches.fixes/0002-nfsd-check-permissions-when-setting-A CLs.patch (bsc#986570 CVE#2016-1237).\n\n - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570 CVE#2016-1237).\n\n - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287).\n\n - arm64: Honor __GFP_ZERO in dma allocations (bsc#1004045).\n\n - arm64: __clear_user: handle exceptions on strb (bsc#994752).\n\n - arm64: dma-mapping: always clear allocated buffers (bsc#1004045).\n\n - arm64: perf: reject groups spanning multiple HW PMUs (bsc#1003931).\n\n - blkfront: fix an error path memory leak (luckily none so far).\n\n - blktap2: eliminate deadlock potential from shutdown path (bsc#909994).\n\n - blktap2: eliminate race from deferred work queue handling (bsc#911687).\n\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).\n\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n\n - kaweth: fix firmware download (bsc#993890).\n\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n\n - netback: fix flipping mode (bsc#996664).\n\n - netback: fix flipping mode (bsc#996664).\n\n - netfront: linearize SKBs requiring too many slots (bsc#991247).\n\n - nfsd: check permissions when setting ACLs (bsc#986570).\n\n - posix_acl: Add set_posix_acl (bsc#986570).\n\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n\n - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486).\n\n - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634).\n\n - x86: suppress lazy MMU updates during vmalloc fault processing (bsc#951155).\n\n - xen-netback-generalize.patch: Fold back into base patch.\n\n - xen3-patch-2.6.31.patch: Fold back into base patch.\n\n - xen3-patch-3.12.patch: Fold bac into base patch.\n\n - xen3-patch-3.15.patch: Fold back into base patch.\n\n - xen3-patch-3.3.patch: Fold back into base patch.\n\n - xen3-patch-3.9.patch: Fold bac into base patch.\n\n - xen3-patch-3.9.patch: Fold back into base patch.\n\n - xenbus: do not bail early from xenbus_dev_request_and_reply() (luckily none so far).\n\n - xenbus: inspect the correct type in xenbus_dev_request_and_reply().", "cvss3": {}, "published": "2016-10-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1227) (Dirty COW)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7513", "CVE-2015-8956", "CVE-2016-0823", "CVE-2016-1237", "CVE-2016-5195", "CVE-2016-5696", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7117", "CVE-2016-7425", "CVE-2016-8658"], "modified": "2022-03-08T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bbswitch", "p-cpe:/a:novell:opensuse:bbswitch-debugsource", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo"], "id": "OPENSUSE-2016-1227.NASL", "href": "https://www.tenable.com/plugins/nessus/94303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1227.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94303);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/08\");\n\n script_cve_id(\n \"CVE-2015-7513\",\n \"CVE-2015-8956\",\n \"CVE-2016-0823\",\n \"CVE-2016-1237\",\n \"CVE-2016-5195\",\n \"CVE-2016-5696\",\n \"CVE-2016-6327\",\n \"CVE-2016-6480\",\n \"CVE-2016-6828\",\n \"CVE-2016-7117\",\n \"CVE-2016-7425\",\n \"CVE-2016-8658\"\n );\n script_xref(name:\"IAVA\", value:\"2016-A-0306-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1227) (Dirty COW)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE 13.2 kernel was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed\n local users to obtain sensitive information or cause a\n denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM\n socket (bnc#1003925).\n\n - CVE-2016-5195: A local privilege escalation using\n MAP_PRIVATE was fixed, which is reportedly exploited in\n the wild (bsc#1004418).\n\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021\n 1.c in the Linux kernel allowed local users to cause a\n denial of service (system crash) or possibly have\n unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-0823: The pagemap_open function in\n fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as\n used in Android 6.0.1 before 2016-03-01, allowed local\n users to obtain sensitive physical-address information\n by reading a pagemap file, aka Android internal bug\n 25739721 (bnc#994759).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did\n not restrict a certain length field, which allowed local\n users to gain privileges or cause a denial of service\n (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in\n the Linux kernel allowed local users to cause a denial\n of service (NULL pointer dereference and system crash)\n by using an ABORT_TASK command to abort a device write\n operation (bnc#994748).\n\n - CVE-2016-6828: The tcp_check_send_head function in\n include/net/tcp.h in the Linux kernel did not properly\n maintain certain SACK state after a failed data copy,\n which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system\n crash) via a crafted SACK option (bnc#994296).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel\n did not properly determine the rate of challenge ACK\n segments, which made it easier for man-in-the-middle\n attackers to hijack TCP sessions via a blind in-window\n attack (bnc#989152)\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib\n function in drivers/scsi/aacraid/commctrl.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds access or system crash) by changing a\n certain size value, aka a 'double fetch' vulnerability\n (bnc#991608).\n\n - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel\n did not reset the PIT counter values during state\n restoration, which allowed guest OS users to cause a\n denial of service (divide-by-zero error and host OS\n crash) via a zero value, related to the\n kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions\n (bnc#960689).\n\n - CVE-2016-1237: nfsd in the Linux kernel allowed local\n users to bypass intended file-permission restrictions by\n setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c,\n and nfs4acl.c (bnc#986570).\n\nThe following non-security bugs were fixed :\n\n - AF_VSOCK: Shrink the area influenced by prepare_to_wait\n (bsc#994520).\n\n - xen: Fix refcnt regression in xen netback introduced by\n changes made for bug#881008 (bnc#978094)\n\n - MSI-X: fix an error path (luckily none so far).\n\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n\n - usb: validate wMaxPacketValue entries in endpoint\n descriptors (bnc#991665).\n\n - Update\n patches.fixes/0002-nfsd-check-permissions-when-setting-A\n CLs.patch (bsc#986570 CVE#2016-1237).\n\n - Update\n patches.fixes/0001-posix_acl-Add-set_posix_acl.patch\n (bsc#986570 CVE#2016-1237).\n\n - apparmor: fix change_hat not finding hat after policy\n replacement (bsc#1000287).\n\n - arm64: Honor __GFP_ZERO in dma allocations\n (bsc#1004045).\n\n - arm64: __clear_user: handle exceptions on strb\n (bsc#994752).\n\n - arm64: dma-mapping: always clear allocated buffers\n (bsc#1004045).\n\n - arm64: perf: reject groups spanning multiple HW PMUs\n (bsc#1003931).\n\n - blkfront: fix an error path memory leak (luckily none so\n far).\n\n - blktap2: eliminate deadlock potential from shutdown path\n (bsc#909994).\n\n - blktap2: eliminate race from deferred work queue\n handling (bsc#911687).\n\n - btrfs: ensure that file descriptor used with subvol\n ioctls is a dir (bsc#999600).\n\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n\n - kaweth: fix firmware download (bsc#993890).\n\n - kaweth: fix oops upon failed memory allocation\n (bsc#993890).\n\n - netback: fix flipping mode (bsc#996664).\n\n - netback: fix flipping mode (bsc#996664).\n\n - netfront: linearize SKBs requiring too many slots\n (bsc#991247).\n\n - nfsd: check permissions when setting ACLs (bsc#986570).\n\n - posix_acl: Add set_posix_acl (bsc#986570).\n\n - ppp: defer netns reference release for ppp channel\n (bsc#980371).\n\n - tunnels: Do not apply GRO to multiple layers of\n encapsulation (bsc#1001486).\n\n - usb: hub: Fix auto-remount of safely removed or ejected\n USB-3 devices (bsc#922634).\n\n - x86: suppress lazy MMU updates during vmalloc fault\n processing (bsc#951155).\n\n - xen-netback-generalize.patch: Fold back into base patch.\n\n - xen3-patch-2.6.31.patch: Fold back into base patch.\n\n - xen3-patch-3.12.patch: Fold bac into base patch.\n\n - xen3-patch-3.15.patch: Fold back into base patch.\n\n - xen3-patch-3.3.patch: Fold back into base patch.\n\n - xen3-patch-3.9.patch: Fold bac into base patch.\n\n - xen3-patch-3.9.patch: Fold back into base patch.\n\n - xenbus: do not bail early from\n xenbus_dev_request_and_reply() (luckily none so far).\n\n - xenbus: inspect the correct type in\n xenbus_dev_request_and_reply().\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=881008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960689\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980371\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986570\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991247\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993890\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993891\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=996664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999932\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-0.8-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-debugsource-0.8-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-0.8_k3.16.7_45-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-debuginfo-0.8_k3.16.7_45-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-0.8_k3.16.7_45-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_45-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-0.8_k3.16.7_45-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_45-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-0.8_k3.16.7_45-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_45-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-2.639-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debuginfo-2.639-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debugsource-2.639-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-2.639_k3.16.7_45-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.16.7_45-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-2.639_k3.16.7_45-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.16.7_45-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-2.639_k3.16.7_45-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.16.7_45-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-2.639_k3.16.7_45-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.16.7_45-14.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-7.0.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debuginfo-7.0.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debugsource-7.0.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-devel-7.0.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-7.0.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-debuginfo-7.0.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-7.0.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-debuginfo-7.0.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-7.0.8_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-debuginfo-7.0.8_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-7.0.8_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-7.0.8_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-debuginfo-7.0.8_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-7.0.8_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-debuginfo-7.0.8_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-debugsource-1.28-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-1.28_k3.16.7_45-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.16.7_45-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-1.28_k3.16.7_45-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_45-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-1.28_k3.16.7_45-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_45-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-1.28_k3.16.7_45-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_45-18.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-6.23-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debuginfo-6.23-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debugsource-6.23-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-devel-6.23-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-6.23_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-debuginfo-6.23_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-6.23_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-debuginfo-6.23_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-6.23_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-debuginfo-6.23_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-6.23_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-debuginfo-6.23_k3.16.7_45-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-macros-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-xen-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-vanilla-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-syms-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-6.23-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-debuginfo-6.23-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-0.44-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debuginfo-0.44-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debugsource-0.44-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-0.44_k3.16.7_45-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.16.7_45-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-0.44_k3.16.7_45-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_45-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-0.44_k3.16.7_45-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_45-260.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-debuginfo-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-debugsource-20140629-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-20140629_k3.16.7_45-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-debuginfo-20140629_k3.16.7_45-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-20140629_k3.16.7_45-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-debuginfo-20140629_k3.16.7_45-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-20140629_k3.16.7_45-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-debuginfo-20140629_k3.16.7_45-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-20140629_k3.16.7_45-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-debuginfo-20140629_k3.16.7_45-2.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debuginfo-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debugsource-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-devel-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-desktop-icons-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-debuginfo-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-debuginfo-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-debuginfo-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-debuginfo-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-debuginfo-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-debuginfo-5.0.28_k3.16.7_45-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-source-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-debuginfo-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-debuginfo-5.0.28-54.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-debugsource-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-devel-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-debuginfo-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-debuginfo-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-2.6-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debuginfo-2.6-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debugsource-2.6-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-2.6_k3.16.7_45-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_45-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-2.6_k3.16.7_45-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_45-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-2.6_k3.16.7_45-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_45-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-2.6_k3.16.7_45-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_45-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.16.7-45.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_05_k3.16.7_45-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_05_k3.16.7_45-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-4.4.4_05_k3.16.7_45-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-debuginfo-4.4.4_05_k3.16.7_45-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_05-51.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_05-51.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bbswitch / bbswitch-debugsource / bbswitch-kmp-default / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-22T15:49:25", "description": "The openSUSE 13.1 kernel was updated to 3.12.67 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on the ARM platform, when KVM is used, allowed host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call. (bsc#994758)\n\n - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel allowed local users to gain privileges by triggering access to a paging structure by a different CPU (bnc#963767).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).\n\n - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748).\n\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152).\n\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability (bnc#987542).\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608).\n\nThe following non-security bugs were fixed :\n\n - aacraid: Fix RRQ overload (bsc#1003079).\n\n - acpi / pm: Ignore wakeup setting if the ACPI companion can't wake up (FATE#315621).\n\n - af_vsock: Shrink the area influenced by prepare_to_wait (bsc#994520).\n\n - apparmor: add missing id bounds check on dfa verification (bsc#1000304).\n\n - apparmor: check that xindex is in trans_table bounds (bsc#1000304).\n\n - apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304).\n\n - apparmor: do not expose kernel stack (bsc#1000304).\n\n - apparmor: ensure the target profile name is always audited (bsc#1000304).\n\n - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304).\n\n - apparmor: fix arg_size computation for when setprocattr is null terminated (bsc#1000304).\n\n - apparmor: fix audit full profile hname on successful load (bsc#1000304).\n\n - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287).\n\n - apparmor: fix disconnected bind mnts reconnection (bsc#1000304).\n\n - apparmor: fix log failures for all profiles in a set (bsc#1000304).\n\n - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304).\n\n - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304).\n\n - apparmor: fix oops, validate buffer size in apparmor_setprocattr() (bsc#1000304).\n\n - apparmor: fix put() parent ref after updating the active ref (bsc#1000304).\n\n - apparmor: fix refcount bug in profile replacement (bsc#1000304).\n\n - apparmor: fix refcount race when finding a child profile (bsc#1000304).\n\n - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304).\n\n - apparmor: fix uninitialized lsm_audit member (bsc#1000304).\n\n - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304).\n\n - apparmor: internal paths should be treated as disconnected (bsc#1000304).\n\n - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).\n\n - arm64: Ensure pmd_present() returns false after pmd_mknotpresent() (Automatic NUMA Balancing (fate#315482)).\n\n - arm64: mm: remove broken &= operator from pmd_mknotpresent (Automatic NUMA Balancing (fate#315482)).\n\n - avoid dentry crash triggered by NFS (bsc#984194).\n\n - be2net: Do not leak iomapped memory on removal (bsc#921784 FATE#318561).\n\n - be2net: fix BE3-R FW download compatibility check (bsc#921784 FATE#318561).\n\n - be2net: fix wrong return value in be_check_ufi_compatibility() (bsc#921784 FATE#318561).\n\n - be2net: remove vlan promisc capability from VF's profile descriptors (bsc#921784 FATE#318561).\n\n - blacklist.conf :\n\n - blacklist.conf: 78f3d050c34b We do not support fsl hardware\n\n - blacklist.conf: add 5195c14c8b27 (reverted and superseded by a commit we already have)\n\n - blacklist.conf: Add entry for 7bf52fb891b64b8d61caf0b82060adb9db761aec The commit 7bf52fb891b6 ('mm: vmscan: reclaim highmem zone if buffer_heads is over limit') is unnecessary as the fix is also available from commit d4debc66d1fc ('vmscan:\n remove unnecessary temporary vars in do_try_to_free_pages').\n\n - blacklist.conf: add pointless networking follow-up fixes\n\n - blacklist.conf: Add two fanotify commits which we do not need (fixes tag was not quite accurate)\n\n - blacklist.conf: Blacklist unsupported architectures\n\n - blkfront: fix an error path memory leak (luckily none so far).\n\n - blk-mq: fix undefined behaviour in order_to_size() (fate#315209).\n\n - blktap2: eliminate deadlock potential from shutdown path (bsc#909994).\n\n - blktap2: eliminate race from deferred work queue handling (bsc#911687).\n\n - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes (fate#316924).\n\n - bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687).\n\n - bonding: fix curr_active_slave/carrier with loadbalance arp monitoring (fate#316924).\n\n - bonding: Prevent IPv6 link local address on enslaved devices (fate#316924).\n\n - bonding: prevent out of bound accesses (fate#316924).\n\n - bonding: set carrier off for devices created through netlink (bsc#999577).\n\n - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619).\n\n - btrfs: add missing discards when unpinning extents with\n -o discard (bsc#904489).\n\n - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector boundaries (bsc#904489).\n\n - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#904489).\n\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).\n\n - btrfs: explictly delete unused block groups in close_ctree and ro-remount (bsc#904489).\n\n - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596, bsc#984779)\n\n - btrfs: fix fitrim discarding device area reserved for boot loader's use (bsc#904489).\n\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n\n - btrfs: iterate over unused chunk space in FITRIM (bsc#904489).\n\n - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).\n\n - btrfs: properly track when rescan worker is running (bsc#989953).\n\n - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock (bsc#904489).\n\n - btrfs: reorder patches to place local patches back at the end of the series\n\n - btrfs: skip superblocks during discard (bsc#904489).\n\n - btrfs: test_check_exists: Fix infinite loop when searching for free space entries (bsc#987192).\n\n - btrfs: waiting on qgroup rescan should not always be interruptible (bsc#992712).\n\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n\n - cephfs: ignore error from invalidate_inode_pages2_range() in direct write (bsc#995153).\n\n - cephfs: remove warning when ceph_releasepage() is called on dirty page (bsc#995153).\n\n - clockevents: export clockevents_unbind_device instead of clockevents_unbind (bnc#937888).\n\n - conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition (bsc#966864).\n\n - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).\n\n - cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338).\n\n - dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943)\n\n - drivers/hv: share Hyper-V SynIC constants with userspace (bnc#937888).\n\n - drivers: hv: vmbus: avoid scheduling in interrupt context in vmbus_initiate_unload() (bnc#937888).\n\n - drivers: hv: vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload() (bnc#937888).\n\n - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#937888).\n\n - drivers: hv: vmbus: Cleanup vmbus_set_event() (bnc#937888).\n\n - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#937888).\n\n - drivers: hv: vmbus: do not manipulate with clocksources on crash (bnc#937888).\n\n - drivers: hv: vmbus: Force all channel messages to be delivered on CPU 0 (bnc#937888).\n\n - drivers: hv: vmbus: Get rid of the unused irq variable (bnc#937888).\n\n - drivers: hv: vmbus: handle various crash scenarios (bnc#937888).\n\n - drivers: hv: vmbus: remove code duplication in message handling (bnc#937888).\n\n - drivers: hv: vmbus: Support handling messages on multiple CPUs (bnc#937888).\n\n - drivers: hv: vmbus: Support kexec on ws2012 r2 and above (bnc#937888).\n\n - efi: Small leak on error in runtime map code (fate#315019).\n\n - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)\n\n - ext4: Add parameter for tuning handling of ext2 (bsc#976195).\n\n - Fix kabi change cause by adding flock_owner to open_context (bsc#998689).\n\n - fix pCPU handling (luckily none so far).\n\n - fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.pat ch (bsc#1003153).\n\n - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681).\n\n - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).\n\n - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).\n\n - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).\n\n - fs/cifs: make share unaccessible at root level mountable (bsc#799133).\n\n - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133).\n\n - fs/cifs: REVERT fix wrongly prefixed path to root (bsc#963655, bsc#979681)\n\n - fs/select: add vmalloc fallback for select(2) (bsc#1000189).\n\n - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419).\n\n - hyperv: enable call to clockevents_unbind_device in kexec/kdump path\n\n - hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in the base kernel\n\n - i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659).\n\n - ib/IWPM: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338).\n\n - ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545 FATE#316891).\n\n - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486).\n\n - iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772).\n\n - ipv6: fix multipath route replace error recovery (bsc#930399).\n\n - ipv6: KABI workaround for ipv6: add complete rcu protection around np->opt.\n\n - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).\n\n - ipv6: send only one NEWLINK when RA causes changes (bsc#934067).\n\n - iscsi: Add a missed complete in iscsit_close_connection (bsc#992555, bsc#987805).\n\n - iwlwifi: dvm: fix flush support for old firmware (bsc#940545).\n\n - kabi: clockevents: export clockevents_unbind again.\n\n - kabi: hide harmless change in struct inet_connection_sock (fate#318553).\n\n - kABI: protect backing-dev include in mm/migrate.\n\n - kABI: protect enum usb_device_speed.\n\n - kABI: protect struct mlx5_modify_qp_mbox_in.\n\n - kABI: protect struct mmc_packed (kabi).\n\n - kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617).\n\n - kaweth: fix firmware download (bsc#993890).\n\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n\n - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420).\n\n - kernel/printk/printk.c: fix faulty logic in the case of recursive printk (bnc#744692, bnc#789311).\n\n - kvm: do not handle APIC access page if in-kernel irqchip is not in use (bsc#959463).\n\n - kvm: vmx: defer load of APIC access page address during reset (bsc#959463).\n\n - libceph: enable large, variable-sized OSD requests (bsc#988715).\n\n - libceph: make r_request msg_size calculation clearer (bsc#988715).\n\n - libceph: move r_reply_op_(len,result) into struct ceph_osd_req_op (bsc#988715).\n\n - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715).\n\n - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715).\n\n - libfc: do not send ABTS when resetting exchanges (bsc#962846).\n\n - libfc: Do not take rdata->rp_mutex when processing a\n -FC_EX_CLOSED ELS response (bsc#962846).\n\n - libfc: Fixup disc_mutex handling (bsc#962846).\n\n - libfc: fixup locking of ptp_setup() (bsc#962846).\n\n - libfc: Issue PRLI after a PRLO has been received (bsc#962846).\n\n - libfc: reset exchange manager during LOGO handling (bsc#962846).\n\n - libfc: Revisit kref handling (bnc#990245).\n\n - libfc: sanity check cpu number extracted from xid (bsc#988440).\n\n - libfc: send LOGO for PLOGI failure (bsc#962846).\n\n - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).\n\n - md: check command validity early in md_ioctl() (bsc#1004520).\n\n - md: Drop sending a change uevent when stopping (bsc#1003568).\n\n - md: lockless I/O submission for RAID1 (bsc#982783).\n\n - md/raid5: fix a recently broken BUG_ON() (bsc#1006691).\n\n - memcg: convert threshold to bytes (bnc#931454).\n\n - memcg: fix thresholds for 32b architectures (bnc#931454).\n\n - mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975 VM performance -- git fixes).\n\n - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445).\n\n - module: Issue warnings when tainting kernel (bsc#974406).\n\n - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).\n\n - mpt3sas: Update patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-b efore-enabli.patch (bsc#967640, bsc#992244).\n\n - msi-x: fix an error path (luckily none so far).\n\n - netback: fix flipping mode (bsc#996664).\n\n - netback: fix refounting (bsc#978094).\n\n - netfront: do not truncate grant references.\n\n - netfront: use correct linear area after linearizing an skb (bsc#1007886).\n\n - nfs4: reset states to use open_stateid when returning delegation voluntarily (bsc#1003400).\n\n - nfs: Add a stub for GETDEVICELIST (bnc#898675).\n\n - nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584).\n\n - nfsd: Use free_conn to free connection (bsc#979451).\n\n - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).\n\n - nfs: Fix a regression in the read() syscall (bsc#999584).\n\n - nfs: fix BUG() crash in notify_change() with patch to chown_common() (bnc#876463).\n\n - nfs: fix pg_test page count calculation (bnc#898675).\n\n - nfs: nfs4_fl_prepare_ds must be careful about reporting success (bsc#1000776).\n\n - nfsv4: add flock_owner to open context (bnc#998689).\n\n - nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (bnc#998689).\n\n - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (bnc#998689).\n\n - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (bnc#998689).\n\n - nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT (bnc#866130).\n\n - oom: print nodemask in the oom report (bnc#1003866).\n\n - packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131).\n\n - perf/x86/intel: Fix bug for 'cycles:p' and 'cycles:pp' on SLM (bsc#997896).\n\n - pm / hibernate: Fix 2G size issue of snapshot image verification (bsc#1004252).\n\n - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends (bnc#860441).\n\n - powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825).\n\n - printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928).\n\n - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).\n\n - qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609)\n\n - radeon: avoid boot hang in Xen Dom0 (luckily none so far).\n\n - ratelimit: extend to print suppressed messages on release (bsc#979928).\n\n - ratelimit: fix bug in time interval by resetting right begin time (bsc#979928).\n\n - rbd: truncate objects on cmpext short reads (bsc#988715).\n\n - rcu: Fix improper use or RCU in patches.kabi/ipv6-add-complete-rcu-protection-around-np- opt.kabi.patch. (bsc#961257)\n\n - Refresh patches.suse/CFS-0259-ceph-Asynchronous-IO-support.patch . After a write, we must free the 'request', not the 'response'. This error crept in during the backport.\n bsc#995153\n\n - Refresh patches.xen/xen3-patch-3.9 (bsc#991247).\n\n - Rename patches.xen/xen3-kgr-(0107,1003)-reserve-a-place-in-thre ad_struct-for-storing-RIP.patch to match its non-Xen counterpart.\n\n - Revert 'can: dev: fix deadlock reported after bus-off'.\n\n - Revert 'Input: i8042 - break load dependency between atkbd/psmouse and i8042'.\n\n - Revert 'Input: i8042 - set up shared ps2_cmd_mutex for AUX ports'.\n\n - rpm/config.sh: do not prepend '60.' to release string This is needed for SLE maintenance workflow, no need for that in evergreen-13.1.\n\n - rpm/config.sh: Set the SP1 release string to 60.<RELEASE> (bsc#997059)\n\n - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)\n\n - rtnetlink: avoid 0 sized arrays (fate#316924).\n\n - s390: add SMT support (bnc#994438, LTC#144756).\n\n - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419).\n\n - sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419).\n\n - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).\n\n - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n\n - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).\n\n - sd: Fix memory leak caused by RESET_WP patch (bsc#999779).\n\n - squashfs3: properly handle dir_emit() failures (bsc#998795).\n\n - sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT (bnc#868923).\n\n - sunrpc: Fix a regression when reconnecting (bsc#946309).\n\n - supported.conf: Add ext2\n\n - supported.conf: Add iscsi modules to -base (bsc#997299)\n\n - supported.conf: Add tun to -base (bsc#992593)\n\n - supported.conf: Add veth to -base (bsc#992591)\n\n - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP (bsc#987621).\n\n - target: Fix race between iscsi-target connection shutdown + ABORT_TASK (bsc#987621).\n\n - tcp: add proper TS val into RST packets (bsc#937086).\n\n - tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086).\n\n - tcp: fix child sockets to use system default congestion control if not set (fate#318553).\n\n - tcp: fix cwnd limited checking to improve congestion control (bsc#988617).\n\n - tcp: refresh skb timestamp at retransmit time (bsc#937086).\n\n - timers: Use proper base migration in add_timer_on() (bnc#993392).\n\n - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486).\n\n - tunnels: Remove encapsulation offloads on decap (bsc#1001486).\n\n - Update patches.kabi/kabi.clockevents_unbind.patch (bnc#937888).\n\n - uprobes: Fix the memcg accounting (bnc#931454).\n\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n\n - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634).\n\n - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).\n\n - vmxnet3: Wake queue from reset work (bsc#999907).\n\n - x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance git-fixes).\n\n - xenbus: do not invoke ->is_ready() for most device states (bsc#987333).\n\n - xenbus: inspect the correct type in xenbus_dev_request_and_reply().\n\n - xen: Linux 3.12.63.\n\n - xen: Linux 3.12.64.\n\n - xen/pciback: Fix conf_space read/write overlap check.\n\n - xen-pciback: return proper values during BAR sizing.\n\n - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n\n - xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153).\n\n - xfs: handle dquot buffer readahead in log recovery correctly (bsc#955446).\n\n - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n\n - xhci: silence warnings in switch (bnc#991665).", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-5634", "CVE-2015-8956", "CVE-2016-2069", "CVE-2016-5696", "CVE-2016-6130", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-8658"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget", "p-cpe:/a:novell:opensuse:iscsitarget-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:iscsitarget-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper", "p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch", "p-cpe:/a:novell:opensuse:openvswitch-controller", "p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debugsource", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-pki", "p-cpe:/a:novell:opensuse:openvswitch-switch", "p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-test", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-openvswitch", "p-cpe:/a:novell:opensuse:python-openvswitch-test", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1410.NASL", "href": "https://www.tenable.com/plugins/nessus/95592", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1410.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95592);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-5634\", \"CVE-2015-8956\", \"CVE-2016-2069\", \"CVE-2016-5696\", \"CVE-2016-6130\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-6828\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-7425\", \"CVE-2016-8658\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1410)\");\n script_summary(english:\"Check for the openSUSE-2016-1410 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.1 kernel was updated to 3.12.67 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on\n the ARM platform, when KVM is used, allowed host OS\n users to cause a denial of service (NULL pointer\n dereference, OOPS, and host OS crash) or possibly have\n unspecified other impact by omitting vCPU initialization\n before a KVM_GET_REG_LIST ioctl call. (bsc#994758)\n\n - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in\n the Linux kernel allowed local users to gain privileges\n by triggering access to a paging structure by a\n different CPU (bnc#963767).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux kernel used an\n incorrect buffer size for certain timeout data, which\n allowed local users to cause a denial of service (stack\n memory corruption and panic) by reading the /proc/keys\n file (bnc#1004517).\n\n - CVE-2016-7097: The filesystem implementation in the\n Linux kernel preserved the setgid bit during a setxattr\n call, which allowed local users to gain group privileges\n by leveraging the existence of a setgid program with\n restrictions on execute permissions (bnc#995968).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed\n local users to obtain sensitive information or cause a\n denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM\n socket (bnc#1003925).\n\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021\n 1.c in the Linux kernel allowed local users to cause a\n denial of service (system crash) or possibly have\n unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did\n not restrict a certain length field, which allowed local\n users to gain privileges or cause a denial of service\n (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in\n the Linux kernel allowed local users to cause a denial\n of service (NULL pointer dereference and system crash)\n by using an ABORT_TASK command to abort a device write\n operation (bnc#994748).\n\n - CVE-2016-6828: The tcp_check_send_head function in\n include/net/tcp.h in the Linux kernel did not properly\n maintain certain SACK state after a failed data copy,\n which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system\n crash) via a crafted SACK option (bnc#994296).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel\n did not properly determine the rate of challenge ACK\n segments, which made it easier for remote attackers to\n hijack TCP sessions via a blind in-window attack\n (bnc#989152).\n\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb\n function in drivers/s390/char/sclp_ctl.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory by changing a certain\n length value, aka a 'double fetch' vulnerability\n (bnc#987542).\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib\n function in drivers/scsi/aacraid/commctrl.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds access or system crash) by changing a\n certain size value, aka a 'double fetch' vulnerability\n (bnc#991608).\n\nThe following non-security bugs were fixed :\n\n - aacraid: Fix RRQ overload (bsc#1003079).\n\n - acpi / pm: Ignore wakeup setting if the ACPI companion\n can't wake up (FATE#315621).\n\n - af_vsock: Shrink the area influenced by prepare_to_wait\n (bsc#994520).\n\n - apparmor: add missing id bounds check on dfa\n verification (bsc#1000304).\n\n - apparmor: check that xindex is in trans_table bounds\n (bsc#1000304).\n\n - apparmor: do not check for vmalloc_addr if kvzalloc()\n failed (bsc#1000304).\n\n - apparmor: do not expose kernel stack (bsc#1000304).\n\n - apparmor: ensure the target profile name is always\n audited (bsc#1000304).\n\n - apparmor: exec should not be returning ENOENT when it\n denies (bsc#1000304).\n\n - apparmor: fix arg_size computation for when setprocattr\n is null terminated (bsc#1000304).\n\n - apparmor: fix audit full profile hname on successful\n load (bsc#1000304).\n\n - apparmor: fix change_hat not finding hat after policy\n replacement (bsc#1000287).\n\n - apparmor: fix disconnected bind mnts reconnection\n (bsc#1000304).\n\n - apparmor: fix log failures for all profiles in a set\n (bsc#1000304).\n\n - apparmor: fix module parameters can be changed after\n policy is locked (bsc#1000304).\n\n - apparmor: fix oops in profile_unpack() when policy_db is\n not present (bsc#1000304).\n\n - apparmor: fix oops, validate buffer size in\n apparmor_setprocattr() (bsc#1000304).\n\n - apparmor: fix put() parent ref after updating the active\n ref (bsc#1000304).\n\n - apparmor: fix refcount bug in profile replacement\n (bsc#1000304).\n\n - apparmor: fix refcount race when finding a child profile\n (bsc#1000304).\n\n - apparmor: fix replacement bug that adds new child to old\n parent (bsc#1000304).\n\n - apparmor: fix uninitialized lsm_audit member\n (bsc#1000304).\n\n - apparmor: fix update the mtime of the profile file on\n replacement (bsc#1000304).\n\n - apparmor: internal paths should be treated as\n disconnected (bsc#1000304).\n\n - apparmor: use list_next_entry instead of list_entry_next\n (bsc#1000304).\n\n - arm64: Ensure pmd_present() returns false after\n pmd_mknotpresent() (Automatic NUMA Balancing\n (fate#315482)).\n\n - arm64: mm: remove broken &= operator from\n pmd_mknotpresent (Automatic NUMA Balancing\n (fate#315482)).\n\n - avoid dentry crash triggered by NFS (bsc#984194).\n\n - be2net: Do not leak iomapped memory on removal\n (bsc#921784 FATE#318561).\n\n - be2net: fix BE3-R FW download compatibility check\n (bsc#921784 FATE#318561).\n\n - be2net: fix wrong return value in\n be_check_ufi_compatibility() (bsc#921784 FATE#318561).\n\n - be2net: remove vlan promisc capability from VF's profile\n descriptors (bsc#921784 FATE#318561).\n\n - blacklist.conf :\n\n - blacklist.conf: 78f3d050c34b We do not support fsl\n hardware\n\n - blacklist.conf: add 5195c14c8b27 (reverted and\n superseded by a commit we already have)\n\n - blacklist.conf: Add entry for\n 7bf52fb891b64b8d61caf0b82060adb9db761aec The commit\n 7bf52fb891b6 ('mm: vmscan: reclaim highmem zone if\n buffer_heads is over limit') is unnecessary as the fix\n is also available from commit d4debc66d1fc ('vmscan:\n remove unnecessary temporary vars in\n do_try_to_free_pages').\n\n - blacklist.conf: add pointless networking follow-up fixes\n\n - blacklist.conf: Add two fanotify commits which we do not\n need (fixes tag was not quite accurate)\n\n - blacklist.conf: Blacklist unsupported architectures\n\n - blkfront: fix an error path memory leak (luckily none so\n far).\n\n - blk-mq: fix undefined behaviour in order_to_size()\n (fate#315209).\n\n - blktap2: eliminate deadlock potential from shutdown path\n (bsc#909994).\n\n - blktap2: eliminate race from deferred work queue\n handling (bsc#911687).\n\n - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes\n (fate#316924).\n\n - bonding: always set recv_probe to bond_arp_rcv in arp\n monitor (bsc#977687).\n\n - bonding: fix curr_active_slave/carrier with loadbalance\n arp monitoring (fate#316924).\n\n - bonding: Prevent IPv6 link local address on enslaved\n devices (fate#316924).\n\n - bonding: prevent out of bound accesses (fate#316924).\n\n - bonding: set carrier off for devices created through\n netlink (bsc#999577).\n\n - btrfs: account for non-CoW'd blocks in\n btrfs_abort_transaction (bsc#983619).\n\n - btrfs: add missing discards when unpinning extents with\n -o discard (bsc#904489).\n\n - btrfs: btrfs_issue_discard ensure offset/length are\n aligned to sector boundaries (bsc#904489).\n\n - btrfs: do not create or leak aliased root while cleaning\n up orphans (bsc#904489).\n\n - btrfs: ensure that file descriptor used with subvol\n ioctls is a dir (bsc#999600).\n\n - btrfs: explictly delete unused block groups in\n close_ctree and ro-remount (bsc#904489).\n\n - btrfs: Fix a data space underflow warning (bsc#985562,\n bsc#975596, bsc#984779)\n\n - btrfs: fix fitrim discarding device area reserved for\n boot loader's use (bsc#904489).\n\n - btrfs: handle quota reserve failure properly\n (bsc#1005666).\n\n - btrfs: iterate over unused chunk space in FITRIM\n (bsc#904489).\n\n - btrfs: make btrfs_issue_discard return bytes discarded\n (bsc#904489).\n\n - btrfs: properly track when rescan worker is running\n (bsc#989953).\n\n - btrfs: remove unnecessary locking of cleaner_mutex to\n avoid deadlock (bsc#904489).\n\n - btrfs: reorder patches to place local patches back at\n the end of the series\n\n - btrfs: skip superblocks during discard (bsc#904489).\n\n - btrfs: test_check_exists: Fix infinite loop when\n searching for free space entries (bsc#987192).\n\n - btrfs: waiting on qgroup rescan should not always be\n interruptible (bsc#992712).\n\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n\n - cephfs: ignore error from\n invalidate_inode_pages2_range() in direct write\n (bsc#995153).\n\n - cephfs: remove warning when ceph_releasepage() is called\n on dirty page (bsc#995153).\n\n - clockevents: export clockevents_unbind_device instead of\n clockevents_unbind (bnc#937888).\n\n - conntrack: RFC5961 challenge ACK confuse conntrack\n LAST-ACK transition (bsc#966864).\n\n - cpumask, nodemask: implement cpumask/nodemask_pr_args()\n (bnc1003866).\n\n - cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570\n bsc#921338).\n\n - dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943)\n\n - drivers/hv: share Hyper-V SynIC constants with userspace\n (bnc#937888).\n\n - drivers: hv: vmbus: avoid scheduling in interrupt\n context in vmbus_initiate_unload() (bnc#937888).\n\n - drivers: hv: vmbus: avoid unneeded compiler\n optimizations in vmbus_wait_for_unload() (bnc#937888).\n\n - drivers: hv: vmbus: avoid wait_for_completion() on crash\n (bnc#937888).\n\n - drivers: hv: vmbus: Cleanup vmbus_set_event()\n (bnc#937888).\n\n - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED\n messages (bnc#937888).\n\n - drivers: hv: vmbus: do not manipulate with clocksources\n on crash (bnc#937888).\n\n - drivers: hv: vmbus: Force all channel messages to be\n delivered on CPU 0 (bnc#937888).\n\n - drivers: hv: vmbus: Get rid of the unused irq variable\n (bnc#937888).\n\n - drivers: hv: vmbus: handle various crash scenarios\n (bnc#937888).\n\n - drivers: hv: vmbus: remove code duplication in message\n handling (bnc#937888).\n\n - drivers: hv: vmbus: Support handling messages on\n multiple CPUs (bnc#937888).\n\n - drivers: hv: vmbus: Support kexec on ws2012 r2 and above\n (bnc#937888).\n\n - efi: Small leak on error in runtime map code\n (fate#315019).\n\n - ext2: Enable ext2 driver in config files (bsc#976195,\n fate#320805)\n\n - ext4: Add parameter for tuning handling of ext2\n (bsc#976195).\n\n - Fix kabi change cause by adding flock_owner to\n open_context (bsc#998689).\n\n - fix pCPU handling (luckily none so far).\n\n - fix\n xfs-handle-dquot-buffer-readahead-in-log-recovery-co.pat\n ch (bsc#1003153).\n\n - fs/cifs: cifs_get_root shouldn't use path with tree name\n (bsc#963655, bsc#979681).\n\n - fs/cifs: Compare prepaths when comparing superblocks\n (bsc#799133).\n\n - fs/cifs: Fix memory leaks in cifs_do_mount()\n (bsc#799133).\n\n - fs/cifs: Fix regression which breaks DFS mounting\n (bsc#799133).\n\n - fs/cifs: make share unaccessible at root level mountable\n (bsc#799133).\n\n - fs/cifs: Move check for prefix path to within\n cifs_get_root() (bsc#799133).\n\n - fs/cifs: REVERT fix wrongly prefixed path to root\n (bsc#963655, bsc#979681)\n\n - fs/select: add vmalloc fallback for select(2)\n (bsc#1000189).\n\n - ftrace/x86: Set ftrace_stub to weak to prevent gcc from\n using short jumps to it (bsc#984419).\n\n - hyperv: enable call to clockevents_unbind_device in\n kexec/kdump path\n\n - hyperv: replace KEXEC_CORE by plain KEXEC because we\n lack 2965faa5e0 in the base kernel\n\n - i40e: fix an uninitialized variable bug (bnc#857397\n FATE#315659).\n\n - ib/IWPM: Fix a potential skb leak (bsc#924381\n FATE#318568 bsc#921338).\n\n - ib/mlx5: Fix RC transport send queue overhead\n computation (bnc#865545 FATE#316891).\n\n - introduce NETIF_F_GSO_ENCAP_ALL helper mask\n (bsc#1001486).\n\n - iommu/amd: Update Alias-DTE in update_device_table()\n (bsc#975772).\n\n - ipv6: fix multipath route replace error recovery\n (bsc#930399).\n\n - ipv6: KABI workaround for ipv6: add complete rcu\n protection around np->opt.\n\n - ipv6: send NEWLINK on RA managed/otherconf changes\n (bsc#934067).\n\n - ipv6: send only one NEWLINK when RA causes changes\n (bsc#934067).\n\n - iscsi: Add a missed complete in iscsit_close_connection\n (bsc#992555, bsc#987805).\n\n - iwlwifi: dvm: fix flush support for old firmware\n (bsc#940545).\n\n - kabi: clockevents: export clockevents_unbind again.\n\n - kabi: hide harmless change in struct\n inet_connection_sock (fate#318553).\n\n - kABI: protect backing-dev include in mm/migrate.\n\n - kABI: protect enum usb_device_speed.\n\n - kABI: protect struct mlx5_modify_qp_mbox_in.\n\n - kABI: protect struct mmc_packed (kabi).\n\n - kabi: work around kabi changes from commit 53f9ff48f636\n (bsc#988617).\n\n - kaweth: fix firmware download (bsc#993890).\n\n - kaweth: fix oops upon failed memory allocation\n (bsc#993890).\n\n - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd\n (bnc#941420).\n\n - kernel/printk/printk.c: fix faulty logic in the case of\n recursive printk (bnc#744692, bnc#789311).\n\n - kvm: do not handle APIC access page if in-kernel irqchip\n is not in use (bsc#959463).\n\n - kvm: vmx: defer load of APIC access page address during\n reset (bsc#959463).\n\n - libceph: enable large, variable-sized OSD requests\n (bsc#988715).\n\n - libceph: make r_request msg_size calculation clearer\n (bsc#988715).\n\n - libceph: move r_reply_op_(len,result) into struct\n ceph_osd_req_op (bsc#988715).\n\n - libceph: osdc->req_mempool should be backed by a slab\n pool (bsc#988715).\n\n - libceph: rename ceph_osd_req_op::payload_len to\n indata_len (bsc#988715).\n\n - libfc: do not send ABTS when resetting exchanges\n (bsc#962846).\n\n - libfc: Do not take rdata->rp_mutex when processing a\n -FC_EX_CLOSED ELS response (bsc#962846).\n\n - libfc: Fixup disc_mutex handling (bsc#962846).\n\n - libfc: fixup locking of ptp_setup() (bsc#962846).\n\n - libfc: Issue PRLI after a PRLO has been received\n (bsc#962846).\n\n - libfc: reset exchange manager during LOGO handling\n (bsc#962846).\n\n - libfc: Revisit kref handling (bnc#990245).\n\n - libfc: sanity check cpu number extracted from xid\n (bsc#988440).\n\n - libfc: send LOGO for PLOGI failure (bsc#962846).\n\n - lib/vsprintf: implement bitmap printing through\n '%*pb[l]' (bnc#1003866).\n\n - md: check command validity early in md_ioctl()\n (bsc#1004520).\n\n - md: Drop sending a change uevent when stopping\n (bsc#1003568).\n\n - md: lockless I/O submission for RAID1 (bsc#982783).\n\n - md/raid5: fix a recently broken BUG_ON() (bsc#1006691).\n\n - memcg: convert threshold to bytes (bnc#931454).\n\n - memcg: fix thresholds for 32b architectures\n (bnc#931454).\n\n - mm, cma: prevent nr_isolated_* counters from going\n negative (bnc#971975 VM performance -- git fixes).\n\n - mm: thp: fix SMP race condition between THP page fault\n and MADV_DONTNEED (VM Functionality, bnc#986445).\n\n - module: Issue warnings when tainting kernel\n (bsc#974406).\n\n - mpt2sas, mpt3sas: Fix panic when aer correct error\n occurred (bsc#997708).\n\n - mpt3sas: Update\n patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-b\n efore-enabli.patch (bsc#967640, bsc#992244).\n\n - msi-x: fix an error path (luckily none so far).\n\n - netback: fix flipping mode (bsc#996664).\n\n - netback: fix refounting (bsc#978094).\n\n - netfront: do not truncate grant references.\n\n - netfront: use correct linear area after linearizing an\n skb (bsc#1007886).\n\n - nfs4: reset states to use open_stateid when returning\n delegation voluntarily (bsc#1003400).\n\n - nfs: Add a stub for GETDEVICELIST (bnc#898675).\n\n - nfs: Do not write enable new pages while an invalidation\n is proceeding (bsc#999584).\n\n - nfsd: Use free_conn to free connection (bsc#979451).\n\n - nfs: Fix an LOCK/OPEN race when unlinking an open file\n (bsc#956514).\n\n - nfs: Fix a regression in the read() syscall\n (bsc#999584).\n\n - nfs: fix BUG() crash in notify_change() with patch to\n chown_common() (bnc#876463).\n\n - nfs: fix pg_test page count calculation (bnc#898675).\n\n - nfs: nfs4_fl_prepare_ds must be careful about reporting\n success (bsc#1000776).\n\n - nfsv4: add flock_owner to open context (bnc#998689).\n\n - nfsv4: change nfs4_do_setattr to take an open_context\n instead of a nfs4_state (bnc#998689).\n\n - nfsv4: change nfs4_select_rw_stateid to take a\n lock_context inplace of lock_owner (bnc#998689).\n\n - nfsv4: enhance nfs4_copy_lock_stateid to use a flock\n stateid if there is one (bnc#998689).\n\n - nfsv4: Ensure nfs_atomic_open set the dentry verifier on\n ENOENT (bnc#866130).\n\n - oom: print nodemask in the oom report (bnc#1003866).\n\n - packet: tpacket_snd(): fix signed/unsigned comparison\n (bsc#874131).\n\n - perf/x86/intel: Fix bug for 'cycles:p' and 'cycles:pp'\n on SLM (bsc#997896).\n\n - pm / hibernate: Fix 2G size issue of snapshot image\n verification (bsc#1004252).\n\n - pm / hibernate: Fix rtree_next_node() to avoid walking\n off list ends (bnc#860441).\n\n - powerpc: add kernel parameter iommu_alloc_quiet\n (bsc#998825).\n\n - printk: add kernel parameter to control writes to\n /dev/kmsg (bsc#979928).\n\n - qgroup: Prevent qgroup->reserved from going subzero\n (bsc#993841).\n\n - qlcnic: potential NULL dereference in\n qlcnic_83xx_get_minidump_template() (bsc#922064\n FATE#318609)\n\n - radeon: avoid boot hang in Xen Dom0 (luckily none so\n far).\n\n - ratelimit: extend to print suppressed messages on\n release (bsc#979928).\n\n - ratelimit: fix bug in time interval by resetting right\n begin time (bsc#979928).\n\n - rbd: truncate objects on cmpext short reads\n (bsc#988715).\n\n - rcu: Fix improper use or RCU in\n patches.kabi/ipv6-add-complete-rcu-protection-around-np-\n opt.kabi.patch. (bsc#961257)\n\n - Refresh\n patches.suse/CFS-0259-ceph-Asynchronous-IO-support.patch\n . After a write, we must free the 'request', not the\n 'response'. This error crept in during the backport.\n bsc#995153\n\n - Refresh patches.xen/xen3-patch-3.9 (bsc#991247).\n\n - Rename\n patches.xen/xen3-kgr-(0107,1003)-reserve-a-place-in-thre\n ad_struct-for-storing-RIP.patch to match its non-Xen\n counterpart.\n\n - Revert 'can: dev: fix deadlock reported after bus-off'.\n\n - Revert 'Input: i8042 - break load dependency between\n atkbd/psmouse and i8042'.\n\n - Revert 'Input: i8042 - set up shared ps2_cmd_mutex for\n AUX ports'.\n\n - rpm/config.sh: do not prepend '60.' to release string\n This is needed for SLE maintenance workflow, no need for\n that in evergreen-13.1.\n\n - rpm/config.sh: Set the SP1 release string to\n 60.<RELEASE> (bsc#997059)\n\n - rpm/mkspec: Read a default release string from\n rpm/config.sh (bsc997059)\n\n - rtnetlink: avoid 0 sized arrays (fate#316924).\n\n - s390: add SMT support (bnc#994438, LTC#144756).\n\n - sched/core: Fix an SMP ordering race in try_to_wake_up()\n vs. schedule() (bnc#1001419).\n\n - sched/core: Fix a race between try_to_wake_up() and a\n woken up task (bsc#1002165, bsc#1001419).\n\n - scsi: ibmvfc: add FC Class 3 Error Recovery support\n (bsc#984992).\n\n - scsi: ibmvfc: Fix I/O hang when port is not mapped\n (bsc#971989)\n\n - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in\n PRLI (bsc#984992).\n\n - sd: Fix memory leak caused by RESET_WP patch\n (bsc#999779).\n\n - squashfs3: properly handle dir_emit() failures\n (bsc#998795).\n\n - sunrpc: Add missing support for\n RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT (bnc#868923).\n\n - sunrpc: Fix a regression when reconnecting (bsc#946309).\n\n - supported.conf: Add ext2\n\n - supported.conf: Add iscsi modules to -base (bsc#997299)\n\n - supported.conf: Add tun to -base (bsc#992593)\n\n - supported.conf: Add veth to -base (bsc#992591)\n\n - target: Fix missing complete during ABORT_TASK +\n CMD_T_FABRIC_STOP (bsc#987621).\n\n - target: Fix race between iscsi-target connection\n shutdown + ABORT_TASK (bsc#987621).\n\n - tcp: add proper TS val into RST packets (bsc#937086).\n\n - tcp: align tcp_xmit_size_goal() on tcp_tso_autosize()\n (bsc#937086).\n\n - tcp: fix child sockets to use system default congestion\n control if not set (fate#318553).\n\n - tcp: fix cwnd limited checking to improve congestion\n control (bsc#988617).\n\n - tcp: refresh skb timestamp at retransmit time\n (bsc#937086).\n\n - timers: Use proper base migration in add_timer_on()\n (bnc#993392).\n\n - tunnels: Do not apply GRO to multiple layers of\n encapsulation (bsc#1001486).\n\n - tunnels: Remove encapsulation offloads on decap\n (bsc#1001486).\n\n - Update patches.kabi/kabi.clockevents_unbind.patch\n (bnc#937888).\n\n - uprobes: Fix the memcg accounting (bnc#931454).\n\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n\n - usbhid: add ATEN CS962 to list of quirky devices\n (bsc#1007615).\n\n - usb: hub: Fix auto-remount of safely removed or ejected\n USB-3 devices (bsc#922634).\n\n - usb: validate wMaxPacketValue entries in endpoint\n descriptors (bnc#991665).\n\n - vmxnet3: Wake queue from reset work (bsc#999907).\n\n - x86/tlb/trace: Do not trace on CPU that is offline (TLB\n Performance git-fixes).\n\n - xenbus: do not invoke ->is_ready() for most device\n states (bsc#987333).\n\n - xenbus: inspect the correct type in\n xenbus_dev_request_and_reply().\n\n - xen: Linux 3.12.63.\n\n - xen: Linux 3.12.64.\n\n - xen/pciback: Fix conf_space read/write overlap check.\n\n - xen-pciback: return proper values during BAR sizing.\n\n - xen: x86/mm/pat, /dev/mem: Remove superfluous error\n message (bsc#974620).\n\n - xfs: fixed signedness of error code in\n xfs_inode_buf_verify (bsc#1003153).\n\n - xfs: handle dquot buffer readahead in log recovery\n correctly (bsc#955446).\n\n - xfs: Silence warnings in xfs_vm_releasepage()\n (bnc#915183 bsc#987565).\n\n - xhci: silence warnings in switch (bnc#991665).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1002165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=744692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=772786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=789311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=857397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=860441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=865545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=866130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=868923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=874131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=875631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=876145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=876463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=898675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=921338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=921784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=924384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=940545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=941420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=946309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=962846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=976195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=995153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=995968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=996664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999932\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-pki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/09/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-2.639-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debuginfo-2.639-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debugsource-2.639-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-2.639_k3.12.67_58-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.12.67_58-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-2.639_k3.12.67_58-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.12.67_58-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-2.639_k3.12.67_58-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.12.67_58-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-2.639_k3.12.67_58-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.12.67_58-11.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-7.0.2-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debuginfo-7.0.2-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debugsource-7.0.2-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-devel-7.0.2-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-7.0.2-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-debuginfo-7.0.2-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-7.0.2-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-debuginfo-7.0.2-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-7.0.2_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-debuginfo-7.0.2_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-7.0.2_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-debuginfo-7.0.2_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-7.0.2_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-debuginfo-7.0.2_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-7.0.2_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-debuginfo-7.0.2_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-debugsource-1.28-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-1.28_k3.12.67_58-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.12.67_58-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-1.28_k3.12.67_58-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.12.67_58-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-1.28_k3.12.67_58-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.12.67_58-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-1.28_k3.12.67_58-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.12.67_58-16.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-6.21.1-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debuginfo-6.21.1-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debugsource-6.21.1-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-devel-6.21.1-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-6.21.1_k3.12.67_58-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-debuginfo-6.21.1_k3.12.67_58-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-6.21.1_k3.12.67_58-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-debuginfo-6.21.1_k3.12.67_58-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-6.21.1_k3.12.67_58-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-debuginfo-6.21.1_k3.12.67_58-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-6.21.1_k3.12.67_58-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-debuginfo-6.21.1_k3.12.67_58-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-1.4.20.3-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debuginfo-1.4.20.3-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debugsource-1.4.20.3-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-1.4.20.3_k3.12.67_58-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.12.67_58-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-1.4.20.3_k3.12.67_58-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.12.67_58-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-1.4.20.3_k3.12.67_58-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.12.67_58-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-1.4.20.3_k3.12.67_58-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.12.67_58-13.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-macros-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-6.21.1-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-debuginfo-6.21.1-2.40.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-1.58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debuginfo-1.58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debugsource-1.58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-1.58_k3.12.67_58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-debuginfo-1.58_k3.12.67_58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-1.58_k3.12.67_58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.12.67_58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-1.58_k3.12.67_58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-debuginfo-1.58_k3.12.67_58-37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-debuginfo-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debuginfo-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debugsource-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-1.11.0_k3.12.67_58-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-debuginfo-1.11.0_k3.12.67_58-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-1.11.0_k3.12.67_58-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-debuginfo-1.11.0_k3.12.67_58-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-1.11.0_k3.12.67_58-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-debuginfo-1.11.0_k3.12.67_58-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-1.11.0_k3.12.67_58-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-debuginfo-1.11.0_k3.12.67_58-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-pki-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-debuginfo-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-test-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-0.44-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debuginfo-0.44-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debugsource-0.44-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-0.44_k3.12.67_58-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.12.67_58-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-0.44_k3.12.67_58-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.12.67_58-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-0.44_k3.12.67_58-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.12.67_58-258.37.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-test-1.11.0-0.43.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-debuginfo-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-debugsource-20130607-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-20130607_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-debuginfo-20130607_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-20130607_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-debuginfo-20130607_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-20130607_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-debuginfo-20130607_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-20130607_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-debuginfo-20130607_k3.12.67_58-2.36.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debuginfo-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debugsource-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-devel-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-debuginfo-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-debuginfo-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-debuginfo-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.12.67_58-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-source-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-debuginfo-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-debuginfo-4.2.36-2.68.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.4_10_k3.12.67_58-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.4_10_k3.12.67_58-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.4_10_k3.12.67_58-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.4_10_k3.12.67_58-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.4_10_k3.12.67_58-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.4_10_k3.12.67_58-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-2.3-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debuginfo-2.3-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debugsource-2.3-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-2.3_k3.12.67_58-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-debuginfo-2.3_k3.12.67_58-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-2.3_k3.12.67_58-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.3_k3.12.67_58-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-2.3_k3.12.67_58-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-debuginfo-2.3_k3.12.67_58-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-2.3_k3.12.67_58-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-debuginfo-2.3_k3.12.67_58-2.35.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.4_10-69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.4_10-69.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloop / cloop-debuginfo / cloop-debugsource / cloop-kmp-default / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-22T15:46:34", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bsc#1004517).\n\n - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#995968).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152).\n\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability (bnc#987542).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748).\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608).\n\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001486).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2912-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8956", "CVE-2016-5696", "CVE-2016-6130", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-8658", "CVE-2016-8666"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2912-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95368", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2912-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95368);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-8956\", \"CVE-2016-5696\", \"CVE-2016-6130\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-6828\", \"CVE-2016-7039\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-7425\", \"CVE-2016-8658\", \"CVE-2016-8666\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2912-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.67 to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux kernel used an\n incorrect buffer size for certain timeout data, which\n allowed local users to cause a denial of service (stack\n memory corruption and panic) by reading the /proc/keys\n file (bsc#1004517).\n\n - CVE-2016-7097: The filesystem implementation in the\n Linux kernel preserved the setgid bit during a setxattr\n call, which allowed local users to gain group privileges\n by leveraging the existence of a setgid program with\n restrictions on execute permissions (bsc#995968).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed\n local users to obtain sensitive information or cause a\n denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM\n socket (bnc#1003925).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel\n did not properly determine the rate of challenge ACK\n segments, which made it easier for man-in-the-middle\n attackers to hijack TCP sessions via a blind in-window\n attack (bnc#989152).\n\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb\n function in drivers/s390/char/sclp_ctl.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory by changing a certain\n length value, aka a 'double fetch' vulnerability\n (bnc#987542).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in\n the Linux kernel allowed local users to cause a denial\n of service (NULL pointer dereference and system crash)\n by using an ABORT_TASK command to abort a device write\n operation (bnc#994748).\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib\n function in drivers/scsi/aacraid/commctrl.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds access or system crash) by changing a\n certain size value, aka a 'double fetch' vulnerability\n (bnc#991608).\n\n - CVE-2016-6828: The tcp_check_send_head function in\n include/net/tcp.h in the Linux kernel did not properly\n maintain certain SACK state after a failed data copy,\n which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system\n crash) via a crafted SACK option (bnc#994296).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did\n not restrict a certain length field, which allowed local\n users to gain privileges or cause a denial of service\n (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021\n 1.c in the Linux kernel allowed local users to cause a\n denial of service (system crash) or possibly have\n unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-8666: The IP stack in the Linux kernel allowed\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039 (bsc#1001486).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003400\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=744692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=772786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=789311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=857397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=860441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=865545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=866130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=868923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=874131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=876463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898675\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=911687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941420\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994438\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8956/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5696/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6327/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6828/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7097/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8666/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162912-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f1d2fea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1700=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1700=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1700=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2016-1700=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2016-1700=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1700=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.67-60.64.18.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.67-60.64.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-10-09T00:26:07", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915i1/4%0\n\n - The Linux kernel, before version 4.14.2, is vulnerable to a deadlock caused by fs/ocfs2/file.c:ocfs2_setattr(), as the function does not wait for DIO requests before locking the inode.\n This can be exploited by local users to cause a subsequent denial of service.(CVE-2017-18204i1/4%0\n\n - The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.(CVE-2017-9605i1/4%0\n\n - Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.(CVE-2014-2568i1/4%0\n\n - It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.(CVE-2014-9420i1/4%0\n\n - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754i1/4%0\n\n - A symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9730i1/4%0\n\n - In was found that in the Linux kernel, in vmw_surface_define_ioctl() function in 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a 'num_sizes' parameter is assigned a user-controlled value which is not checked if it is zero. This is used in a call to kmalloc() and later leads to dereferencing ZERO_SIZE_PTR, which in turn leads to a GPF and possibly to a kernel panic.(CVE-2017-7261i1/4%0\n\n - A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash.(CVE-2014-9529i1/4%0\n\n - A flaw was found in the Linux kernel's implementation of i8042 serial ports. An attacker could cause a kernel panic if they are able to add and remove devices as the module is loaded.(CVE-2017-18079i1/4%0\n\n - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2892i1/4%0\n\n - The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.(CVE-2014-7843i1/4%0\n\n - A divide-by-zero vulnerability was found in a way the kernel processes TCP connections. The error can occur if a connection starts another cwnd reduction phase by setting tp-i1/4zprior_cwnd to the current cwnd (0) in tcp_init_cwnd_reduction(). A remote, unauthenticated attacker could use this flaw to crash the kernel (denial of service).(CVE-2016-2070i1/4%0\n\n - The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.(CVE-2016-2383i1/4%0\n\n - System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.(CVE-2016-6327i1/4%0\n\n - A security flaw was found in the Linux kernel in the mark_source_chains() function in 'net/ipv4/netfilter/ip_tables.c'. It is possible for a user-supplied 'ipt_entry' structure to have a large 'next_offset' field. This field is not bounds checked prior to writing to a counter value at the supplied offset.(CVE-2016-3134i1/4%0\n\n - An out-of-bounds access issue was discovered in yurex_read() in drivers/usb/misc/yurex.c in the Linux kernel. A local attacker could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.(CVE-2018-16276i1/4%0\n\n - drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.(CVE-2016-4568i1/4%0\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.(CVE-2017-16525i1/4%0\n\n - The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image.\n (CVE-2018-1094)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2892", "CVE-2014-2568", "CVE-2014-7843", "CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9730", "CVE-2016-2070", "CVE-2016-2383", "CVE-2016-3134", "CVE-2016-4568", "CVE-2016-6327", "CVE-2016-7915", "CVE-2016-9754", "CVE-2017-16525", "CVE-2017-18079", "CVE-2017-18204", "CVE-2017-7261", "CVE-2017-9605", "CVE-2018-1094", "CVE-2018-16276"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1472.NASL", "href": "https://www.tenable.com/plugins/nessus/124796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124796);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-2892\",\n \"CVE-2014-2568\",\n \"CVE-2014-7843\",\n \"CVE-2014-9420\",\n \"CVE-2014-9529\",\n \"CVE-2014-9730\",\n \"CVE-2016-2070\",\n \"CVE-2016-2383\",\n \"CVE-2016-3134\",\n \"CVE-2016-4568\",\n \"CVE-2016-6327\",\n \"CVE-2016-7915\",\n \"CVE-2016-9754\",\n \"CVE-2017-16525\",\n \"CVE-2017-18079\",\n \"CVE-2017-18204\",\n \"CVE-2017-7261\",\n \"CVE-2017-9605\",\n \"CVE-2018-1094\",\n \"CVE-2018-16276\"\n );\n script_bugtraq_id(\n 62049,\n 66348,\n 71082,\n 71717,\n 71880,\n 74964\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The hid_input_field() function in\n 'drivers/hid/hid-core.c' in the Linux kernel before 4.6\n allows physically proximate attackers to obtain\n sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read) by connecting a\n device.(CVE-2016-7915i1/4%0\n\n - The Linux kernel, before version 4.14.2, is vulnerable\n to a deadlock caused by\n fs/ocfs2/file.c:ocfs2_setattr(), as the function does\n not wait for DIO requests before locking the inode.\n This can be exploited by local users to cause a\n subsequent denial of service.(CVE-2017-18204i1/4%0\n\n - The vmw_gb_surface_define_ioctl function (accessible\n via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel through 4.11.4 defines a backup_handle variable\n but does not give it an initial value. If one attempts\n to create a GB surface, with a previously allocated DMA\n buffer to be used as a backup buffer, the backup_handle\n variable does not get written to and is then later\n returned to user space, allowing local users to obtain\n sensitive information from uninitialized kernel memory\n via a crafted ioctl call.(CVE-2017-9605i1/4%0\n\n - Use-after-free vulnerability in the nfqnl_zcopy\n function in net/netfilter/nfnetlink_queue_core.c in the\n Linux kernel through 3.13.6 allows attackers to obtain\n sensitive information from kernel memory by leveraging\n the absence of a certain orphaning operation. NOTE: the\n affected code was moved to the skb_zerocopy function in\n net/core/skbuff.c before the vulnerability was\n announced.(CVE-2014-2568i1/4%0\n\n - It was found that the Linux kernel's ISO file system\n implementation did not correctly limit the traversal of\n Rock Ridge extension Continuation Entries (CE). An\n attacker with physical access to the system could use\n this flaw to trigger an infinite loop in the kernel,\n resulting in a denial of service.(CVE-2014-9420i1/4%0\n\n - An integer overflow vulnerability was found in the\n ring_buffer_resize() calculations in which a privileged\n user can adjust the size of the ringbuffer message\n size. These calculations can create an issue where the\n kernel memory allocator will not allocate the correct\n count of pages yet expect them to be usable. This can\n lead to the ftrace() output to appear to corrupt kernel\n memory and possibly be used for privileged escalation\n or more likely kernel panic.(CVE-2016-9754i1/4%0\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9730i1/4%0\n\n - In was found that in the Linux kernel, in\n vmw_surface_define_ioctl() function in\n 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a\n 'num_sizes' parameter is assigned a user-controlled\n value which is not checked if it is zero. This is used\n in a call to kmalloc() and later leads to dereferencing\n ZERO_SIZE_PTR, which in turn leads to a GPF and\n possibly to a kernel panic.(CVE-2017-7261i1/4%0\n\n - A race condition flaw was found in the way the Linux\n kernel keys management subsystem performed key garbage\n collection. A local attacker could attempt accessing a\n key while it was being garbage collected, which would\n cause the system to crash.(CVE-2014-9529i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of i8042 serial ports. An attacker could cause a kernel\n panic if they are able to add and remove devices as the\n module is loaded.(CVE-2017-18079i1/4%0\n\n - drivers/hid/hid-pl.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PANTHERLORD is enabled, allows physically\n proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted\n device.(CVE-2013-2892i1/4%0\n\n - The __clear_user function in\n arch/arm64/lib/clear_user.S in the Linux kernel before\n 3.17.4 on the ARM64 platform allows local users to\n cause a denial of service (system crash) by reading one\n byte beyond a /dev/zero page boundary.(CVE-2014-7843i1/4%0\n\n - A divide-by-zero vulnerability was found in a way the\n kernel processes TCP connections. The error can occur\n if a connection starts another cwnd reduction phase by\n setting tp-i1/4zprior_cwnd to the current cwnd (0) in\n tcp_init_cwnd_reduction(). A remote, unauthenticated\n attacker could use this flaw to crash the kernel\n (denial of service).(CVE-2016-2070i1/4%0\n\n - The adjust_branches function in kernel/bpf/verifier.c\n in the Linux kernel before 4.5 does not consider the\n delta in the backward-jump case, which allows local\n users to obtain sensitive information from kernel\n memory by creating a packet filter and then loading\n crafted BPF instructions.(CVE-2016-2383i1/4%0\n\n - System using the infiniband support module ib_srpt were\n vulnerable to a denial of service by system crash by a\n local attacker who is able to abort writes to a device\n using this initiator.(CVE-2016-6327i1/4%0\n\n - A security flaw was found in the Linux kernel in the\n mark_source_chains() function in\n 'net/ipv4/netfilter/ip_tables.c'. It is possible for a\n user-supplied 'ipt_entry' structure to have a large\n 'next_offset' field. This field is not bounds checked\n prior to writing to a counter value at the supplied\n offset.(CVE-2016-3134i1/4%0\n\n - An out-of-bounds access issue was discovered in\n yurex_read() in drivers/usb/misc/yurex.c in the Linux\n kernel. A local attacker could use user access\n read/writes with incorrect bounds checking in the yurex\n USB driver to crash the kernel or potentially escalate\n privileges.(CVE-2018-16276i1/4%0\n\n - drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux\n kernel before 4.5.3 allows local users to cause a\n denial of service (kernel memory write operation) or\n possibly have unspecified other impact via a crafted\n number of planes in a VIDIOC_DQBUF ioctl\n call.(CVE-2016-4568i1/4%0\n\n - The usb_serial_console_disconnect function in\n drivers/usb/serial/console.c in the Linux kernel,\n before 4.13.8, allows local users to cause a denial of\n service (use-after-free and system crash) or possibly\n have unspecified other impact via a crafted USB device,\n related to disconnection and failed\n setup.(CVE-2017-16525i1/4%0\n\n - The Linux kernel is vulnerable to a NULL pointer\n dereference in the ext4/xattr.c:ext4_xattr_inode_hash()\n function. An attacker could trick a legitimate user or\n a privileged attacker could exploit this to cause a\n NULL pointer dereference with a crafted ext4 image.\n (CVE-2018-1094)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?349d271e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16276\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T00:27:45", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux kernel. There is an information leak in file 'sound/core/timer.c' of the latest mainline Linux kernel, the stack object aEURoetreadaEUR has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak.(CVE-2016-4569)\n\n - A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object aEURoer1aEUR has a total size of 32 bytes. Its field aEURoeeventaEUR and aEURoevalaEUR both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized.(CVE-2016-4578)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581)\n\n - Use after free vulnerability was found in percpu using previously allocated memory in bpf. First\n __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed.(CVE-2016-4794)\n\n - Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.(CVE-2016-4805)\n\n - A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb\n __copy_to_user() from a buffer allocated by\n __get_free_page().(CVE-2016-4913)\n\n - A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.(CVE-2016-4997)\n\n - An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments.(CVE-2016-4998)\n\n - A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.(CVE-2016-5195)\n\n - It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.(CVE-2016-5696)\n\n - A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system.(CVE-2016-5829)\n\n - When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.(CVE-2016-6136)\n\n - It was found that the unlink and rename functionality in overlayfs did not verify the upper dentry for staleness. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to panic or crash the system.(CVE-2016-6197)\n\n - A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system.(CVE-2016-6198)\n\n - System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.(CVE-2016-6327)\n\n - A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.(CVE-2016-6480)\n\n - kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111.(CVE-2016-6786)\n\n - kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224.(CVE-2016-6787)\n\n - A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions.\n This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.(CVE-2016-6828)\n\n - Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel.(CVE-2016-7039)\n\n - It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.(CVE-2016-7042)\n\n - It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.(CVE-2016-7097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5195", "CVE-2016-5696", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6197", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6786", "CVE-2016-6787", "CVE-2016-6828", "CVE-2016-7039", "CVE-2016-7042", "CVE-2016-7097"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1494.NASL", "href": "https://www.tenable.com/plugins/nessus/125100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125100);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-4580\",\n \"CVE-2016-4581\",\n \"CVE-2016-4794\",\n \"CVE-2016-4805\",\n \"CVE-2016-4913\",\n \"CVE-2016-4997\",\n \"CVE-2016-4998\",\n \"CVE-2016-5195\",\n \"CVE-2016-5696\",\n \"CVE-2016-5829\",\n \"CVE-2016-6136\",\n \"CVE-2016-6197\",\n \"CVE-2016-6198\",\n \"CVE-2016-6327\",\n \"CVE-2016-6480\",\n \"CVE-2016-6786\",\n \"CVE-2016-6787\",\n \"CVE-2016-6828\",\n \"CVE-2016-7039\",\n \"CVE-2016-7042\",\n \"CVE-2016-7097\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A vulnerability was found in Linux kernel. There is an\n information leak in file 'sound/core/timer.c' of the\n latest mainline Linux kernel, the stack object\n aEURoetreadaEUR has a total size of 32 bytes. It contains a\n 8-bytes padding, which is not initialized but sent to\n user via copy_to_user(), resulting a kernel\n leak.(CVE-2016-4569)\n\n - A vulnerability was found in Linux kernel. There is an\n information leak in file sound/core/timer.c of the\n latest mainline Linux kernel. The stack object aEURoer1aEUR\n has a total size of 32 bytes. Its field aEURoeeventaEUR and\n aEURoevalaEUR both contain 4 bytes padding. These 8 bytes\n padding bytes are sent to user without being\n initialized.(CVE-2016-4578)\n\n - The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel before\n 4.5.5 does not properly initialize a certain data\n structure, which allows attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call\n Request.(CVE-2016-4580)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not\n properly traverse a mount propagation tree in a certain\n case involving a slave mount, which allows local users\n to cause a denial of service (NULL pointer dereference\n and OOPS) via a crafted series of mount system\n calls.(CVE-2016-4581)\n\n - Use after free vulnerability was found in percpu using\n previously allocated memory in bpf. First\n __alloc_percpu_gfp() is called, then the memory is\n freed with free_percpu() which triggers async\n pcpu_balance_work and then pcpu_extend_area_map could\n use a chunk after it has been freed.(CVE-2016-4794)\n\n - Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n before 4.5.2 allows local users to cause a denial of\n service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by\n removing a network namespace, related to the\n ppp_register_net_channel and ppp_unregister_channel\n functions.(CVE-2016-4805)\n\n - A vulnerability was found in the Linux kernel. Payloads\n of NM entries are not supposed to contain NUL. When\n such entry is processed, only the part prior to the\n first NUL goes into the concatenation (i.e. the\n directory entry name being encoded by a bunch of NM\n entries). The process stops when the amount collected\n so far + the claimed amount in the current NM entry\n exceed 254. However, the value returned as the total\n length is the sum of *claimed* sizes, not the actual\n amount collected. And that's what will be passed to\n readdir() callback as the name length - 8Kb\n __copy_to_user() from a buffer allocated by\n __get_free_page().(CVE-2016-4913)\n\n - A flaw was discovered in processing setsockopt for 32\n bit processes on 64 bit systems. This flaw will allow\n attackers to alter arbitrary kernel memory when\n unloading a kernel module. This action is usually\n restricted to root-privileged users but can also be\n leveraged if the kernel is compiled with CONFIG_USER_NS\n and CONFIG_NET_NS and the user is granted elevated\n privileges.(CVE-2016-4997)\n\n - An out-of-bounds heap memory access leading to a Denial\n of Service, heap disclosure, or further impact was\n found in setsockopt(). The function call is normally\n restricted to root, however some processes with\n cap_sys_admin may also be able to trigger this flaw in\n privileged container environments.(CVE-2016-4998)\n\n - A race condition was found in the way the Linux\n kernel's memory subsystem handled the copy-on-write\n (COW) breakage of private read-only memory mappings. An\n unprivileged, local user could use this flaw to gain\n write access to otherwise read-only memory mappings and\n thus increase their privileges on the\n system.(CVE-2016-5195)\n\n - It was found that the RFC 5961 challenge ACK rate\n limiting as implemented in the Linux kernel's\n networking subsystem allowed an off-path attacker to\n leak certain information about a given connection by\n creating congestion on the global challenge ACK rate\n limit counter and then measuring the changes by probing\n packets. An off-path attacker could use this flaw to\n either terminate TCP connection and/or inject payload\n into non-secured TCP connection between two endpoints\n on the network.(CVE-2016-5696)\n\n - A heap-based buffer overflow vulnerability was found in\n the Linux kernel's hiddev driver. This flaw could allow\n a local attacker to corrupt kernel memory, possible\n privilege escalation or crashing the\n system.(CVE-2016-5829)\n\n - When creating audit records for parameters to executed\n children processes, an attacker can convince the Linux\n kernel audit subsystem can create corrupt records which\n may allow an attacker to misrepresent or evade logging\n of executing commands.(CVE-2016-6136)\n\n - It was found that the unlink and rename functionality\n in overlayfs did not verify the upper dentry for\n staleness. A local, unprivileged user could use the\n rename syscall on overlayfs on top of xfs to panic or\n crash the system.(CVE-2016-6197)\n\n - A flaw was found that the vfs_rename() function did not\n detect hard links on overlayfs. A local, unprivileged\n user could use the rename syscall on overlayfs on top\n of xfs to crash the system.(CVE-2016-6198)\n\n - System using the infiniband support module ib_srpt were\n vulnerable to a denial of service by system crash by a\n local attacker who is able to abort writes to a device\n using this initiator.(CVE-2016-6327)\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial\n of service (out-of-bounds access or system crash) by\n changing a certain size value.(CVE-2016-6480)\n\n - kernel/events/core.c in the performance subsystem in\n the Linux kernel before 4.0 mismanages locks during\n certain migrations, which allows local users to gain\n privileges via a crafted application, aka Android\n internal bug 30955111.(CVE-2016-6786)\n\n - kernel/events/core.c in the performance subsystem in\n the Linux kernel before 4.0 mismanages locks during\n certain migrations, which allows local users to gain\n privileges via a crafted application, aka Android\n internal bug 31095224.(CVE-2016-6787)\n\n - A use-after-free vulnerability was found in\n tcp_xmit_retransmit_queue and other tcp_* functions.\n This condition could allow an attacker to send an\n incorrect selective acknowledgment to existing\n connections, possibly resetting a\n connection.(CVE-2016-6828)\n\n - Linux kernel built with the 802.1Q/802.1ad\n VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local\n Area Network(CONFIG_VXLAN) with Transparent Ethernet\n Bridging(TEB) GRO support, is vulnerable to a stack\n overflow issue. It could occur while receiving large\n packets via GRO path, as an unlimited recursion could\n unfold in both VLAN and TEB modules, leading to a stack\n corruption in the kernel.(CVE-2016-7039)\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a\n panic in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as\n weeks.(CVE-2016-7042)\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but\n doesn't clear the setgid bit in a similar way. This\n could allow a local user to gain group privileges via\n certain setgid applications.(CVE-2016-7097)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1494\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e64722c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5829\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T14:29:45", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2016:2584)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2017-13167"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2016-2584.NASL", "href": "https://www.tenable.com/plugins/nessus/94547", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2584. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94547);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2017-13167\");\n script_xref(name:\"RHSA\", value:\"2016:2584\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2016:2584)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829,\nCVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480,\nCVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384,\nCVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13167\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2017-13167\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2016:2584\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2584\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:43", "description": "Security Fix(es) :\n\n - It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n(CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nAdditional Changes :", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20161103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161103_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95841);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that the Linux kernel's IPv6 implementation\n mishandled socket options. A local attacker could abuse\n concurrent access to the socket options to escalate\n their privileges, or cause a denial of service\n (use-after-free and system crash) via a crafted sendmsg\n system call. (CVE-2016-3841, Important)\n\n(CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812,\nCVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069,\nCVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794,\nCVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136,\nCVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746,\nCVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070,\nCVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=12735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77976f21\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:19:47", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2574 advisory.\n\n - The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. (CVE-2013-4312)\n\n - The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. (CVE-2015-8543)\n\n - The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. (CVE-2016-2117)\n\n - The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. (CVE-2016-6198)\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. (CVE-2016-3156)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. (CVE-2016-4581)\n\n - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. (CVE-2016-2847)\n\n - fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. (CVE-2015-8374)\n\n - Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. (CVE-2016-5829)\n\n - The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. (CVE-2015-8844)\n\n - The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. (CVE-2015-8845)\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956)\n\n - The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. (CVE-2016-2053)\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. (CVE-2016-4569)\n\n - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.\n (CVE-2016-4578)\n\n - arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. (CVE-2016-5412)\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. (CVE-2016-6327)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. (CVE-2015-8746)\n\n - drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use- after-free) via crafted packets. (CVE-2015-8812)\n\n - The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. (CVE-2016-3070)\n\n - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. (CVE-2016-3699)\n\n - The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841)\n\n - Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. (CVE-2016-4794)\n\n - The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. (CVE-2016-5828)\n\n - Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a double fetch vulnerability. (CVE-2016-6136)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2016-2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/94697", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-2574.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94697);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-4312\",\n \"CVE-2015-8374\",\n \"CVE-2015-8543\",\n \"CVE-2015-8746\",\n \"CVE-2015-8812\",\n \"CVE-2015-8844\",\n \"CVE-2015-8845\",\n \"CVE-2015-8956\",\n \"CVE-2016-2053\",\n \"CVE-2016-2069\",\n \"CVE-2016-2117\",\n \"CVE-2016-2384\",\n \"CVE-2016-2847\",\n \"CVE-2016-3044\",\n \"CVE-2016-3070\",\n \"CVE-2016-3156\",\n \"CVE-2016-3699\",\n \"CVE-2016-3841\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-4581\",\n \"CVE-2016-4794\",\n \"CVE-2016-5412\",\n \"CVE-2016-5828\",\n \"CVE-2016-5829\",\n \"CVE-2016-6136\",\n \"CVE-2016-6198\",\n \"CVE-2016-6327\",\n \"CVE-2016-6480\",\n \"CVE-2016-7914\",\n \"CVE-2016-7915\",\n \"CVE-2016-9794\",\n \"CVE-2017-13167\",\n \"CVE-2018-16597\"\n );\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2016-2574)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2016-2574 advisory.\n\n - The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of\n service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to\n net/unix/af_unix.c and net/unix/garbage.c. (CVE-2013-4312)\n\n - The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products,\n does not validate protocol identifiers for certain protocol families, which allows local users to cause a\n denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by\n leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. (CVE-2015-8543)\n\n - The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2\n incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from\n kernel memory by reading packet data. (CVE-2016-2117)\n\n - The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an\n OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service\n (system crash) via a rename system call, related to fs/namei.c and fs/open.c. (CVE-2016-6198)\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges\n by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which\n allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large\n number of IP addresses. (CVE-2016-3156)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a\n certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a crafted series of mount system calls. (CVE-2016-4581)\n\n - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows\n local users to cause a denial of service (memory consumption) by creating many pipes with non-default\n sizes. (CVE-2016-2847)\n\n - fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local\n users to obtain sensitive pre-truncation information from a file via a clone action. (CVE-2015-8374)\n\n - Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in\n the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified\n other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. (CVE-2016-5829)\n\n - The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR\n with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing\n exception and panic) via a crafted application. (CVE-2015-8844)\n\n - The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on\n powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call,\n which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted\n application. (CVE-2015-8845)\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local\n users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956)\n\n - The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to\n cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. (CVE-2016-2053)\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel\n before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via crafted use of the ALSA timer interface. (CVE-2016-4569)\n\n - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which\n allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA\n timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.\n (CVE-2016-4578)\n\n - arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when\n CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite\n loop) by making a H_CEDE hypercall during the existence of a suspended transaction. (CVE-2016-5412)\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a\n denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation. (CVE-2016-6327)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory\n for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL\n pointer dereference and panic) via crafted network traffic. (CVE-2015-8746)\n\n - drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error\n conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-\n after-free) via crafted packets. (CVE-2015-8812)\n\n - The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel\n before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service\n (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a\n certain page move. (CVE-2016-3070)\n\n - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted\n with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute\n untrusted code by appending ACPI tables to the initrd. (CVE-2016-3699)\n\n - The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain\n privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system\n call. (CVE-2016-3841)\n\n - Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a\n denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf\n system calls. (CVE-2016-4794)\n\n - The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc\n platforms mishandles transactional state, which allows local users to cause a denial of service (invalid\n process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by\n starting and suspending a transaction before an exec system call. (CVE-2016-5828)\n\n - Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through\n 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by\n changing a certain string, aka a double fetch vulnerability. (CVE-2016-6136)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2016-2574.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8812\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-514.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2016-2574');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-514.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:18", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2016:2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/94537", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2574. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94537);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2016:2574)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198,\nCVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956,\nCVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699,\nCVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16597\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2016:2574\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2574\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:54", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2016:2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/95321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2574 and \n# CentOS Errata and Security Advisory 2016:2574 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95321);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2016:2574)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198,\nCVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956,\nCVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699,\nCVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003609.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4a0f0ff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8812\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:17:41", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented :\n\n - The ext2 filesystem got reenabled and supported to allow support for 'XIP' (Execute In Place) (FATE#320805). The following security bugs were fixed :\n\n - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#1021258).\n\n - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).\n\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. A user/process inside guest could have used this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest. (bsc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product:\n Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935 (bnc#1014746).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).\n\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misused the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).\n\n - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748).\n\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152).\n\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability (bnc#987542).\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 bnc#986365).\n\n - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569).\n\n - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).\n\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9904", "CVE-2015-8956", "CVE-2015-8962", "CVE-2015-8963", "CVE-2015-8964", "CVE-2016-10088", "CVE-2016-4470", "CVE-2016-4998", "CVE-2016-5696", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6130", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8658", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9806", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-5551"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_66-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_66-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0471-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97205", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0471-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97205);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9904\", \"CVE-2015-8956\", \"CVE-2015-8962\", \"CVE-2015-8963\", \"CVE-2015-8964\", \"CVE-2016-10088\", \"CVE-2016-4470\", \"CVE-2016-4998\", \"CVE-2016-5696\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6130\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-6828\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-7425\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7913\", \"CVE-2016-7914\", \"CVE-2016-8399\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-8658\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9576\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9806\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5551\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to\nreceive various security and bugfixes. The following feature was\nimplemented :\n\n - The ext2 filesystem got reenabled and supported to allow\n support for 'XIP' (Execute In Place) (FATE#320805). The\n following security bugs were fixed :\n\n - CVE-2017-5551: The tmpfs filesystem implementation in\n the Linux kernel preserved the setgid bit during a\n setxattr call, which allowed local users to gain group\n privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions\n (bsc#1021258).\n\n - CVE-2016-7097: The filesystem implementation in the\n Linux kernel preserved the setgid bit during a setxattr\n call, which allowed local users to gain group privileges\n by leveraging the existence of a setgid program with\n restrictions on execute permissions (bnc#995968).\n\n - CVE-2017-2583: A Linux kernel built with the\n Kernel-based Virtual Machine (CONFIG_KVM) support was\n vulnerable to an incorrect segment selector(SS) value\n error. A user/process inside guest could have used this\n flaw to crash the guest resulting in DoS or potentially\n escalate their privileges inside guest. (bsc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt (bnc#1019851).\n\n - CVE-2016-10088: The sg implementation in the Linux\n kernel did not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel\n mishandled skb truncation, which allowed local users to\n cause a denial of service (system crash) via a crafted\n application that made sendto system calls, related to\n net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c\n (bnc#1009969).\n\n - CVE-2016-8399: An elevation of privilege vulnerability\n in the kernel networking subsystem could enable a local\n malicious application to execute arbitrary code within\n the context of the kernel. This issue is rated as\n Moderate because it first requires compromising a\n privileged process and current compiler optimizations\n restrict access to the vulnerable code. Product:\n Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935 (bnc#1014746).\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bnc#1013540).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux\n kernel did not properly initialize Code Segment (CS) in\n certain error cases, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application (bnc#1013038).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n\n - CVE-2016-7910: Use-after-free vulnerability in the\n disk_seqf_stop function in block/genhd.c in the Linux\n kernel allowed local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed\n (bnc#1010716).\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data\n structure (bnc#1010478).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio\n function in block/ioprio.c in the Linux kernel allowed\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get system\n call (bnc#1010711).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (use-after-free) by\n leveraging incorrect handling of an swevent data\n structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node\n function in lib/assoc_array.c in the Linux kernel did\n not check whether a slot is a leaf, which allowed local\n users to obtain sensitive information from kernel memory\n or cause a denial of service (invalid pointer\n dereference and out-of-bounds read) via an application\n that uses associative-array data structures, as\n demonstrated by the keyutils test suite (bnc#1010475).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux\n kernel allowed local users to bypass integer overflow\n checks, and cause a denial of service (memory\n corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a\n VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine\n confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the\n Linux kernel misused the kzalloc function, which allowed\n local users to cause a denial of service (integer\n overflow) or have unspecified other impact by leveraging\n access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux kernel uses an\n incorrect buffer size for certain timeout data, which\n allowed local users to cause a denial of service (stack\n memory corruption and panic) by reading the /proc/keys\n file (bnc#1004517).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed\n local users to obtain sensitive information or cause a\n denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM\n socket (bnc#1003925).\n\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021\n 1.c in the Linux kernel allowed local users to cause a\n denial of service (system crash) or possibly have\n unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did\n not restrict a certain length field, which allowed local\n users to gain privileges or cause a denial of service\n (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in\n the Linux kernel allowed local users to cause a denial\n of service (NULL pointer dereference and system crash)\n by using an ABORT_TASK command to abort a device write\n operation (bnc#994748).\n\n - CVE-2016-6828: The tcp_check_send_head function in\n include/net/tcp.h in the Linux kernel did not properly\n maintain certain SACK state after a failed data copy,\n which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system\n crash) via a crafted SACK option (bnc#994296).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel\n did not properly determine the rate of challenge ACK\n segments, which made it easier for remote attackers to\n hijack TCP sessions via a blind in-window attack\n (bnc#989152).\n\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb\n function in drivers/s390/char/sclp_ctl.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory by changing a certain\n length value, aka a 'double fetch' vulnerability\n (bnc#987542).\n\n - CVE-2016-6480: Race condition in the ioctl_send_fib\n function in drivers/scsi/aacraid/commctrl.c in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds access or system crash) by changing a\n certain size value, aka a 'double fetch' vulnerability\n (bnc#991608).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging\n in-container root access to provide a crafted offset\n value that leads to crossing a ruleset blob boundary\n (bnc#986362 bnc#986365).\n\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on\n powerpc platforms mishandled transactional state, which\n allowed local users to cause a denial of service\n (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact\n by starting and suspending a transaction before an exec\n system call (bnc#986569).\n\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in\n the Linux kernel did not properly check for an integer\n overflow, which allowed local users to cause a denial of\n service (insufficient memory allocation) or possibly\n have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allow\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=881008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=915183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991608\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994748\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9904/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8956/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4998/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5696/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5828/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5829/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6327/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6828/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7097/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7910/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8645/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9083/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9084/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9756/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5551/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7188b37b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-247=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-247=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-247=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_66-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_66-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_66-default-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_66-xen-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.66.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.66.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:01", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2140", "CVE-2013-2147", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2850", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2898", "CVE-2013-2899", "CVE-2013-2929", "CVE-2013-2930", "CVE-2013-4162", "CVE-2013-4163", "CVE-2013-4299", "CVE-2013-4312", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4470", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7421", "CVE-2013-7446", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0181", "CVE-2014-0196", "CVE-2014-1690", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1739", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3181", "CVE-2014-3182", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3215", "CVE-2014-3535", "CVE-2014-3601", "CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-4699", "CVE-2014-4943", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-7822", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-7975", "CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8160", "CVE-2014-8171", "CVE-2014-8173", "CVE-2014-8884", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9529", "CVE-2014-9585", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-1333", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2150", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3212", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-4700", "CVE-2015-5156", "CVE-2015-5157", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6937", "CVE-2015-7613", "CVE-2015-7872", "CVE-2015-8104", "CVE-2015-8215", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8767", "CVE-2015-8956", "CVE-2016-0728", "CVE-2016-0758", "CVE-2016-0774", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-2117", "CVE-2016-3070", "CVE-2016-3134", "CVE-2016-3140", "CVE-2016-3157", "CVE-2016-3672", "CVE-2016-3699", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5195", "CVE-2016-5696", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7117", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-8655", "CVE-2016-9178", "CVE-2016-9555", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9793", "CVE-2016-9794", "CVE-2017-2636", "CVE-2017-5970", "CVE-2017-6074", "CVE-2017-6345", "CVE-2017-7187"], "modified": "2023-05-14T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2017-0057.NASL", "href": "https://www.tenable.com/plugins/nessus/99163", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0057.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99163);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/14\");\n\n script_cve_id(\n \"CVE-2013-0343\",\n \"CVE-2013-1059\",\n \"CVE-2013-2140\",\n \"CVE-2013-2147\",\n \"CVE-2013-2148\",\n \"CVE-2013-2164\",\n \"CVE-2013-2234\",\n \"CVE-2013-2237\",\n \"CVE-2013-2850\",\n \"CVE-2013-2851\",\n \"CVE-2013-2852\",\n \"CVE-2013-2888\",\n \"CVE-2013-2889\",\n \"CVE-2013-2892\",\n \"CVE-2013-2893\",\n \"CVE-2013-2895\",\n \"CVE-2013-2896\",\n \"CVE-2013-2897\",\n \"CVE-2013-2898\",\n \"CVE-2013-2899\",\n \"CVE-2013-2929\",\n \"CVE-2013-2930\",\n \"CVE-2013-4162\",\n \"CVE-2013-4163\",\n \"CVE-2013-4299\",\n \"CVE-2013-4312\",\n \"CVE-2013-4345\",\n \"CVE-2013-4348\",\n \"CVE-2013-4350\",\n \"CVE-2013-4470\",\n \"CVE-2013-4579\",\n \"CVE-2013-4587\",\n \"CVE-2013-4592\",\n \"CVE-2013-6367\",\n \"CVE-2013-6368\",\n \"CVE-2013-6376\",\n \"CVE-2013-6383\",\n \"CVE-2013-6885\",\n \"CVE-2013-7263\",\n \"CVE-2013-7265\",\n \"CVE-2013-7266\",\n \"CVE-2013-7421\",\n \"CVE-2013-7446\",\n \"CVE-2014-0038\",\n \"CVE-2014-0049\",\n \"CVE-2014-0055\",\n \"CVE-2014-0069\",\n \"CVE-2014-0077\",\n \"CVE-2014-0101\",\n \"CVE-2014-0181\",\n \"CVE-2014-0196\",\n \"CVE-2014-1690\",\n \"CVE-2014-1737\",\n \"CVE-2014-1738\",\n \"CVE-2014-1739\",\n \"CVE-2014-2309\",\n \"CVE-2014-2523\",\n \"CVE-2014-2851\",\n \"CVE-2014-3144\",\n \"CVE-2014-3145\",\n \"CVE-2014-3153\",\n \"CVE-2014-3181\",\n \"CVE-2014-3182\",\n \"CVE-2014-3184\",\n \"CVE-2014-3185\",\n \"CVE-2014-3186\",\n \"CVE-2014-3215\",\n \"CVE-2014-3535\",\n \"CVE-2014-3601\",\n \"CVE-2014-3610\",\n \"CVE-2014-3611\",\n \"CVE-2014-3645\",\n \"CVE-2014-3646\",\n \"CVE-2014-3673\",\n \"CVE-2014-3687\",\n \"CVE-2014-3688\",\n \"CVE-2014-4014\",\n \"CVE-2014-4027\",\n \"CVE-2014-4171\",\n \"CVE-2014-4652\",\n \"CVE-2014-4653\",\n \"CVE-2014-4654\",\n \"CVE-2014-4655\",\n \"CVE-2014-4656\",\n \"CVE-2014-4667\",\n \"CVE-2014-4699\",\n \"CVE-2014-4943\",\n \"CVE-2014-5471\",\n \"CVE-2014-5472\",\n \"CVE-2014-6410\",\n \"CVE-2014-7822\",\n \"CVE-2014-7826\",\n \"CVE-2014-7970\",\n \"CVE-2014-7975\",\n \"CVE-2014-8133\",\n \"CVE-2014-8134\",\n \"CVE-2014-8159\",\n \"CVE-2014-8160\",\n \"CVE-2014-8171\",\n \"CVE-2014-8173\",\n \"CVE-2014-8884\",\n \"CVE-2014-8989\",\n \"CVE-2014-9090\",\n \"CVE-2014-9322\",\n \"CVE-2014-9529\",\n \"CVE-2014-9585\",\n \"CVE-2014-9644\",\n \"CVE-2015-0239\",\n \"CVE-2015-1333\",\n \"CVE-2015-1421\",\n \"CVE-2015-1593\",\n \"CVE-2015-1805\",\n \"CVE-2015-2150\",\n \"CVE-2015-2830\",\n \"CVE-2015-2922\",\n \"CVE-2015-3212\",\n \"CVE-2015-3339\",\n \"CVE-2015-3636\",\n \"CVE-2015-4700\",\n \"CVE-2015-5156\",\n \"CVE-2015-5157\",\n \"CVE-2015-5283\",\n \"CVE-2015-5307\",\n \"CVE-2015-5364\",\n \"CVE-2015-5366\",\n \"CVE-2015-5697\",\n \"CVE-2015-5707\",\n \"CVE-2015-6937\",\n \"CVE-2015-7613\",\n \"CVE-2015-7872\",\n \"CVE-2015-8104\",\n \"CVE-2015-8215\",\n \"CVE-2015-8374\",\n \"CVE-2015-8543\",\n \"CVE-2015-8569\",\n \"CVE-2015-8767\",\n \"CVE-2015-8956\",\n \"CVE-2016-0728\",\n \"CVE-2016-0758\",\n \"CVE-2016-0774\",\n \"CVE-2016-10088\",\n \"CVE-2016-10142\",\n \"CVE-2016-1583\",\n \"CVE-2016-2053\",\n \"CVE-2016-2117\",\n \"CVE-2016-3070\",\n \"CVE-2016-3134\",\n \"CVE-2016-3140\",\n \"CVE-2016-3157\",\n \"CVE-2016-3672\",\n \"CVE-2016-3699\",\n \"CVE-2016-4470\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-4565\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-4580\",\n \"CVE-2016-4997\",\n \"CVE-2016-4998\",\n \"CVE-2016-5195\",\n \"CVE-2016-5696\",\n \"CVE-2016-5829\",\n \"CVE-2016-6136\",\n \"CVE-2016-6327\",\n \"CVE-2016-6480\",\n \"CVE-2016-6828\",\n \"CVE-2016-7042\",\n \"CVE-2016-7117\",\n \"CVE-2016-7425\",\n \"CVE-2016-8399\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-8646\",\n \"CVE-2016-8650\",\n \"CVE-2016-8655\",\n \"CVE-2016-9178\",\n \"CVE-2016-9555\",\n \"CVE-2016-9588\",\n \"CVE-2016-9644\",\n \"CVE-2016-9793\",\n \"CVE-2016-9794\",\n \"CVE-2017-2636\",\n \"CVE-2017-5970\",\n \"CVE-2017-6074\",\n \"CVE-2017-6345\",\n \"CVE-2017-7187\"\n );\n script_bugtraq_id(\n 58795,\n 60243,\n 60280,\n 60341,\n 60375,\n 60409,\n 60410,\n 60414,\n 60874,\n 60922,\n 60953,\n 61411,\n 61412,\n 62042,\n 62043,\n 62044,\n 62045,\n 62046,\n 62048,\n 62049,\n 62050,\n 62056,\n 62405,\n 62740,\n 63183,\n 63359,\n 63536,\n 63743,\n 63790,\n 63888,\n 63983,\n 64111,\n 64270,\n 64291,\n 64318,\n 64319,\n 64328,\n 64677,\n 64686,\n 64743,\n 65180,\n 65255,\n 65588,\n 65909,\n 65943,\n 66095,\n 66279,\n 66441,\n 66678,\n 66779,\n 67034,\n 67199,\n 67282,\n 67300,\n 67302,\n 67309,\n 67321,\n 67341,\n 67906,\n 67985,\n 67988,\n 68048,\n 68157,\n 68159,\n 68162,\n 68163,\n 68164,\n 68170,\n 68224,\n 68411,\n 68683,\n 68768,\n 69396,\n 69428,\n 69489,\n 69721,\n 69763,\n 69768,\n 69770,\n 69779,\n 69781,\n 69799,\n 70314,\n 70319,\n 70742,\n 70743,\n 70745,\n 70746,\n 70766,\n 70768,\n 70883,\n 70971,\n 71097,\n 71154,\n 71250,\n 71367,\n 71650,\n 71684,\n 71685,\n 71880,\n 71990,\n 72061,\n 72320,\n 72322,\n 72347,\n 72356,\n 72607,\n 72842,\n 73014,\n 73060,\n 73133,\n 73699,\n 74243,\n 74293,\n 74315,\n 74450,\n 74951,\n 75356,\n 75510,\n 76005\n );\n script_xref(name:\"IAVA\", value:\"2016-A-0306-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/03/24\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/15\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2023/06/02\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2017-0057 for details.\");\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000675.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc2355e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.17.4.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.17.4.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:40", "description": "kernel-uek\n[3.8.13-118.14.2]\n- aacraid: Check size values after double-fetch from user (Dave Carroll) [Orabug: 25060050] {CVE-2016-6480} {CVE-2016-6480}\n- IB/srpt: Simplify srpt_handle_tsk_mgmt() (Bart Van Assche) [Orabug: 25060011] {CVE-2016-6327}\n- audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [Orabug: 25059945] {CVE-2016-6136}\n- ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578}\n- ALSA: timer: Fix leak in events via snd_timer_user_ccallback (Kangjie Lu) [Orabug: 25059899] {CVE-2016-4578}\n- ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS (Kangjie Lu) [Orabug: 25059753] {CVE-2016-4569}\n- acpi: Disable ACPI table override if securelevel is set (Linn Crosetto) [Orabug: 25058991] {CVE-2016-3699}\n- Bluetooth: Fix potential NULL dereference in RFCOMM bind callback (Jaganath Kanakkassery) [Orabug: 25058903] {CVE-2015-8956}\n- ASN.1: Fix non-match detection failure on data overrun (David Howells) [Orabug: 25059046] {CVE-2016-2053}\n- mm: migrate dirty page without clear_page_dirty_for_io etc (Hugh Dickins) [Orabug: 25059194] {CVE-2016-3070}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-20T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8956", "CVE-2016-2053", "CVE-2016-3070", "CVE-2016-3699", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-6136", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2016-11-20T00:00:00", "id": "ELSA-2016-3645", "href": "http://linux.oracle.com/errata/ELSA-2016-3645.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:50", "description": "- [3.10.0-514.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514]\n- [mm] remove gup_flags FOLL_WRITE games from __get_user_pages() (Larry Woodman) [1385124] {CVE-2016-5195}\n[3.10.0-513]\n- [md] dm raid: fix compat_features validation (Mike Snitzer) [1383726]\n[3.10.0-512]\n- [fs] revert 'ext4: pre-zero allocated blocks for DAX IO' (Eric Sandeen) [1380571]\n- [fs] nfsd: fix corruption in notifier registration ('J. Bruce Fields') [1378363]\n- [fs] xfs: log recovery tracepoints to track current lsn and buffer submission (Brian Foster) [1362730]\n- [fs] xfs: update metadata LSN in buffers during log recovery (Brian Foster) [1362730]\n- [fs] xfs: dont warn on buffers not being recovered due to LSN (Brian Foster) [1362730]\n- [fs] xfs: pass current lsn to log recovery buffer validation (Brian Foster) [1362730]\n- [fs] xfs: rework log recovery to submit buffers on LSN boundaries (Brian Foster) [1362730]\n- [x86] perf/uncore: Disable uncore on kdump kernel (Jiri Olsa) [1379569]\n- [netdrv] mlx4_core: Fix to clean devlink resources (Kamal Heib) [1379504]\n[3.10.0-511]\n- [net] add recursion limit to GRO (Sabrina Dubroca) [1374191] {CVE-2016-7039}\n- [mm] cgroup: fix hugetlb_cgroup_read() (Jerome Marchand) [1378236]\n- [fs] nfs: change invalidatepage prototype to accept length (Benjamin Coddington) [1366131]\n- [fs] xfs: quiesce the filesystem after recovery on readonly mount (Eric Sandeen) [1375457]\n- [fs] xfs: rework buffer dispose list tracking (Brian Foster) [1349175]\n- [fs] ext4: pre-zero allocated blocks for DAX IO (Eric Sandeen) [1367989]\n- [fs] gfs2: Initialize atime of I_NEW inodes (Andreas Grunbacher) [1379447]\n- [fs] gfs2: Update file times after grabbing glock (Andreas Grunbacher) [1379447]\n- [x86] topology: Handle CPUID bogosity gracefully (Vitaly Kuznetsov) [1377988]\n- [netdrv] sfc: check async completer is !NULL before calling (Jarod Wilson) [1368201]\n- [infiniband] ib/mlx5: Fix iteration overrun in GSI qps (Don Dutile) [1376941]\n[3.10.0-510]\n- [kernel] audit: fix exe_file access in audit_exe_compare (Richard Guy Briggs) [1374478]\n- [kernel] mm: introduce get_task_exe_file (Richard Guy Briggs) [1374478]\n- [kernel] prctl: avoid using mmap_sem for exe_file serialization (Richard Guy Briggs) [1374478]\n- [kernel] mm: rcu-protected get_mm_exe_file() (Richard Guy Briggs) [1374478]\n- [dm] dm-raid: reverse validation of nosync+rebuild flags (Heinz Mauelshagen) [1371717]\n- [x86] kvm: correctly reset dest_map->vector when restoring LAPIC state (Paolo Bonzini) [1367716]\n- [s390] dasd: fix hanging device after clear subchannel (Gustavo Duarte) [1368068]\n- [netdrv] bna: fix crash in bnad_get_strings() (Ivan Vecera) [1376508]\n- [netdrv] bna: add missing per queue ethtool stat (Ivan Vecera) [1376508]\n- [powerpc] kvm: Implement kvm_arch_intc_initialized() for PPC (David Gibson) [1375778]\n- [powerpc] kvm: book3s: Dont crash if irqfd used with no in-kernel XICS emulation (David Gibson) [1375778]\n[3.10.0-509]\n- [mm] sparse: use memblock apis for early memory allocations (Koki Sanagi) [1375453]\n- [mm] memblock: add memblock memory allocation apis (Koki Sanagi) [1375453]\n- [mm] thp: harden the debug kernel with a strict check for thp_mmu_gather (Andrea Arcangeli) [1369365]\n- [mm] thp: initialize thp_mmu_gather for newly allocated migrated pages (Andrea Arcangeli) [1369365]\n- [mm] thp: put_huge_zero_page() with MMU gather #2 (Andrea Arcangeli) [1369365]\n- [fs] nfs: fix BUG() crash in notify_change() with patch to chown_common() ('J. Bruce Fields') [1342695]\n- [net] ipv6: gro: fix forwarding of tunneled packets (Jiri Benc) [1375438]\n- [net] sctp: hold the transport before using it in sctp_hash_cmp (Xin Long) [1368884]\n- [net] sctp: identify chunks that need to be fragmented at IP level (Xin Long) [1371377]\n- [scsi] be2iscsi: revert: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1374223]\n- [block] blk-mq: Allow timeouts to run while queue is freezing (Gustavo Duarte) [1372483]\n- [block] defer timeouts to a workqueue (Gustavo Duarte) [1372483]\n- [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1368885]\n- [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1368885]\n- [infiniband] rdma/ocrdma: Support user AH creation for RoCE-v2 (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Support RoCE-v2 in the RC path (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Support RoCE-v2 in the UD path (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Export udp encapsulation capability (Don Dutile) [1376120]\n- [infiniband] ib/mlx5: Fix wrong naming of port_rcv_data counter (Don Dutile) [1374862]\n[3.10.0-508]\n- [drm] i915: Add GEN7_PCODE_MIN_FREQ_TABLE_GT_RATIO_OUT_OF_RANGE to SNB (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: implement missing case for SKL watermarks calculation (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix the watermark res_blocks value (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix plane_blocks_per_line on watermarks calculations (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: minimum scanlines for Y tile is not always 4 (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix the WaWmMemoryReadLatency implementation (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Dont try to update plane watermarks if they havent changed (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Update DDB values atomically with wms/plane attrs (Lyude Paul) [1341633 1355776]\n- [drm] i915: Move CRTC updating in atomic_commit into its own hook (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Ensure pipes with changed wms get added to the state (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Update plane watermarks atomically during plane updates (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: Only copy WM results for changed pipes to skl_hw (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Add support for the SAGV, fix underrun hangs (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen6+: Interpret mailbox error flags (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: Only copy WM results for changed pipes to skl_hw (Lyude Paul) [1341633 1355776]\n[3.10.0-507]\n- [netdrv] ixgbe: fix spoofed packets with macvlans (Ken Cox) [1324631]\n- [tools] perf mem: Fix -t store option for record command (Jiri Olsa) [1357531 1357543]\n- [x86] clock: Fix kvm guest tsc initialization (Prarit Bhargava) [1372759]\n- [x86] tsc: Enumerate BXT tsc_khz via CPUID (Prarit Bhargava) [1372759]\n- [drm] i915: Enable polling when we dont have hpd (Lyude Paul) [1277863]\n- [drm] i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (Lyude Paul) [1277863]\n- [drm] i915/vlv: Reset the ADPA in vlv_display_power_well_init() (Lyude Paul) [1277863]\n- [drm] i915/vlv: Make intel_crt_reset() per-encoder (Lyude Paul) [1277863]\n- [fs] Fix NULL pointer dereference in bl_free_device() (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: support RH/Fedora dm-mpath device nodes (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: refactor open-by-wwn (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: use proper fmode for opening block devices (Benjamin Coddington) [1356796]\n- [fs] sunrpc: fix UDP memory accounting (Paolo Abeni) [1298899]\n[3.10.0-506]\n- [kernel] timekeeping: Cap adjustments so they dont exceed the maxadj value (Marcelo Tosatti) [1246218]\n- [kernel] fork: allocate idle task for a CPU always on its local node (Oleg Nesterov) [1339635]\n- [kernel] sys: do_sysinfo() use get_monotonic_boottime() (Milos Vyletel) [1373224]\n- [fs] proc/uptime: uptime_proc_show() use get_monotonic_boottime() (Milos Vyletel) [1373224]\n- [fs] exec: de_thread: mt-exec should update ->real_start_time (Milos Vyletel) [1373224]\n- [fs] ovl: clear nlink on rmdir (Miklos Szeredi) [1373787]\n- [fs] ovl: share inode for hard link (Miklos Szeredi) [1373787]\n- [fs] ovl: use generic_delete_inode (Miklos Szeredi) [1373787]\n- [fs] ovl: handle umask and posix_acl_default correctly on creation (Miklos Szeredi) [1351863]\n- [fs] ovl: fix sgid on directory (Miklos Szeredi) [1351863]\n- [fs] ovl: copyattr after setting POSIX ACL (Miklos Szeredi) [1371638]\n- [fs] ovl: Switch to generic_removexattr (Miklos Szeredi) [1371651]\n- [fs] ovl: Get rid of ovl_xattr_noacl_handlers array (Miklos Szeredi) [1371651]\n- [fs] ext4: print ext4 mount option data_err=abort correctly (Lukas Czerner) [1342403]\n- [fs] nfs4: Avoid migration loops (Benjamin Coddington) [1355977]\n- [fs] nfs: dont create zero-length requests (Benjamin Coddington) [1324635]\n- [fs] xfs: dont assert fail on non-async buffers on ioacct decrement (Brian Foster) [1363822]\n- [fs] btrfs: set S_IOPS_WRAPPER consistently (Eric Sandeen) [1182456]\n- [fs] xfs: prevent dropping ioend completions during buftarg wait (Brian Foster) [1370177]\n- [fs] gfs2: Fix extended attribute readahead optimization (Robert S Peterson) [1256539]\n- [mm] page_alloc: dont re-init pageset in zone_pcp_update() (Yasuaki Ishimatsu) [1374114]\n- [mm] readahead: Move readahead limit outside of readahead, and advisory syscalls (Kyle Walker) [1351353]\n- [net] veth: sctp: add NETIF_F_SCTP_CRC to device features (Xin Long) [1367105]\n- [net] veth: Update features to include all tunnel GSO types (Xin Long) [1367105]\n- [tty] serial: 8250_dw: add ability to handle the peripheral clock (Prarit Bhargava) [1367476]\n- [x86] mm: Fix regression panic at boot time seen on some NUMA systems (Larry Woodman) [1372047]\n- [x86] mm: non-linear virtual memory fix for KNL4 erratum (Larry Woodman) [1372047]\n- [x86] tsc: Add rdtscll() merge helper (Mitsuhiro Tanino) [1372398]\n- [x86] kvm: Expose more Intel AVX512 feature to guest (Paolo Bonzini) [1369038]\n- [s390] pci: remove iomap sanity checks (Jason Wang) [1373503]\n- [nvme] Add device IDs with stripe quirk (David Milburn) [1371642]\n- [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1374745]\n- [iommu] vt-d: Disable passthrough mode on Kexec kernel (Myron Stowe) [1367621]\n- [netdrv] ixgbe: Eliminate useless message and improve logic (Ken Cox) [1369519]\n- [netdrv] sfc: check MTU against minimum threshold (Jarod Wilson) [1363683]\n[3.10.0-505]\n- [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: dont wait for ol_waitevent when memhp_auto_online is enabled (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1361245]\n- [mm] memory-hotplug: add hot-added memory ranges to memblock before allocate node_data for a node (Yasuaki Ishimatsu) [1365766]\n- [mm] memory-hotplug: fix wrong edge when hot add a new node (Yasuaki Ishimatsu) [1365766]\n- [rtc] rtc-rx8581: Mark tech preview (Prarit Bhargava) [1362164]\n- [rtc] rtc-rx8581.c: add SMBus-only adapters support (Prarit Bhargava) [1362164]\n- [rtc] rtc-rx8581.c: remove empty function (Prarit Bhargava) [1362164]\n- [pci] Restore original checksums of pci symbols (Stanislav Kozina) [1370477]\n- [net] reserve kABI fields in struct packet_type (Jiri Benc) [1358738]\n- [net] openvswitch: Ignore negative headroom value (Jakub Sitnicki) [1369642]\n- [scsi] qla2xxx: Update the driver version to 8.07.00.33.07.3-k1 (Chad Dupuis) [1367530]\n- [scsi] qla2xxx: Set FLOGI retry in additional firmware options for P2P (N2N) mode (Chad Dupuis) [1361279]\n- [scsi] qla2xxx: prevent board_disable from running during EEH (Chad Dupuis) [1367530]\n- [kernel] sched/fair: Fix typo in sync_throttle() (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Rework throttle_count sync (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Do not announce throttled next buddy in dequeue_task_fair() (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Initialize throttle_count for new task-groups lazily (Xunlei Pang) [1341003]\n- [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359306] {CVE-2016-6136}\n- [powerpc] revert 'pci: Assign fixed PHB number based on device-tree properties' (Gustavo Duarte) [1360353 1373109]\n- [powerpc] revert 'pci: Fix endian bug in fixed PHB numbering' (Gustavo Duarte) [1360353 1373109]\n- [infiniband] rdma/ocrdma: Fix the max_sge reported from FW (Honggang Li) [1369540]\n[3.10.0-504]\n- [fs] dax: disable dax on ext2 and ext3 (Jeff Moyer) [1369900]\n- [fs] dax: mark tech preview (Jeff Moyer) [1369825]\n- [fs] pmem: disable dax mounting in the prsence of media errors (Jeff Moyer) [1367132]\n- [fs] xfs: Add alignment check for DAX mount (Jeff Moyer) [1367132]\n- [fs] ext4: Add alignment check for DAX mount (Jeff Moyer) [1367132]\n- [fs] block: Add bdev_dax_supported() for dax mount checks (Jeff Moyer) [1367132]\n- [fs] block: Add vfs_msg() interface (Jeff Moyer) [1367132]\n- [tools] x86/insn: remove pcommit (Jeff Moyer) [1350153]\n- [x86] revert 'kvm: x86: add pcommit support' (Jeff Moyer) [1350153]\n- [tools] pmem: kill __pmem address space (Jeff Moyer) [1350153]\n- [kernel] pmem: kill wmb_pmem() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm, pmem: use nvdimm_flush() for namespace I/O writes (Jeff Moyer) [1350153]\n- [fs] dax: remove wmb_pmem() (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, pmem: flush posted-write queues on shutdown (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm, pmem: use REQ_FUA, REQ_FLUSH for nvdimm_flush() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm: cycle flush hints (Jeff Moyer) [1350153]\n- [kernel] libnvdimm: introduce nvdimm_flush() and nvdimm_has_flush() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm: keep region data alive over namespace removal (Jeff Moyer) [1350153]\n- [tools] testing/nvdimm: simulate multiple flush hints per-dimm (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, nfit: move flush hint mapping to region-device driver-data (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, nfit: remove nfit_spa_map() infrastructure (Jeff Moyer) [1350153]\n- [kernel] libnvdimm: introduce devm_nvdimm_memremap(), convert nfit_spa_map() users (Jeff Moyer) [1350153]\n- [acpi] nfit: dont override return value of nfit_mem_init (Jeff Moyer) [1350153]\n- [acpi] nfit: always associate flush hints (Jeff Moyer) [1350153]\n- [tools] testing/nvdimm: remove __wrap_devm_memremap_pages placeholder (Jeff Moyer) [1350153]\n- [kernel] devm: add helper devm_add_action_or_reset() (Jeff Moyer) [1350153]\n[3.10.0-503]\n- [scsi] sas: remove is_sas_attached() (Ewan Milne) [1370231]\n- [scsi] ses: use scsi_is_sas_rphy instead of is_sas_attached (Ewan Milne) [1370231]\n- [scsi] sas: provide stub implementation for scsi_is_sas_rphy (Ewan Milne) [1370231]\n- [target] lio: assume a maximum of 1024 iovecs (Andy Grover) [1367597]\n- [scsi] smartpqi: bump driver version (Scott Benesh) [1370631]\n- [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1370631]\n- [scsi] smartpqi: update maintainers (Scott Benesh) [1370631]\n- [scsi] smartpqi: update Kconfig (Scott Benesh) [1370631]\n- [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1370631]\n- [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1370631]\n- [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1370631]\n- [scsi] smartpqi: minor function reformating (Scott Benesh) [1370631]\n- [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1370631]\n- [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1370631]\n- [scsi] smartpqi: add kdump support (Scott Benesh) [1370631]\n- [scsi] smartpqi: enhance reset logic (Scott Benesh) [1370631]\n- [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1370631]\n- [scsi] smartpqi: simplify spanning (Scott Benesh) [1370631]\n- [scsi] smartpqi: change tmf macro names (Scott Benesh) [1370631]\n- [scsi] smartpqi: change aio sg processing (Scott Benesh) [1370631]\n[3.10.0-502]\n- [fs] rbd: add force close option (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'config_info' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'snap_id' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'cluster_fsid' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'client_addr' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: print capacity in decimal and features in hex (Ilya Dryomov) [1196119]\n- [fs] rbd: support for exclusive-lock feature (Ilya Dryomov) [1196119]\n- [fs] rbd: retry watch re-registration periodically (Ilya Dryomov) [1196119]\n- [fs] rbd: introduce a per-device ordered workqueue (Ilya Dryomov) [1196119]\n- [fs] libceph: rename ceph_client_id() -> ceph_client_gid() (Ilya Dryomov) [1196119]\n- [fs] libceph: support for blacklisting clients (Ilya Dryomov) [1196119]\n- [fs] libceph: support for lock.lock_info (Ilya Dryomov) [1196119]\n- [fs] libceph: support for advisory locking on RADOS objects (Ilya Dryomov) [1196119]\n- [fs] libceph: add ceph_osdc_call() single-page helper (Ilya Dryomov) [1196119]\n- [fs] libceph: support for CEPH_OSD_OP_LIST_WATCHERS (Ilya Dryomov) [1196119]\n- [fs] libceph: rename ceph_entity_name_encode() -> ceph_auth_entity_name_encode() (Ilya Dryomov) [1196119]\n- [fs] libceph: make cancel_generic_request() static (Ilya Dryomov) [1196119]\n- [fs] libceph: fix return value check in alloc_msg_with_page_vector() (Ilya Dryomov) [1196119]\n- [fs] ceph: fix symbol versioning for ceph_monc_do_statfs (Ilya Dryomov) [1196119]\n- [fs] libceph: add start en/decoding block helpers (Ilya Dryomov) [1196119]\n- [fs] libceph: add an ONSTACK initializer for oids (Ilya Dryomov) [1196119]\n- [fs] libceph: fix some missing includes (Ilya Dryomov) [1196119]\n- [mm] swap: flush lru pvecs on compound page arrival (Jerome Marchand) [1341766 1343920]\n- [md] raid1/raid10: slow down resync if there is non-resync activity pending (Jes Sorensen) [1371545]\n- [x86] hibernate: Use hlt_play_dead() when resuming from hibernation (Lenny Szubowicz) [1229590]\n- [x86] Mark Intel Purley 2 socket processor as supported (Steve Best) [1362645]\n- [i2c] i801: Add support for Kaby Lake PCH-H (David Arcari) [1310953]\n- [mfd] lpss: Add Intel Kaby Lake PCH-H PCI IDs (David Arcari) [1310953]\n- [usb] dwc3: pci: add Intel Kabylake PCI ID (David Arcari) [1310953]\n- [edac] sb_edac: Fix channel reporting on Knights Landing (Aristeu Rozanski) [1367330]\n- [include] bluetooth: Fix kabi breakage in struct hci_core (Don Zickus) [1370583]\n- [powerpc] pci: Fix endian bug in fixed PHB numbering (Gustavo Duarte) [1360353]\n- [powerpc] pci: Assign fixed PHB number based on device-tree properties (Gustavo Duarte) [1360353]\n[3.10.0-501]\n- [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1368201]\n- [netdrv] sfc: remove duplicate assignment (Jarod Wilson) [1368201]\n- [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1368201]\n- [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1368201]\n- [netdrv] sfc: avoid division by zero (Jarod Wilson) [1368201]\n- [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1368201]\n- [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1368201]\n- [netdrv] sfc: use new performance based event queue init (Jarod Wilson) [1368201]\n- [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1368201]\n- [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1368201]\n- [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1368201]\n- [netdrv] sfc: avoid -Wtype-limits warning (Jarod Wilson) [1368201]\n- [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1368201]\n- [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1368201]\n- [netdrv] sfc: Disable VLAN filtering by default if not strictly required (Jarod Wilson) [1368201]\n- [netdrv] sfc: VLAN filters must only be created if the firmware supports this (Jarod Wilson) [1368201]\n- [netdrv] sfc: Fix dup unknown multicast/unicast filters after datapath reset (Jarod Wilson) [1368201]\n- [netdrv] sfc: Refactor checks for invalid filter ID (Jarod Wilson) [1368201]\n- [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1368201]\n- [netdrv] sfc: Implement ndo_vlan_rx_{add, kill}_vid() callbacks (Jarod Wilson) [1368201]\n- [netdrv] sfc: Implement list of VLANs added over interface (Jarod Wilson) [1368201]\n- [netdrv] sfc: Make EF10 filter management helper functions VLAN-aware (Jarod Wilson) [1368201]\n- [netdrv] sfc: Store unicast and multicast promisc flag with address cache (Jarod Wilson) [1368201]\n- [netdrv] sfc: Move filter IDs to per-VLAN data structure (Jarod Wilson) [1368201]\n- [netdrv] sfc: Forget filter ID when the filter is marked old (Jarod Wilson) [1368201]\n- [netdrv] sfc: Assert filter_sem write locked when required (Jarod Wilson) [1368201]\n- [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1368201]\n- [netdrv] sfc: Move last mc_promisc flag to EF10 filter table state (Jarod Wilson) [1368201]\n- [netdrv] sfc: Define macro with EF10 offload feature (Jarod Wilson) [1368201]\n- [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1368201]\n- [netdrv] sfc: disable RSS when unsupported (Jarod Wilson) [1368201]\n- [netdrv] sfc: implement IPv6 NFC (and IPV4_USER_FLOW) (Jarod Wilson) [1368201]\n- [netdrv] i40iw: Receive notification events correctly (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Update hw_iwarp_state (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Send last streaming mode message for loopback connections (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Avoid writing to freed memory (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Fix double free of allocated_buffer (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Add missing NULL check for MPA private data (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Add missing check for interface already open (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Protect req_resource_num update (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Change mem_resources pointer to a u8 (Stefan Assmann) [1371734]\n- [netdrv] hv_netvsc: fix bonding devices check in netvsc_netdev_event() (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: protect module refcount by checking net_device_ctx->vf_netdev (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: reset vf_inject on VF removal (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: avoid deadlocks between rtnl lock and vf_use_cnt wait (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: dont lose VF information (Vitaly Kuznetsov) [1364333]\n- [netdrv] mlx4_en: Add resilience in low memory systems (kamal heib) [1367818]\n- [netdrv] net/mlx4_en: Move filters cleanup to a proper location (kamal heib) [1367818]\n[3.10.0-500]\n- [drm] amdgpu: Disable RPM helpers while reprobing connectors on resume (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Kabylake uses the same GMS values as Skylake (Rob Clark) [1348329 1349064]\n- [drm] i915/bxt: Broxton uses the same GMS values as Skylake (Rob Clark) [1348329 1349064]\n- [drm] i915/skl: Add the additional graphics stolen sizes (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Sprinkle const, __init and __initconst to stolen memory quirks (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Implement stolen memory size early quirk for CHV (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks (Rob Clark) [1348329 1349064]\n- [drm] makefile: update DRM version (Rob Clark) [1348329 1349064]\n- [drm] i915: Revert DisplayPort fast link training feature (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Fix error paths when mapping framebuffer (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Fix corner case screen target management (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Delay pinning fbdev framebuffer until after mode set (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Check pin count before attempting to move a buffer (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Work around mode set failure in 2D VMs (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Add an option to change assumed FB bpp (Rob Clark) [1348329 1349064]\n- [drm] ttm: Make ttm_bo_mem_compat available (Rob Clark) [1348329 1349064]\n- [drm] atomic: Make drm_atomic_legacy_backoff reset crtc->acquire_ctx (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix incorrect voltage table value for tonga (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: incorrectly use of the function return value (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix logic error (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: need to notify system bios pcie device ready (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix bug that function parameter was incorect (Rob Clark) [1348329 1349064]\n- [drm] make drm_atomic_set_mode_prop_for_crtc() more reliable (Rob Clark) [1348329 1349064]\n- [drm] add missing drm_mode_set_crtcinfo call (Rob Clark) [1348329 1349064]\n- [drm] i915: Refresh cached DP port register value on resume (Rob Clark) [1348329 1349064]\n- [drm] i915/ilk: Dont disable SSC source if its in use (Rob Clark) [1348329 1349064]\n- [drm] nouveau/disp/sor/gf119: select correct sor when poking training pattern (Rob Clark) [1348329 1349064]\n- [drm] nouveau: fix for disabled fbdev emulation (Rob Clark) [1348329 1349064]\n- [drm] nouveau/ltc/gm107-: fix typo in the address of NV_PLTCG_LTC0_LTS0_INTR (Rob Clark) [1348329 1349064]\n- [drm] nouveau/gr/gf100-: update sm error decoding from gk20a nvgpu headers (Rob Clark) [1348329 1349064]\n- [drm] nouveau/bios/disp: fix handling of 'match any protocol' entries (Rob Clark) [1348329 1349064]\n- [drm] dp/mst: Always clear proposed vcpi table for port (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: initialize amdgpu_cgs_acpi_eval_object result value (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: fix num_rbs exposed to userspace (v2) (Rob Clark) [1348329 1349064]\n- [drm] amdgpu/gfx7: fix broken condition check (Rob Clark) [1348329 1349064]\n- [drm] radeon: fix asic initialization for virtualized environments (Rob Clark) [1348329 1349064]\n- [drm] i915: Removing PCI IDs that are no longer listed as Kabylake (Rob Clark) [1348329 1349064]\n- [drm] i915: Add more Kabylake PCI IDs (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Introduce the first official DMC for Kabylake (Rob Clark) [1348329 1349064]\n- [drm] i915/bxt: Reject DMC firmware versions with known bugs (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: implement WaConextSwitchWithConcurrentTLBInvalidate (Rob Clark) [1348329 1349064]\n- [drm] i915: implement WaClearTdlStateAckDirtyBits (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaClearSlmSpaceAtContextSwitch (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableSbeCacheDispatchPortSharing (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableGafsUnitClkGating (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaForGAMHang (Rob Clark) [1348329 1349064]\n- [drm] i915: Add WaInsertDummyPushConstP for bxt and kbl (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableDynamicCreditSharing (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableLSQCROPERFforOCL (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableFenceDestinationToSLM for A0 (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaEnableGapsTsvCreditFix (Rob Clark) [1348329 1349064]\n- [drm] i915: Mimic skl with WaForceEnableNonCoherent (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: Always apply WaForceContextSaveRestoreNonCoherent (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaSkipStolenMemoryFirstPage for A0 (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add REVID macro (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Init gen9 workarounds (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: implement WaEnableSamplerGPGPUPreemptionSupport (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: add WaClearFlowControlGpgpuContextSave (Rob Clark) [1348329 1349064]\n- [drm] i915/skl: Add WaDisableGafsUnitClkGating (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: Add WaVFEStateAfterPipeControlwithMediaStateClear (Rob Clark) [1348329 1349064]\n- [drm] i915: Introduce Kabypoint PCH for Kabylake H/DT (Rob Clark) [1348329 1349064]\n- [drm] revert 'drm/i915: Exit cherryview_irq_handler() after one pass' (Rob Clark) [1348329 1349064]\n- [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1348329 1349064]\n- [drm] i915: Pass the correct crtc state to .update_plane() (Rob Clark) [1348329 1349064]\n- [drm] Add helper for DP++ adaptors (Rob Clark) [1348329 1349064]\n- [drm] i915: Fix watermarks for VLV/CHV (Rob Clark) [1348329 1349064]\n- [drm] i915: Dont leave old junk in ilk active watermarks on readout (Rob Clark) [1348329 1349064]\n- [drm] i915: Enable/disable TMDS output buffers in DP++ adaptor as needed (Rob Clark) [1348329 1349064]\n- [drm] i915: Respect DP++ adaptor TMDS clock limit (Rob Clark) [1348329 1349064]\n- [drm] i915/psr: Try to program link training times correctly (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: Fix hdmi deep color support (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: use drm_mode_vrefresh() rather than mode->vrefresh (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Kill some lockdep warnings (Rob Clark) [1348329 1349064]\n- [drm] gma500: Fix possible out of bounds read (Rob Clark) [1348329 1349064]\n[3.10.0-499]\n- [drm] i915/hsw: Disable PSR by default (Lyude Paul) [1367930]\n- [x86] nmi: Enable nested do_nmi() handling for 64-bit kernels (Jiri Olsa) [1365704]\n- [net] ipv4: igmp: Allow removing groups from a removed interface (Jiri Benc) [1369427]\n- [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1369325]\n- [net] sctp: linearize early if its not GSO (Marcelo Leitner) [1058148]\n- [net] sctp_diag: Respect ss adding TCPF_CLOSE to idiag_states (Phil Sutter) [1361728]\n- [net] sctp_diag: Fix T3_rtx timer export (Phil Sutter) [1361728]\n- [net] sctp: Export struct sctp_info to userspace (Phil Sutter) [1361728]\n- [net] macsec: ensure rx_sa is set when validation is disabled (Sabrina Dubroca) [1368429]\n- [net] macsec: use after free when deleting the underlying device (Sabrina Dubroca) [1368429]\n- [target] target/user: Fix failure to unlock a spinlock upon function return (Andy Grover) [1367873]\n- [target] target/user: Fix comments to not refer to data ring (Andy Grover) [1367873]\n- [target] target/user: Return an error if cmd data size is too large (Andy Grover) [1367873]\n- [target] target/user: Use sense_reason_t in tcmu_queue_cmd_ring (Andy Grover) [1367873]\n- [target] Backport tcm-user from 4.6 (Andy Grover) [1367873]\n- [uio] Export definition of struct uio_device (Andy Grover) [1367873]\n- [netdrv] i40iw: Add NULL check for puda buffer (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Change dup_ack_thresh to u8 (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Remove unnecessary check for moving CQ head (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Simplify code to set fragments in SQ WQE (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Remove unnecessary parameter to i40iw_cq_poll_completion (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Do not access pointer after free (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Correct and use size parameter to i40iw_reg_phys_mr (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Fix return codes (Stefan Assmann) [1367425]\n- [netdrv] i40e: Correcting mutex usage in client code (Stefan Assmann) [1367425]\n- [netdrv] i40e: Initialize pointer in client_release function (Stefan Assmann) [1367425]\n- [netdrv] i40e: Check client is open before calling client ops (Stefan Assmann) [1367425]\n- [netdrv] i40e: Force register writes to mitigate sync issues with iwarp VF driver (Stefan Assmann) [1367425]\n- [netdrv] i40e: Move the mutex lock in i40e_client_unregister (Stefan Assmann) [1367425]\n- [infiniband] ib/uverbs: Initialize ib_qp_init_attr with zeros (Honggang Li) [1365720]\n[3.10.0-498]\n- [scsi] aacraid: Check size values after double-fetch from user (Maurizio Lombardi) [1369771] {CVE-2016-6480}\n- [fs] block_dev.c: Remove WARN_ON() when inode writeback fails (Eric Sandeen) [1229014]\n- [fs] ext4: call sync_blockdev() before invalidate_bdev() in put_super() (Eric Sandeen) [1229014]\n- [mm] page_alloc: rename setup_pagelist_highmark() to match naming of pageset_set_batch() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: in zone_pcp_update(), uze zone_pageset_init() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor zone_pageset_init() out of setup_zone_pageset() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: relocate comment to be directly above code it refers to (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor setup_pageset() into pageset_init() and pageset_set_batch() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: when handling percpu_pagelist_fraction, dont unneedly recalulate high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: convert zone_pcp_update() to rely on memory barriers instead of stop_machine() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: protect pcp->batch accesses with ACCESS_ONCE (Pankaj Gupta) [1320834]\n- [mm] page_alloc: insert memory barriers to allow async update of pcp batch and high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: prevent concurrent updaters of pcp ->batch and ->high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor out setting of pcp->high and pcp->batch (Pankaj Gupta) [1320834]\n- [hid] i2c-hid: Fix suspend/resume when already runtime suspended (David Arcari) [1361625]\n- [hid] i2c-hid: Only disable irq wake if it was successfully enabled during suspend (David Arcari) [1361625]\n- [hid] i2c-hid: Call device suspend callback before disabling irq (David Arcari) [1361625]\n- [hid] i2c-hid: call the hid drivers suspend and resume callbacks (David Arcari) [1361625]\n- [hid] i2c-hid: add runtime PM support (David Arcari) [1361625]\n- [hid] i2c-hid: disable interrupt on suspend (David Arcari) [1361625]\n- [lib] rhashtable-test: calculate max_entries value by default (Phil Sutter) [1238749]\n- [x86] tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Prarit Bhargava) [1366396]\n- [x86] Block HPET on Purley 4S (Prarit Bhargava) [1365997]\n- [base] regmap: Skip read-only registers in regcache_sync() (Jaroslav Kysela) [1365905 1367789]\n- [tools] perf: Add sample_reg_mask to include all perf_regs (Steve Best) [1368934]\n- [netdrv] i40e: Change some init flow for the client (Stefan Assmann) [1369275]\n- [netdrv] mlx5e: Log link state changes (kamal heib) [1367822]\n[3.10.0-497]\n- [kernel] ftrace: fix traceoff_on_warning handling on boot command line ('Luis Claudio R. Goncalves') [1367650]\n- [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1364896]\n- [netdrv] cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled (Sai Vemuri) [1319437]\n- [netdrv] cxgb4/cxgb4vf: Add link mode mask API to cxgb4 and cxgb4vf (Sai Vemuri) [1365689]\n- [netdrv] cxgb4: Dont assume FW_PORT_CMD reply is always port info msg (Sai Vemuri) [1365689]\n- [netdrv] ethtool: add support for 25G/50G/100G speed modes (Sai Vemuri) [1365689]\n- [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1359439]\n- [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1359439]\n- [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1359439]\n- [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1359439]\n- [netdrv] brcmfmac: restore stopping netdev queue when bus clogs up (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: add new 8265 (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: add new 8260 PCI IDs (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: pcie: fix a race in firmware loading flow (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: pcie: enable interrupts before releasing the NICs CPU (Stanislaw Gruszka) [1365575]\n- [net] mac80211: fix purging multicast PS buffer queue (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: handle failed skb allocation (Stanislaw Gruszka) [1365575]\n- [net] nl80211: Move ACL parsing later to avoid a possible memory leak (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC header (Stanislaw Gruszka) [1365575]\n- [net] mac80211: Fix mesh estab_plinks counting in STA removal case (Stanislaw Gruszka) [1365575]\n- [netdrv] ath9k: fix GPIO mask for AR9462 and AR9565 (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix deadlock while processing rx_in_ord_ind (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix a few firmware capability checks (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: set the encryption type of an IGTK key (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder() (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix RCU splat in TKIPs update_key (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: increase scan timeout to 20 seconds (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: remove get/set antenna and tx power warnings (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix crash related to printing features (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix deadlock when peer cannot be created (Stanislaw Gruszka) [1365575]\n- [net] mac80211: fix fast_tx header alignment (Stanislaw Gruszka) [1365575]\n- [net] mac80211: mesh: flush mesh paths unconditionally (Stanislaw Gruszka) [1365575]\n- [netdrv] rtlwifi: Fix scheduling while atomic error from commit 49f86ec21c01 (Stanislaw Gruszka) [1365575]\n- [netdrv] brcmfmac: add fallback for devices that do not report per-chain values (Stanislaw Gruszka) [1365575]\n[3.10.0-496]\n- [infiniband] rdma/ocrdma: display ocrdma tech preview status (Honggang Li) [1334675]\n- [infiniband] ib/rdma_cm: fix panic when trying access default_roce_mode configfs (kamal heib) [1360276]\n- [infiniband] ib/hfi1: Fix mm_struct use after free (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add cache evict LRU list (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix memory leak during unexpected shutdown (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unneeded mm argument in remove function (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Consistently call ops->remove outside spinlock (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use evict mmu rb operation (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add evict operation to the mmu rb handler (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix TID caching actions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make the cache handler own its rb tree root (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make use of mm consistent (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix user SDMA racy user request claim (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix error condition that needs to clean up (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Release node on insert failure (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Validate SDMA user iovector count (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Validate SDMA user request index (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use the same capability state for all shared contexts (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Prevent null pointer dereference (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Rename TID mmu_rb_* functions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unneeded empty check in hfi1_mmu_rb_unregister() (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Restructure hfi1_file_open (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make iovec loop index easy to understand (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use 'false' not 0 (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused sub-context parameter (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Consolidate __mmu_rb_remove and hfi1_mmu_rb_remove (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Always expect ops functions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add parameter names to callback declarations (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add parameter names to function declarations (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused function hfi1_mmu_rb_search (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused uctxt->subpid and uctxt->pid (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix minor format error (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove TWSI references (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use built-in i2c bit-shift bus adapter (Alex Estrin) [1360929]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-09T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5195", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7039"], "modified": "2016-11-09T00:00:00", "id": "ELSA-2016-2574", "href": "http://linux.oracle.com/errata/ELSA-2016-2574.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2021-06-08T18:41:38", "description": "The openSUSE 13.2 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,\n which is reportedly exploited in the wild (bsc#1004418).\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the\n Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01,\n allowed local users to obtain sensitive physical-address information by\n reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges\n or cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation (bnc#994748).\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly\n determine the rate of challenge ACK segments, which made it easier for\n man-in-the-middle attackers to hijack TCP sessions via a blind in-window\n attack (bnc#989152)\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bnc#991608).\n - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the\n PIT counter values during state restoration, which allowed guest OS\n users to cause a denial of service (divide-by-zero error and host OS\n crash) via a zero value, related to the kvm_vm_ioctl_set_pit and\n kvm_vm_ioctl_set_pit2 functions (bnc#960689).\n - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass\n intended file-permission restrictions by setting a POSIX ACL, related to\n nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570).\n\n The following non-security bugs were fixed:\n\n - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520).\n - xen: Fix refcnt regression in xen netback introduced by changes made for\n bug#881008 (bnc#978094)\n - MSI-X: fix an error path (luckily none so far).\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n - usb: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n - Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch\n (bsc#986570 CVE#2016-1237).\n - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570\n CVE#2016-1237).\n - apparmor: fix change_hat not finding hat after policy replacement\n (bsc#1000287).\n - arm64: Honor __GFP_ZERO in dma allocations (bsc#1004045).\n - arm64: __clear_user: handle exceptions on strb (bsc#994752).\n - arm64: dma-mapping: always clear allocated buffers (bsc#1004045).\n - arm64: perf: reject groups spanning multiple HW PMUs (bsc#1003931).\n - blkfront: fix an error path memory leak (luckily none so far).\n - blktap2: eliminate deadlock potential from shutdown path (bsc#909994).\n - blktap2: eliminate race from deferred work queue handling (bsc#911687).\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir\n (bsc#999600).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - netback: fix flipping mode (bsc#996664).\n - netback: fix flipping mode (bsc#996664).\n - netfront: linearize SKBs requiring too many slots (bsc#991247).\n - nfsd: check permissions when setting ACLs (bsc#986570).\n - posix_acl: Add set_posix_acl (bsc#986570).\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n - tunnels: Do not apply GRO to multiple layers of encapsulation\n (bsc#1001486).\n - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices\n (bsc#922634).\n - x86: suppress lazy MMU updates during vmalloc fault processing\n (bsc#951155).\n - xen-netback-generalize.patch: Fold back into base patch.\n - xen3-patch-2.6.31.patch: Fold back into base patch.\n - xen3-patch-3.12.patch: Fold bac into base patch.\n - xen3-patch-3.15.patch: Fold back into base patch.\n - xen3-patch-3.3.patch: Fold back into base patch.\n - xen3-patch-3.9.patch: Fold bac into base patch.\n - xen3-patch-3.9.patch: Fold back into base patch.\n - xenbus: do not bail early from xenbus_dev_request_and_reply() (luckily\n none so far).\n - xenbus: inspect the correct type in xenbus_dev_request_and_reply().\n\n", "cvss3": {}, "published": "2016-10-25T19:06:08", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-6480", "CVE-2016-5696", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-7513", "CVE-2015-8956", "CVE-2016-1237", "CVE-2016-8658", "CVE-2016-5195", "CVE-2016-6327", "CVE-2016-0823"], "modified": "2016-10-25T19:06:08", "id": "OPENSUSE-SU-2016:2625-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-11-25T17:29:53", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.67 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel used an incorrect buffer size for certain timeout data,\n which allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bsc#1004517).\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bsc#995968).\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly\n determine the rate of challenge ACK segments, which made it easier for\n man-in-the-middle attackers to hijack TCP sessions via a blind in-window\n attack (bnc#989152).\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by changing a certain\n length value, aka a "double fetch" vulnerability (bnc#987542).\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation (bnc#994748).\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bnc#991608).\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges\n or cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers\n to cause a denial of service (stack consumption and panic) or possibly\n have unspecified other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by interleaved IPv4\n headers and GRE headers, a related issue to CVE-2016-7039 (bsc#1001486).\n\n The following non-security bugs were fixed:\n\n - aacraid: Fix RRQ overload (bsc#1003079).\n - acpi / PM: Ignore wakeup setting if the ACPI companion can't wake up\n (FATE#315621).\n - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520).\n - apparmor: add missing id bounds check on dfa verification (bsc#1000304).\n - apparmor: check that xindex is in trans_table bounds (bsc#1000304).\n - apparmor: do not expose kernel stack (bsc#1000304).\n - apparmor: don't check for vmalloc_addr if kvzalloc() failed\n (bsc#1000304).\n - apparmor: ensure the target profile name is always audited (bsc#1000304).\n - apparmor: exec should not be returning ENOENT when it denies\n (bsc#1000304).\n - apparmor: fix arg_size computation for when setprocattr is null\n terminated (bsc#1000304).\n - apparmor: fix audit full profile hname on successful load (bsc#1000304).\n - apparmor: fix change_hat not finding hat after policy replacement\n (bsc#1000287).\n - apparmor: fix disconnected bind mnts reconnection (bsc#1000304).\n - apparmor: fix log failures for all profiles in a set (bsc#1000304).\n - apparmor: fix module parameters can be changed after policy is locked\n (bsc#1000304).\n - apparmor: fix oops in profile_unpack() when policy_db is not present\n (bsc#1000304).\n - apparmor: fix oops, validate buffer size in apparmor_setprocattr()\n (bsc#1000304).\n - apparmor: fix put() parent ref after updating the active ref\n (bsc#1000304).\n - apparmor: fix refcount bug in profile replacement (bsc#1000304).\n - apparmor: fix refcount race when finding a child profile (bsc#1000304).\n - apparmor: fix replacement bug that adds new child to old parent\n (bsc#1000304).\n - apparmor: fix uninitialized lsm_audit member (bsc#1000304).\n - apparmor: fix update the mtime of the profile file on replacement\n (bsc#1000304).\n - apparmor: internal paths should be treated as disconnected (bsc#1000304).\n - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).\n - arm64: Ensure pmd_present() returns false after pmd_mknotpresent()\n (Automatic NUMA Balancing (fate#315482)).\n - arm64: mm: remove broken &= operator from pmd_mknotpresent (Automatic\n NUMA Balancing (fate#315482)).\n - avoid dentry crash triggered by NFS (bsc#984194).\n - be2net: Don't leak iomapped memory on removal (bsc#921784).\n - be2net: fix BE3-R FW download compatibility check (bsc#921784).\n - be2net: fix wrong return value in be_check_ufi_compatibility()\n (bsc#921784).\n - be2net: remove vlan promisc capability from VF's profile descriptors\n (bsc#921784).\n - blkfront: fix an error path memory leak (luckily none so far).\n - blk-mq: fix undefined behaviour in order_to_size() (fate#315209).\n - blktap2: eliminate deadlock potential from shutdown path (bsc#909994).\n - blktap2: eliminate race from deferred work queue handling (bsc#911687).\n - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes (fate#316924).\n - bonding: always set recv_probe to bond_arp_rcv in arp monitor\n (bsc#977687).\n - bonding: fix curr_active_slave/carrier with loadbalance arp monitoring\n (fate#316924).\n - bonding: Prevent IPv6 link local address on enslaved devices\n (fate#316924).\n - bonding: prevent out of bound accesses (fate#316924).\n - bonding: set carrier off for devices created through netlink\n (bsc#999577).\n - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction\n (bsc#983619).\n - btrfs: add missing discards when unpinning extents with -o discard\n (bsc#904489).\n - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector\n boundaries (bsc#904489).\n - btrfs: do not create or leak aliased root while cleaning up orphans\n (bsc#904489).\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir\n (bsc#999600).\n - btrfs: explictly delete unused block groups in close_ctree and\n ro-remount (bsc#904489).\n - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,\n bsc#984779)\n - btrfs: fix fitrim discarding device area reserved for boot loader's use\n (bsc#904489).\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n - btrfs: iterate over unused chunk space in FITRIM (bsc#904489).\n - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).\n - btrfs: properly track when rescan worker is running (bsc#989953).\n - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock\n (bsc#904489).\n - btrfs: reorder patches to place local patches back at the end of the\n series\n - btrfs: skip superblocks during discard (bsc#904489).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: waiting on qgroup rescan should not always be interruptible\n (bsc#992712).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - ceph: After a write, we must free the 'request', not the 'response'.\n This error crept in during the backport. bsc#995153\n - cephfs: ignore error from invalidate_inode_pages2_range() in direct\n write (bsc#995153).\n - cephfs: remove warning when ceph_releasepage() is called on dirty page\n (bsc#995153).\n - clockevents: export clockevents_unbind_device instead of\n clockevents_unbind (bnc#937888).\n - conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition\n (bsc#966864).\n - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).\n - cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338).\n - dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943)\n - Document the process to blacklist upstream commit-ids\n - drivers/hv: share Hyper-V SynIC constants with userspace (bnc#937888).\n - drivers: hv: vmbus: avoid scheduling in interrupt context in\n vmbus_initiate_unload() (bnc#937888).\n - drivers: hv: vmbus: avoid unneeded compiler optimizations in\n vmbus_wait_for_unload() (bnc#937888).\n - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#937888).\n - drivers: hv: vmbus: Cleanup vmbus_set_event() (bnc#937888).\n - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages\n (bnc#937888).\n - drivers: hv: vmbus: do not manipulate with clocksources on crash\n (bnc#937888).\n - drivers: hv: vmbus: Force all channel messages to be delivered on CPU 0\n (bnc#937888).\n - drivers: hv: vmbus: Get rid of the unused irq variable (bnc#937888).\n - drivers: hv: vmbus: handle various crash scenarios (bnc#937888).\n - drivers: hv: vmbus: remove code duplication in message handling\n (bnc#937888).\n - drivers: hv: vmbus: Support handling messages on multiple CPUs\n (bnc#937888).\n - drivers: hv: vmbus: Support kexec on ws2012 r2 and above (bnc#937888).\n - efi: Small leak on error in runtime map code (fate#315019).\n - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)\n - ext4: Add parameter for tuning handling of ext2 (bsc#976195).\n - ext4: Fixup handling for custom configs.\n - fs/select: add vmalloc fallback for select(2) (bsc#1000189).\n - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - hyperv: enable call to clockevents_unbind_device in kexec/kdump path\n - hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in\n the base kernel\n - i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659).\n - ib/iwpm: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338).\n - ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545\n FATE#316891).\n - input: Revert "can: dev: fix deadlock reported after bus-off".\n - input: Revert "Input: i8042 - break load dependency between\n atkbd/psmouse and i8042".\n - input: Revert "Input: i8042 - set up shared ps2_cmd_mutex for AUX ports".\n - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486).\n - iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772).\n - ipv6: Fix improper use or RCU (bsc#961257)\n - ipv6: fix multipath route replace error recovery (bsc#930399).\n - ipv6: KABI workaround for ipv6: add complete rcu protection around\n np->opt.\n - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).\n - ipv6: send only one NEWLINK when RA causes changes (bsc#934067).\n - iscsi: Add a missed complete in iscsit_close_connection (bsc#992555,\n bsc#987805).\n - iwlwifi: dvm: fix flush support for old firmware (bsc#940545).\n - kabi: clockevents: export clockevents_unbind again.\n - kabi: Fix kabi change cause by adding flock_owner to open_context\n (bsc#998689).\n - kabi: hide harmless change in struct inet_connection_sock (fate#318553).\n - kABI: protect backing-dev include in mm/migrate.\n - kABI: protect enum usb_device_speed.\n - kABI: protect struct mlx5_modify_qp_mbox_in.\n - kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420).\n - kernel/printk/printk.c: fix faulty logic in the case of recursive printk\n (bnc#744692, bnc#789311).\n - kvm: do not handle APIC access page if in-kernel irqchip is not in use\n (bsc#959463).\n - Kvm: vmx: defer load of APIC access page address during reset\n (bsc#959463).\n - libceph: enable large, variable-sized OSD requests (bsc#988715).\n - libceph: make r_request msg_size calculation clearer (bsc#988715).\n - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op\n (bsc#988715).\n - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715).\n - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715).\n - libfc: do not send ABTS when resetting exchanges (bsc#962846).\n - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS\n response (bsc#962846).\n - libfc: Fixup disc_mutex handling (bsc#962846).\n - libfc: fixup locking of ptp_setup() (bsc#962846).\n - libfc: Issue PRLI after a PRLO has been received (bsc#962846).\n - libfc: reset exchange manager during LOGO handling (bsc#962846).\n - libfc: Revisit kref handling (bnc#990245).\n - libfc: sanity check cpu number extracted from xid (bsc#988440).\n - libfc: send LOGO for PLOGI failure (bsc#962846).\n - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).\n - md: check command validity early in md_ioctl() (bsc#1004520).\n - md: Drop sending a change uevent when stopping (bsc#1003568).\n - md: lockless I/O submission for RAID1 (bsc#982783).\n - md/raid5: fix a recently broken BUG_ON() (bsc#1006691).\n - memcg: convert threshold to bytes (bnc#931454).\n - memcg: fix thresholds for 32b architectures (bnc#931454).\n - mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975\n VM performance -- git fixes).\n - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED\n (VM Functionality, bnc#986445).\n - module: Issue warnings when tainting kernel (bsc#974406).\n - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).\n - MSI-X: fix an error path (luckily none so far).\n - netback: fix flipping mode (bsc#996664).\n - netback: fix refounting (bsc#978094).\n - netfront: don't truncate grant references.\n - netfront: use correct linear area after linearizing an skb (bsc#1007886).\n - nfs4: reset states to use open_stateid when returning delegation\n voluntarily (bsc#1003400).\n - nfs: Add a stub for GETDEVICELIST (bnc#898675).\n - nfs: Do not write enable new pages while an invalidation is proceeding\n (bsc#999584).\n - nfsd: Use free_conn to free connection (bsc#979451).\n - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).\n - nfs: Fix a regression in the read() syscall (bsc#999584).\n - nfs: fix BUG() crash in notify_change() with patch to chown_common()\n (bnc#876463).\n - nfs: fix pg_test page count calculation (bnc#898675).\n - nfs: nfs4_fl_prepare_ds must be careful about reporting success\n (bsc#1000776).\n - nfsv4: add flock_owner to open context (bnc#998689).\n - nfsv4: change nfs4_do_setattr to take an open_context instead of a\n nfs4_state (bnc#998689).\n - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of\n lock_owner (bnc#998689).\n - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is\n one (bnc#998689).\n - nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT\n (bnc#866130).\n - oom: print nodemask in the oom report (bnc#1003866).\n - packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131).\n - perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM\n (bsc#997896).\n - pm / hibernate: Fix 2G size issue of snapshot image verification\n (bsc#1004252).\n - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends\n (bnc#860441).\n - powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825).\n - printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928).\n - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).\n - qlcnic: potential NULL dereference in\n qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609)\n - radeon: avoid boot hang in Xen Dom0 (luckily none so far).\n - ratelimit: extend to print suppressed messages on release (bsc#979928).\n - ratelimit: fix bug in time interval by resetting right begin time\n (bsc#979928).\n - rbd: truncate objects on cmpext short reads (bsc#988715).\n - rpm/config.sh: Set the SP1 release string to 60.<RELEASE> (bsc#997059)\n - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)\n - rtnetlink: avoid 0 sized arrays (fate#316924).\n - s390: add SMT support (bnc#994438, LTC#144756).\n - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()\n (bnc#1001419).\n - sched/core: Fix a race between try_to_wake_up() and a woken up task\n (bsc#1002165, bsc#1001419).\n - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).\n - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).\n - sd: Fix memory leak caused by RESET_WP patch (bsc#999779).\n - squashfs3: properly handle dir_emit() failures (bsc#998795).\n - sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT\n (bnc#868923).\n - sunrpc: Fix a regression when reconnecting (bsc#946309).\n - supported.conf: Add ext2\n - supported.conf: Add iscsi modules to -base (bsc#997299)\n - supported.conf: Add tun to -base (bsc#992593)\n - supported.conf: Add veth to -base (bsc#992591)\n - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP\n (bsc#987621).\n - target: Fix race between iscsi-target connection shutdown + ABORT_TASK\n (bsc#987621).\n - tcp: add proper TS val into RST packets (bsc#937086).\n - tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086).\n - tcp: fix child sockets to use system default congestion control if not\n set (fate#318553).\n - tcp: fix cwnd limited checking to improve congestion control\n (bsc#988617).\n - tcp: refresh skb timestamp at retransmit time (bsc#937086).\n - timers: Use proper base migration in add_timer_on() (bnc#993392).\n - tunnels: Do not apply GRO to multiple layers of encapsulation\n (bsc#1001486).\n - tunnels: Remove encapsulation offloads on decap (bsc#1001486).\n - Update\n patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-before-enabli.patch\n (bsc#967640, bsc#992244).\n - Update patches.kabi/kabi.clockevents_unbind.patch (bnc#937888).\n - uprobes: Fix the memcg accounting (bnc#931454).\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices\n (bsc#922634).\n - usb: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n - vmxnet3: Wake queue from reset work (bsc#999907).\n - x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance\n git-fixes).\n - xenbus: don't invoke ->is_ready() for most device states (bsc#987333).\n - xenbus: inspect the correct type in xenbus_dev_request_and_reply().\n - xen: Linux 3.12.63.\n - xen/pciback: Fix conf_space read/write overlap check.\n - xen-pciback: return proper values during BAR sizing.\n - xen: Refresh patches.xen/xen3-patch-3.9 (bsc#991247).\n - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n - xfs: fixed signedness of error code in xfs_inode_buf_verify\n (bsc#1003153).\n - xfs: fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.patch\n (bsc#1003153).\n - xfs: handle dquot buffer readahead in log recovery correctly\n (bsc#955446).\n - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n - xhci: silence warnings in switch (bnc#991665).\n\n", "cvss3": {}, "published": "2016-11-25T17:07:36", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7097", "CVE-2016-6480", "CVE-2016-8666", "CVE-2016-5696", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-8956", "CVE-2016-8658", "CVE-2016-7039", "CVE-2016-6327", "CVE-2016-6130", "CVE-2016-7042"], "modified": "2016-11-25T17:07:36", "id": "SUSE-SU-2016:2912-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-11/msg00041.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:42:29", "description": "The openSUSE 13.1 kernel was updated to 3.12.67 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on the ARM\n platform, when KVM is used, allowed host OS users to cause a denial of\n service (NULL pointer dereference, OOPS, and host OS crash) or possibly\n have unspecified other impact by omitting vCPU initialization before a\n KVM_GET_REG_LIST ioctl call. (bsc#994758)\n - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel\n allowed local users to gain privileges by triggering access to a paging\n structure by a different CPU (bnc#963767).\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel used an incorrect buffer size for certain timeout data,\n which allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bnc#1004517).\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bnc#995968).\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges or\n cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation (bnc#994748).\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly\n determine the rate of challenge ACK segments, which made it easier for\n remote attackers to hijack TCP sessions via a blind in-window attack\n (bnc#989152).\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by changing a certain\n length value, aka a "double fetch" vulnerability (bnc#987542).\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bnc#991608).\n\n The following non-security bugs were fixed:\n\n - aacraid: Fix RRQ overload (bsc#1003079).\n - acpi / pm: Ignore wakeup setting if the ACPI companion can't wake up\n (FATE#315621).\n - af_vsock: Shrink the area influenced by prepare_to_wait (bsc#994520).\n - apparmor: add missing id bounds check on dfa verification (bsc#1000304).\n - apparmor: check that xindex is in trans_table bounds (bsc#1000304).\n - apparmor: do not check for vmalloc_addr if kvzalloc() failed\n (bsc#1000304).\n - apparmor: do not expose kernel stack (bsc#1000304).\n - apparmor: ensure the target profile name is always audited (bsc#1000304).\n - apparmor: exec should not be returning ENOENT when it denies\n (bsc#1000304).\n - apparmor: fix arg_size computation for when setprocattr is null\n terminated (bsc#1000304).\n - apparmor: fix audit full profile hname on successful load (bsc#1000304).\n - apparmor: fix change_hat not finding hat after policy replacement\n (bsc#1000287).\n - apparmor: fix disconnected bind mnts reconnection (bsc#1000304).\n - apparmor: fix log failures for all profiles in a set (bsc#1000304).\n - apparmor: fix module parameters can be changed after policy is locked\n (bsc#1000304).\n - apparmor: fix oops in profile_unpack() when policy_db is not present\n (bsc#1000304).\n - apparmor: fix oops, validate buffer size in apparmor_setprocattr()\n (bsc#1000304).\n - apparmor: fix put() parent ref after updating the active ref\n (bsc#1000304).\n - apparmor: fix refcount bug in profile replacement (bsc#1000304).\n - apparmor: fix refcount race when finding a child profile (bsc#1000304).\n - apparmor: fix replacement bug that adds new child to old parent\n (bsc#1000304).\n - apparmor: fix uninitialized lsm_audit member (bsc#1000304).\n - apparmor: fix update the mtime of the profile file on replacement\n (bsc#1000304).\n - apparmor: internal paths should be treated as disconnected (bsc#1000304).\n - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).\n - arm64: Ensure pmd_present() returns false after pmd_mknotpresent()\n (Automatic NUMA Balancing (fate#315482)).\n - arm64: mm: remove broken &= operator from pmd_mknotpresent (Automatic\n NUMA Balancing (fate#315482)).\n - avoid dentry crash triggered by NFS (bsc#984194).\n - be2net: Do not leak iomapped memory on removal (bsc#921784 FATE#318561).\n - be2net: fix BE3-R FW download compatibility check (bsc#921784\n FATE#318561).\n - be2net: fix wrong return value in be_check_ufi_compatibility()\n (bsc#921784 FATE#318561).\n - be2net: remove vlan promisc capability from VF's profile descriptors\n (bsc#921784 FATE#318561).\n - blacklist.conf:\n - blacklist.conf: 78f3d050c34b We do not support fsl hardware\n - blacklist.conf: add 5195c14c8b27 (reverted and superseded by a commit we\n already have)\n - blacklist.conf: Add entry for 7bf52fb891b64b8d61caf0b82060adb9db761aec\n The commit 7bf52fb891b6 ("mm: vmscan: reclaim highmem zone if\n buffer_heads is over limit") is unnecessary as the fix is also available\n from commit d4debc66d1fc ("vmscan: remove unnecessary temporary vars in\n do_try_to_free_pages").\n - blacklist.conf: add pointless networking follow-up fixes\n - blacklist.conf: Add two fanotify commits which we do not need (fixes tag\n was not quite accurate)\n - blacklist.conf: Blacklist unsupported architectures\n - blkfront: fix an error path memory leak (luckily none so far).\n - blk-mq: fix undefined behaviour in order_to_size() (fate#315209).\n - blktap2: eliminate deadlock potential from shutdown path (bsc#909994).\n - blktap2: eliminate race from deferred work queue handling (bsc#911687).\n - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes (fate#316924).\n - bonding: always set recv_probe to bond_arp_rcv in arp monitor\n (bsc#977687).\n - bonding: fix curr_active_slave/carrier with loadbalance arp monitoring\n (fate#316924).\n - bonding: Prevent IPv6 link local address on enslaved devices\n (fate#316924).\n - bonding: prevent out of bound accesses (fate#316924).\n - bonding: set carrier off for devices created through netlink\n (bsc#999577).\n - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction\n (bsc#983619).\n - btrfs: add missing discards when unpinning extents with -o discard\n (bsc#904489).\n - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector\n boundaries (bsc#904489).\n - btrfs: do not create or leak aliased root while cleaning up orphans\n (bsc#904489).\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir\n (bsc#999600).\n - btrfs: explictly delete unused block groups in close_ctree and\n ro-remount (bsc#904489).\n - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,\n bsc#984779)\n - btrfs: fix fitrim discarding device area reserved for boot loader's use\n (bsc#904489).\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n - btrfs: iterate over unused chunk space in FITRIM (bsc#904489).\n - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).\n - btrfs: properly track when rescan worker is running (bsc#989953).\n - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock\n (bsc#904489).\n - btrfs: reorder patches to place local patches back at the end of the\n series\n - btrfs: skip superblocks during discard (bsc#904489).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: waiting on qgroup rescan should not always be interruptible\n (bsc#992712).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - cephfs: ignore error from invalidate_inode_pages2_range() in direct\n write (bsc#995153).\n - cephfs: remove warning when ceph_releasepage() is called on dirty page\n (bsc#995153).\n - clockevents: export clockevents_unbind_device instead of\n clockevents_unbind (bnc#937888).\n - conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition\n (bsc#966864).\n - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).\n - cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338).\n - dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943)\n - drivers/hv: share Hyper-V SynIC constants with userspace (bnc#937888).\n - drivers: hv: vmbus: avoid scheduling in interrupt context in\n vmbus_initiate_unload() (bnc#937888).\n - drivers: hv: vmbus: avoid unneeded compiler optimizations in\n vmbus_wait_for_unload() (bnc#937888).\n - drivers: hv: vmbus: avoid wait_for_completion() on crash (bnc#937888).\n - drivers: hv: vmbus: Cleanup vmbus_set_event() (bnc#937888).\n - drivers: hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages\n (bnc#937888).\n - drivers: hv: vmbus: do not manipulate with clocksources on crash\n (bnc#937888).\n - drivers: hv: vmbus: Force all channel messages to be delivered on CPU 0\n (bnc#937888).\n - drivers: hv: vmbus: Get rid of the unused irq variable (bnc#937888).\n - drivers: hv: vmbus: handle various crash scenarios (bnc#937888).\n - drivers: hv: vmbus: remove code duplication in message handling\n (bnc#937888).\n - drivers: hv: vmbus: Support handling messages on multiple CPUs\n (bnc#937888).\n - drivers: hv: vmbus: Support kexec on ws2012 r2 and above (bnc#937888).\n - efi: Small leak on error in runtime map code (fate#315019).\n - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)\n - ext4: Add parameter for tuning handling of ext2 (bsc#976195).\n - Fix kabi change cause by adding flock_owner to open_context (bsc#998689).\n - fix pCPU handling (luckily none so far).\n - fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.patch\n (bsc#1003153).\n - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655,\n bsc#979681).\n - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).\n - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).\n - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).\n - fs/cifs: make share unaccessible at root level mountable (bsc#799133).\n - fs/cifs: Move check for prefix path to within cifs_get_root()\n (bsc#799133).\n - fs/cifs: REVERT fix wrongly prefixed path to root (bsc#963655,\n bsc#979681)\n - fs/select: add vmalloc fallback for select(2) (bsc#1000189).\n - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - hyperv: enable call to clockevents_unbind_device in kexec/kdump path\n - hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in\n the base kernel\n - i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659).\n - ib/IWPM: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338).\n - ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545\n FATE#316891).\n - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486).\n - iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772).\n - ipv6: fix multipath route replace error recovery (bsc#930399).\n - ipv6: KABI workaround for ipv6: add complete rcu protection around\n np->opt.\n - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).\n - ipv6: send only one NEWLINK when RA causes changes (bsc#934067).\n - iscsi: Add a missed complete in iscsit_close_connection (bsc#992555,\n bsc#987805).\n - iwlwifi: dvm: fix flush support for old firmware (bsc#940545).\n - kabi: clockevents: export clockevents_unbind again.\n - kabi: hide harmless change in struct inet_connection_sock (fate#318553).\n - kABI: protect backing-dev include in mm/migrate.\n - kABI: protect enum usb_device_speed.\n - kABI: protect struct mlx5_modify_qp_mbox_in.\n - kABI: protect struct mmc_packed (kabi).\n - kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420).\n - kernel/printk/printk.c: fix faulty logic in the case of recursive printk\n (bnc#744692, bnc#789311).\n - kvm: do not handle APIC access page if in-kernel irqchip is not in use\n (bsc#959463).\n - kvm: vmx: defer load of APIC access page address during reset\n (bsc#959463).\n - libceph: enable large, variable-sized OSD requests (bsc#988715).\n - libceph: make r_request msg_size calculation clearer (bsc#988715).\n - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op\n (bsc#988715).\n - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715).\n - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715).\n - libfc: do not send ABTS when resetting exchanges (bsc#962846).\n - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS\n response (bsc#962846).\n - libfc: Fixup disc_mutex handling (bsc#962846).\n - libfc: fixup locking of ptp_setup() (bsc#962846).\n - libfc: Issue PRLI after a PRLO has been received (bsc#962846).\n - libfc: reset exchange manager during LOGO handling (bsc#962846).\n - libfc: Revisit kref handling (bnc#990245).\n - libfc: sanity check cpu number extracted from xid (bsc#988440).\n - libfc: send LOGO for PLOGI failure (bsc#962846).\n - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).\n - md: check command validity early in md_ioctl() (bsc#1004520).\n - md: Drop sending a change uevent when stopping (bsc#1003568).\n - md: lockless I/O submission for RAID1 (bsc#982783).\n - md/raid5: fix a recently broken BUG_ON() (bsc#1006691).\n - memcg: convert threshold to bytes (bnc#931454).\n - memcg: fix thresholds for 32b architectures (bnc#931454).\n - mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975\n VM performance -- git fixes).\n - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED\n (VM Functionality, bnc#986445).\n - module: Issue warnings when tainting kernel (bsc#974406).\n - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).\n - mpt3sas: Update\n patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-before-enabli.patch\n (bsc#967640, bsc#992244).\n - msi-x: fix an error path (luckily none so far).\n - netback: fix flipping mode (bsc#996664).\n - netback: fix refounting (bsc#978094).\n - netfront: do not truncate grant references.\n - netfront: use correct linear area after linearizing an skb (bsc#1007886).\n - nfs4: reset states to use open_stateid when returning delegation\n voluntarily (bsc#1003400).\n - nfs: Add a stub for GETDEVICELIST (bnc#898675).\n - nfs: Do not write enable new pages while an invalidation is proceeding\n (bsc#999584).\n - nfsd: Use free_conn to free connection (bsc#979451).\n - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).\n - nfs: Fix a regression in the read() syscall (bsc#999584).\n - nfs: fix BUG() crash in notify_change() with patch to chown_common()\n (bnc#876463).\n - nfs: fix pg_test page count calculation (bnc#898675).\n - nfs: nfs4_fl_prepare_ds must be careful about reporting success\n (bsc#1000776).\n - nfsv4: add flock_owner to open context (bnc#998689).\n - nfsv4: change nfs4_do_setattr to take an open_context instead of a\n nfs4_state (bnc#998689).\n - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of\n lock_owner (bnc#998689).\n - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is\n one (bnc#998689).\n - nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT\n (bnc#866130).\n - oom: print nodemask in the oom report (bnc#1003866).\n - packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131).\n - perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM\n (bsc#997896).\n - pm / hibernate: Fix 2G size issue of snapshot image verification\n (bsc#1004252).\n - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends\n (bnc#860441).\n - powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825).\n - printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928).\n - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).\n - qlcnic: potential NULL dereference in\n qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609)\n - radeon: avoid boot hang in Xen Dom0 (luckily none so far).\n - ratelimit: extend to print suppressed messages on release (bsc#979928).\n - ratelimit: fix bug in time interval by resetting right begin time\n (bsc#979928).\n - rbd: truncate objects on cmpext short reads (bsc#988715).\n - rcu: Fix improper use or RCU in\n patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch.\n (bsc#961257)\n - Refresh patches.suse/CFS-0259-ceph-Asynchronous-IO-support.patch. After\n a write, we must free the 'request', not the 'response'. This error\n crept in during the backport. bsc#995153\n - Refresh patches.xen/xen3-patch-3.9 (bsc#991247).\n - Rename\n patches.xen/xen3-kgr-{0107,1003}-reserve-a-place-in-thread_struct-for-stori\n ng-RIP.patch to match its non-Xen counterpart.\n - Revert "can: dev: fix deadlock reported after bus-off".\n - Revert "Input: i8042 - break load dependency between atkbd/psmouse and\n i8042".\n - Revert "Input: i8042 - set up shared ps2_cmd_mutex for AUX ports".\n - rpm/config.sh: do not prepend "60." to release string This is needed for\n SLE maintenance workflow, no need for that in evergreen-13.1.\n - rpm/config.sh: Set the SP1 release string to 60.<RELEASE> (bsc#997059)\n - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)\n - rtnetlink: avoid 0 sized arrays (fate#316924).\n - s390: add SMT support (bnc#994438, LTC#144756).\n - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()\n (bnc#1001419).\n - sched/core: Fix a race between try_to_wake_up() and a woken up task\n (bsc#1002165, bsc#1001419).\n - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).\n - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).\n - sd: Fix memory leak caused by RESET_WP patch (bsc#999779).\n - squashfs3: properly handle dir_emit() failures (bsc#998795).\n - sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT\n (bnc#868923).\n - sunrpc: Fix a regression when reconnecting (bsc#946309).\n - supported.conf: Add ext2\n - supported.conf: Add iscsi modules to -base (bsc#997299)\n - supported.conf: Add tun to -base (bsc#992593)\n - supported.conf: Add veth to -base (bsc#992591)\n - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP\n (bsc#987621).\n - target: Fix race between iscsi-target connection shutdown + ABORT_TASK\n (bsc#987621).\n - tcp: add proper TS val into RST packets (bsc#937086).\n - tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086).\n - tcp: fix child sockets to use system default congestion control if not\n set (fate#318553).\n - tcp: fix cwnd limited checking to improve congestion control\n (bsc#988617).\n - tcp: refresh skb timestamp at retransmit time (bsc#937086).\n - timers: Use proper base migration in add_timer_on() (bnc#993392).\n - tunnels: Do not apply GRO to multiple layers of encapsulation\n (bsc#1001486).\n - tunnels: Remove encapsulation offloads on decap (bsc#1001486).\n - Update patches.kabi/kabi.clockevents_unbind.patch (bnc#937888).\n - uprobes: Fix the memcg accounting (bnc#931454).\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices\n (bsc#922634).\n - usb: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n - vmxnet3: Wake queue from reset work (bsc#999907).\n - x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance\n git-fixes).\n - xenbus: do not invoke ->is_ready() for most device states (bsc#987333).\n - xenbus: inspect the correct type in xenbus_dev_request_and_reply().\n - xen: Linux 3.12.63.\n - xen: Linux 3.12.64.\n - xen/pciback: Fix conf_space read/write overlap check.\n - xen-pciback: return proper values during BAR sizing.\n - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n - xfs: fixed signedness of error code in xfs_inode_buf_verify\n (bsc#1003153).\n - xfs: handle dquot buffer readahead in log recovery correctly\n (bsc#955446).\n - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n - xhci: silence warnings in switch (bnc#991665).\n\n", "cvss3": {}, "published": "2016-12-06T13:08:43", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7097", "CVE-2016-6480", "CVE-2016-2069", "CVE-2013-5634", "CVE-2016-5696", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-8956", "CVE-2016-8658", "CVE-2016-6327", "CVE-2016-6130", "CVE-2016-7042"], "modified": "2016-12-06T13:08:43", "id": "OPENSUSE-SU-2016:3021-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00013.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-12-30T18:05:47", "description": "The SUSE Linux Enterprise 12 SP1 RT kernel was updated to 3.12.67 to\n receive various security and bugfixes.\n\n This feature was added:\n\n - fate#320805: Execute in place (XIP) support for the ext2 filesystem.\n\n The following security bugs were fixed:\n\n - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel\n allowed local users to gain privileges by triggering access to a paging\n structure by a different CPU (bnc#963767).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bnc#986362).\n - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,\n which is reportedly exploited in the wild (bsc#1004418).\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly\n determine the rate of challenge ACK segments, which made it easier for\n man-in-the-middle attackers to hijack TCP sessions via a blind in-window\n attack (bnc#989152)\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by changing a certain\n length value, aka a "double fetch" vulnerability (bnc#987542)\n - CVE-2016-6327: System using the infiniband support module ib_srpt were\n vulnerable to a denial of service by system crash by a local attacker\n who is able to abort writes by sending the ABORT_TASK command\n (bsc#994758)\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bnc#991608)\n - CVE-2016-6828: Use after free 4 in tcp_xmit_retransmit_queue or other\n tcp_ functions (bsc#994296)\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel used an incorrect buffer size for certain timeout data,\n which allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bsc#1004517).\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bsc#995968).\n - CVE-2016-7425: A buffer overflow in the Linux Kernel in\n arcmsr_iop_message_xfer() could have caused kernel heap corruption and\n arbitraty kernel code execution (bsc#999932)\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bsc#1004462).\n\n The following non-security bugs were fixed:\n\n - aacraid: Fix RRQ overload (bsc#1003079).\n - acpi / PM: Ignore wakeup setting if the ACPI companion can't wake up.\n - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520).\n - apparmor: add missing id bounds check on dfa verification (bsc#1000304).\n - apparmor: check that xindex is in trans_table bounds (bsc#1000304).\n - apparmor: do not expose kernel stack (bsc#1000304).\n - apparmor: don't check for vmalloc_addr if kvzalloc() failed\n (bsc#1000304).\n - apparmor: ensure the target profile name is always audited (bsc#1000304).\n - apparmor: exec should not be returning ENOENT when it denies\n (bsc#1000304).\n - apparmor: fix arg_size computation for when setprocattr is null\n terminated (bsc#1000304).\n - apparmor: fix audit full profile hname on successful load (bsc#1000304).\n - apparmor: fix change_hat not finding hat after policy replacement\n (bsc#1000287).\n - apparmor: fix disconnected bind mnts reconnection (bsc#1000304).\n - apparmor: fix log failures for all profiles in a set (bsc#1000304).\n - apparmor: fix module parameters can be changed after policy is locked\n (bsc#1000304).\n - apparmor: fix oops in profile_unpack() when policy_db is not present\n (bsc#1000304).\n - apparmor: fix oops, validate buffer size in apparmor_setprocattr()\n (bsc#1000304).\n - apparmor: fix put() parent ref after updating the active ref\n (bsc#1000304).\n - apparmor: fix refcount bug in profile replacement (bsc#1000304).\n - apparmor: fix refcount race when finding a child profile (bsc#1000304).\n - apparmor: fix replacement bug that adds new child to old parent\n (bsc#1000304).\n - apparmor: fix uninitialized lsm_audit member (bsc#1000304).\n - apparmor: fix update the mtime of the profile file on replacement\n (bsc#1000304).\n - apparmor: internal paths should be treated as disconnected (bsc#1000304).\n - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).\n - arm64: Ensure pmd_present() returns false after pmd_mknotpresent()\n (Automatic NUMA Balancing).\n - avoid dentry crash triggered by NFS (bsc#984194).\n - be2net: Don't leak iomapped memory on removal (bsc#921784 FATE#318561).\n - be2net: fix BE3-R FW download compatibility check (bsc#921784\n FATE#318561).\n - be2net: fix wrong return value in be_check_ufi_compatibility()\n (bsc#921784 FATE#318561).\n - be2net: remove vlan promisc capability from VF's profile descriptors\n (bsc#921784 FATE#318561).\n - blkfront: fix an error path memory leak (luckily none so far).\n - blk-mq: fix undefined behaviour in order_to_size().\n - blktap2: eliminate deadlock potential from shutdown path (bsc#909994).\n - blktap2: eliminate race from deferred work queue handling (bsc#911687).\n - bluetooth: Fix potential NULL dereference in RFCOMM bind callback\n (bsc#1003925, CVE-2015-8956).\n - bond: Check length of IFLA_BOND_ARP_IP_TARGET attributes.\n - bonding: always set recv_probe to bond_arp_rcv in arp monitor\n (bsc#977687).\n - bonding: fix curr_active_slave/carrier with loadbalance arp monitoring.\n - bonding: Prevent IPv6 link local address on enslaved devices.\n - bonding: prevent out of bound accesses.\n - bonding: set carrier off for devices created through netlink\n (bsc#999577).\n - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction\n (bsc#983619).\n - btrfs: add missing discards when unpinning extents with -o discard\n (bsc#904489).\n - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector\n boundaries (bsc#904489).\n - btrfs: Disable\n btrfs-8448-improve-performance-on-fsync-against-new-inode.patch\n (bsc#981597).\n - btrfs: do not create or leak aliased root while cleaning up orphans\n (bsc#904489).\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir\n (bsc#999600).\n - btrfs: explictly delete unused block groups in close_ctree and\n ro-remount (bsc#904489).\n - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,\n bsc#984779)\n - btrfs: fix fitrim discarding device area reserved for boot loader's use\n (bsc#904489).\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n - btrfs: iterate over unused chunk space in FITRIM (bsc#904489).\n - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).\n - btrfs: properly track when rescan worker is running (bsc#989953).\n - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock\n (bsc#904489).\n - btrfs: skip superblocks during discard (bsc#904489).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: waiting on qgroup rescan should not always be interruptible\n (bsc#992712).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - cephfs: ignore error from invalidate_inode_pages2_range() in direct\n write (bsc#995153).\n - cephfs: remove warning when ceph_releasepage() is called on dirty page\n (bsc#995153).\n - ceph: Refresh patches.suse/CFS-0259-ceph-Asynchronous-IO-support.patch.\n After a write, we must free the 'request', not the 'response'\n (bsc#995153).\n - clockevents: export clockevents_unbind_device instead of\n clockevents_unbind (bnc#937888).\n - conntrack: RFC5961 challenge ACK confuse conntrack LAST-ACK transition\n (bsc#966864).\n - cxgbi: fix uninitialized flowi6 (bsc#924384 FATE#318570 bsc#921338).\n - dm: fix AB-BA deadlock in __dm_destroy(). (bsc#970943)\n - efi: Small leak on error in runtime map code (fate#315019).\n - ext2: Enable ext2 driver in config files (bsc#976195).\n - ext4: Add parameter for tuning handling of ext2 (bsc#976195).\n - Fix kabi change cause by adding flock_owner to open_context (bsc#998689).\n - fix xfs-handle-dquot-buffer-readahead-in-log-recovery-co.patch\n (bsc#1003153).\n - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)\n - fs/select: add vmalloc fallback for select(2) (bsc#1000189).\n - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - hyperv: enable call to clockevents_unbind_device in kexec/kdump path\n - hyperv: replace KEXEC_CORE by plain KEXEC because we lack 2965faa5e0 in\n the base kernel\n - i40e: fix an uninitialized variable bug (bnc#857397 FATE#315659).\n - ib/iwpm: Fix a potential skb leak (bsc#924381 FATE#318568 bsc#921338).\n - ib/mlx5: Fix RC transport send queue overhead computation (bnc#865545\n FATE#316891).\n - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486).\n - iommu/amd: Update Alias-DTE in update_device_table() (bsc#975772).\n - ipv6: Fix improper use or RCU in\n patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch.\n (bsc#961257).\n - ipv6: fix multipath route replace error recovery (bsc#930399).\n - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).\n - ipv6: send only one NEWLINK when RA causes changes (bsc#934067).\n - iscsi: Add a missed complete in iscsit_close_connection (bsc#992555,\n bsc#987805).\n - kabi: work around kabi changes from commit 53f9ff48f636 (bsc#988617).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd (bnc#941420).\n - kernel/printk: fix faulty logic in the case of recursive printk\n (bnc#744692, bnc#789311).\n - kvm: do not handle APIC access page if in-kernel irqchip is not in use\n (bsc#959463).\n - kvm: vmx: defer load of APIC access page address during reset\n (bsc#959463).\n - libceph: enable large, variable-sized OSD requests (bsc#988715).\n - libceph: make r_request msg_size calculation clearer (bsc#988715).\n - libceph: move r_reply_op_{len,result} into struct ceph_osd_req_op\n (bsc#988715).\n - libceph: osdc->req_mempool should be backed by a slab pool (bsc#988715).\n - libceph: rename ceph_osd_req_op::payload_len to indata_len (bsc#988715).\n - libfc: do not send ABTS when resetting exchanges (bsc#962846).\n - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS\n response (bsc#962846).\n - libfc: Fixup disc_mutex handling (bsc#962846).\n - libfc: fixup locking of ptp_setup() (bsc#962846).\n - libfc: Issue PRLI after a PRLO has been received (bsc#962846).\n - libfc: reset exchange manager during LOGO handling (bsc#962846).\n - libfc: Revisit kref handling (bnc#990245).\n - libfc: sanity check cpu number extracted from xid (bsc#988440).\n - libfc: send LOGO for PLOGI failure (bsc#962846).\n - md: check command validity early in md_ioctl() (bsc#1004520).\n - md: Drop sending a change uevent when stopping (bsc#1003568).\n - md: lockless I/O submission for RAID1 (bsc#982783).\n - md/raid5: fix a recently broken BUG_ON() (bsc#1006691).\n - mm, cma: prevent nr_isolated_* counters from going negative (bnc#971975).\n - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED\n (VM Functionality, bnc#986445).\n - module: Issue warnings when tainting kernel (bsc#974406).\n - mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).\n - mpt3sas: Update\n patches.drivers/mpt3sas-Fix-use-sas_is_tlr_enabled-API-before-enabli.patch\n (bsc#967640, bsc#992244).\n - msi-x: fix an error path (luckily none so far).\n - netback: fix flipping mode (bsc#996664).\n - netback: fix refounting (bsc#978094).\n - netfront: don't truncate grant references.\n - netfront: use correct linear area after linearizing an skb (bsc#1007886).\n - nfs4: reset states to use open_stateid when returning delegation\n voluntarily (bsc#1003400).\n - nfs: Add a stub for GETDEVICELIST (bnc#898675).\n - nfs: Do not write enable new pages while an invalidation is proceeding\n (bsc#999584).\n - nfsd: Use free_conn to free connection (bsc#979451).\n - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).\n - nfs: Fix a regression in the read() syscall (bsc#999584).\n - nfs: fix BUG() crash in notify_change() with patch to chown_common()\n (bnc#876463).\n - nfs: fix pg_test page count calculation (bnc#898675).\n - nfs: nfs4_fl_prepare_ds must be careful about reporting success\n (bsc#1000776).\n - nfsv4: add flock_owner to open context (bnc#998689).\n - nfsv4: change nfs4_do_setattr to take an open_context instead of a\n nfs4_state (bnc#998689).\n - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of\n lock_owner (bnc#998689).\n - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is\n one (bnc#998689).\n - nfsv4: Ensure nfs_atomic_open set the dentry verifier on ENOENT\n (bnc#866130).\n - oops on restarting network with bonding mode4 (lacp) (bsc#876145).\n - packet: tpacket_snd(): fix signed/unsigned comparison (bsc#874131).\n - perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM\n (bsc#997896).\n - PM / hibernate: Fix 2G size issue of snapshot image verification\n (bsc#1004252).\n - PM / hibernate: Fix rtree_next_node() to avoid walking off list ends\n (bnc#860441).\n - powerpc: add kernel parameter iommu_alloc_quiet (bsc#998825).\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n - printk: add kernel parameter to control writes to /dev/kmsg (bsc#979928).\n - qgroup: Prevent qgroup->reserved from going subzero (bsc#993841).\n - qlcnic: potential NULL dereference in\n qlcnic_83xx_get_minidump_template() (bsc#922064 FATE#318609)\n - radeon: avoid boot hang in Xen Dom0 (luckily none so far).\n - ratelimit: extend to print suppressed messages on release (bsc#979928).\n - ratelimit: fix bug in time interval by resetting right begin time\n (bsc#979928).\n - rbd: truncate objects on cmpext short reads (bsc#988715).\n - Revert "Input: i8042 - break load dependency between atkbd/psmouse and\n i8042".\n - Revert "Input: i8042 - set up shared ps2_cmd_mutex for AUX ports".\n - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)\n - rtnetlink: avoid 0 sized arrays.\n - RTNL: assertion failed at dev.c (bsc#875631).\n - s390: add SMT support (bnc#994438).\n - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()\n (bnc#1001419).\n - sched/core: Fix a race between try_to_wake_up() and a woken up task\n (bsc#1002165, bsc#1001419).\n - scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).\n - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n - scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).\n - sd: Fix memory leak caused by RESET_WP patch (bsc#999779).\n - squashfs3: properly handle dir_emit() failures (bsc#998795).\n - SUNRPC: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT\n (bnc#868923).\n - SUNRPC: Fix a regression when reconnecting (bsc#946309).\n - supported.conf: Add ext2\n - supported.conf: Add iscsi modules to -base (bsc#997299)\n - supported.conf: Add tun to -base (bsc#992593)\n - supported.conf: Add veth to -base (bsc#992591)\n - target: Fix missing complete during ABORT_TASK + CMD_T_FABRIC_STOP\n (bsc#987621).\n - target: Fix race between iscsi-target connection shutdown + ABORT_TASK\n (bsc#987621).\n - tcp: add proper TS val into RST packets (bsc#937086).\n - tcp: align tcp_xmit_size_goal() on tcp_tso_autosize() (bsc#937086).\n - tcp: fix child sockets to use system default congestion control if not\n set.\n - tcp: fix cwnd limited checking to improve congestion control\n (bsc#988617).\n - tcp: refresh skb timestamp at retransmit time (bsc#937086).\n - timers: Use proper base migration in add_timer_on() (bnc#993392).\n - tunnels: Do not apply GRO to multiple layers of encapsulation\n (bsc#1001486).\n - tunnels: Remove encapsulation offloads on decap (bsc#1001486).\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices\n (bsc#922634).\n - usb: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n - vmxnet3: Wake queue from reset work (bsc#999907).\n - x86: Removed the free memblock of hibernat keys to avoid memory\n corruption (bsc#990058).\n - x86/tlb/trace: Do not trace on CPU that is offline (TLB Performance\n git-fixes).\n - xenbus: don't invoke ->is_ready() for most device states (bsc#987333).\n - xenbus: inspect the correct type in xenbus_dev_request_and_reply().\n - xen/pciback: Fix conf_space read/write overlap check.\n - xen-pciback: return proper values during BAR sizing.\n - xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n - xfs: fixed signedness of error code in xfs_inode_buf_verify\n (bsc#1003153).\n - xfs: handle dquot buffer readahead in log recovery correctly\n (bsc#955446).\n - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n - xhci: Check if slot is already in default state before moving it there\n (FATE#315518).\n - xhci: silence warnings in switch (bnc#991665).\n\n", "cvss3": {}, "published": "2016-12-30T18:09:32", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-7097", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-5696", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-8956", "CVE-2016-8658", "CVE-2016-5195", "CVE-2016-6327", "CVE-2016-6130", "CVE-2016-4998", "CVE-2016-7042"], "modified": "2016-12-30T18:09:32", "id": "SUSE-SU-2016:3304-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-15T21:00:01", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to\n receive various security and bugfixes.\n\n The following feature was implemented:\n\n - The ext2 filesystem got reenabled and supported to allow support for\n "XIP" (Execute In Place) (FATE#320805).\n\n\n The following security bugs were fixed:\n\n - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bsc#1021258).\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bnc#995968).\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an incorrect segment\n selector(SS) value error. A user/process inside guest could have used\n this flaw to crash the guest resulting in DoS or potentially escalate\n their privileges inside guest. (bsc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel\n networking subsystem could enable a local malicious application to\n execute arbitrary code within the context of the kernel. This issue is\n rated as Moderate because it first requires compromising a privileged\n process and current compiler optimizations restrict access to the\n vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18.\n Android ID: A-31349935 (bnc#1014746).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed (bnc#1010716).\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (use-after-free)\n via vectors involving omission of the firmware name from a certain data\n structure (bnc#1010478).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (use-after-free) by leveraging incorrect handling of an swevent\n data structure during a CPU unplug operation (bnc#1010502).\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in\n lib/assoc_array.c in the Linux kernel did not check whether a slot is a\n leaf, which allowed local users to obtain sensitive information from\n kernel memory or cause a denial of service (invalid pointer dereference\n and out-of-bounds read) via an application that uses associative-array\n data structures, as demonstrated by the keyutils test suite\n (bnc#1010475).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote\n attackers to execute arbitrary code via crafted fragmented packets\n (bnc#1008833).\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed\n local users to bypass integer overflow checks, and cause a denial of\n service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS\n ioctl call, aka a "state machine confusion bug (bnc#1007197).\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel\n misused the kzalloc function, which allowed local users to cause a\n denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file (bnc#1007197).\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel uses an incorrect buffer size for certain timeout data,\n which allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bnc#1004517).\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges or\n cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation (bnc#994748).\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly\n determine the rate of challenge ACK segments, which made it easier for\n remote attackers to hijack TCP sessions via a blind in-window attack\n (bnc#989152).\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by changing a certain\n length value, aka a "double fetch" vulnerability (bnc#987542).\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bnc#991608).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bnc#986362 bnc#986365).\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n mishandled transactional state, which allowed local users to cause a\n denial of service (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact by starting and\n suspending a transaction before an exec system call (bnc#986569).\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allow local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n\n The following non-security bugs were fixed:\n\n - base: make module_create_drivers_dir race-free (bnc#983977).\n - btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable\n (bsc#981597).\n - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction\n (bsc#983619).\n - btrfs: be more precise on errors when getting an inode from disk\n (bsc#981038).\n - btrfs: do not create or leak aliased root while cleaning up orphans\n (bsc#994881).\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir\n (bsc#999600).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n - btrfs: improve performance on fsync against new inode after\n rename/unlink (bsc#981038).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)\n - ext4: Add parameter for tuning handling of ext2 (bsc#976195).\n - ext4: Fixup handling for custom configs in tuning.\n - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - ipv6: Fix improper use or RCU in\n patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch.\n (bsc#961257)\n - ipv6: KABI workaround for ipv6: add complete rcu protection around\n np->opt.\n - kabi: prevent spurious modversion changes after bsc#982544 fix\n (bsc#982544).\n - kabi: reintroduce sk_filter (kabi).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612, fate#313296).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,\n fate#313296).\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED\n (VM Functionality, bnc#986445).\n - modsign: Print appropriate status message when accessing UEFI variable\n (bsc#958606).\n - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).\n - mpt3sas: Fix panic when aer correct error occurred (bsc#997708,\n bsc#999943).\n - netfilter: allow logging fron non-init netns (bsc#970083).\n - netfilter: bridge: do not leak skb in error paths (bsc#982544).\n - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in\n br_validate_ipv6 (bsc#982544).\n - nfs: Do not write enable new pages while an invalidation is proceeding\n (bsc#999584).\n - nfs: Fix a regression in the read() syscall (bsc#999584).\n - pci/aer: Clear error status registers during enumeration and restore\n (bsc#985978).\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n - scsi: Increase REPORT_LUNS timeout (bsc#982282).\n - series.conf: move stray netfilter patches to the right section\n - squashfs3: properly handle dir_emit() failures (bsc#998795).\n - supported.conf: Add ext2\n - timers: Use proper base migration in add_timer_on() (bnc#993392).\n - tty: audit: Fix audit source (bsc#1016482).\n - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n - usb: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n - xen: Fix refcnt regression in xen netback introduced by changes made for\n bug#881008 (bnc#978094)\n - xfs: allow lazy sb counter sync during filesystem freeze sequence\n (bsc#980560).\n - xfs: fixed signedness of error code in xfs_inode_buf_verify\n (bsc#1003153).\n - xfs: fix premature enospc on inode allocation (bsc#984148).\n - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).\n - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).\n - xfs: refactor xlog_recover_process_data() (bsc#1019300).\n - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n - xhci: silence warnings in switch (bnc#991665).\n\n", "cvss3": {}, "published": "2017-02-15T21:07:58", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9806", "CVE-2016-7097", "CVE-2016-7910", "CVE-2017-2584", "CVE-2016-8633", "CVE-2016-9084", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-6480", "CVE-2016-7911", "CVE-2016-10088", "CVE-2016-5828", "CVE-2015-8962", "CVE-2015-8964", "CVE-2017-5551", "CVE-2016-5696", "CVE-2014-9904", "CVE-2017-2583", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-8963", "CVE-2016-9083", "CVE-2016-5829", "CVE-2015-8956", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-7913", "CVE-2016-8658", "CVE-2016-6327", "CVE-2016-4470", "CVE-2016-6130", "CVE-2016-7914", "CVE-2016-4998", "CVE-2016-7042", "CVE-2016-8645"], "modified": "2017-02-15T21:07:58", "id": "SUSE-SU-2017:0471-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00025.html", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-03-14T18:57:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:3021-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7097", "CVE-2016-6480", "CVE-2016-2069", "CVE-2013-5634", "CVE-2016-5696", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-8956", "CVE-2016-8658", "CVE-2016-6327", "CVE-2016-6130", "CVE-2016-7042"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851444", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851444", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851444\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:01:26 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2013-5634\", \"CVE-2015-8956\", \"CVE-2016-2069\", \"CVE-2016-5696\",\n \"CVE-2016-6130\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-6828\",\n \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-7425\", \"CVE-2016-8658\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:3021-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.1 kernel was updated to 3.12.67 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2013-5634: arch/arm/kvm/arm.c in the Linux kernel on the ARM\n platform, when KVM is used, allowed host OS users to cause a denial of\n service (NULL pointer dereference, OOPS, and host OS crash) or possibly\n have unspecified other impact by omitting vCPU initialization before a\n KVM_GET_REG_LIST ioctl call. (bsc#994758)\n\n - CVE-2016-2069: Race condition in arch/x86/mm/tlb.c in the Linux kernel\n allowed local users to gain privileges by triggering access to a paging\n structure by a different CPU (bnc#963767).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel used an incorrect buffer size for certain timeout data,\n which allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bnc#995968).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges or\n cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation (bnc#994748).\n\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n fai ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Kernel on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:3021-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.12.67_58~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.12.67_58~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.12.67_58~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.12.67_58~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.12.67_58~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.12.67_58~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.2~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.2_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.2_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.2_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.2_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.2_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.2_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.12.67_58~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.12.67_58~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.12.67_58~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.12.67_58~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.12.67_58~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.12.67_58~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.21.1~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.21.1~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.21.1~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.21.1~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.21.1_k3.12.67_58~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.21.1_k3.12.67_58~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.21.1_k3.12.67_58~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.21.1_k3.12.67_58~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.21.1_k3.12.67_58~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.21.1_k3.12.67_58~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget\", rpm:\"iscsitarget~1.4.20.3~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debuginfo\", rpm:\"iscsitarget-debuginfo~1.4.20.3~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debugsource\", rpm:\"iscsitarget-debugsource~1.4.20.3~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default\", rpm:\"iscsitarget-kmp-default~1.4.20.3_k3.12.67_58~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default-debuginfo\", rpm:\"iscsitarget-kmp-default-debuginfo~1.4.20.3_k3.12.67_58~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop\", rpm:\"iscsitarget-kmp-desktop~1.4.20.3_k3.12.67_58~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop-debuginfo\", rpm:\"iscsitarget-kmp-desktop-debuginfo~1.4.20.3_k3.12.67_58~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen\", rpm:\"iscsitarget-kmp-xen~1.4.20.3_k3.12.67_58~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen-debuginfo\", rpm:\"iscsitarget-kmp-xen-debuginfo~1.4.20.3_k3.12.67_58~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.21.1~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.21.1~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper\", rpm:\"ndiswrapper~1.58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debuginfo\", rpm:\"ndiswrapper-debuginfo~1.58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debugsource\", rpm:\"ndiswrapper-debugsource~1.58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default\", rpm:\"ndiswrapper-kmp-default~1.58_k3.12.67_58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default-debuginfo\", rpm:\"ndiswrapper-kmp-default-debuginfo~1.58_k3.12.67_58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop\", rpm:\"ndiswrapper-kmp-desktop~1.58_k3.12.67_58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop-debuginfo\", rpm:\"ndiswrapper-kmp-desktop-debuginfo~1.58_k3.12.67_58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch\", rpm:\"openvswitch~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller\", rpm:\"openvswitch-controller~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller-debuginfo\", rpm:\"openvswitch-controller-debuginfo~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debuginfo\", rpm:\"openvswitch-debuginfo~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debugsource\", rpm:\"openvswitch-debugsource~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default\", rpm:\"openvswitch-kmp-default~1.11.0_k3.12.67_58~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default-debuginfo\", rpm:\"openvswitch-kmp-default-debuginfo~1.11.0_k3.12.67_58~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop\", rpm:\"openvswitch-kmp-desktop~1.11.0_k3.12.67_58~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop-debuginfo\", rpm:\"openvswitch-kmp-desktop-debuginfo~1.11.0_k3.12.67_58~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen\", rpm:\"openvswitch-kmp-xen~1.11.0_k3.12.67_58~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen-debuginfo\", rpm:\"openvswitch-kmp-xen-debuginfo~1.11.0_k3.12.67_58~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-pki\", rpm:\"openvswitch-pki~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch\", rpm:\"openvswitch-switch~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch-debuginfo\", rpm:\"openvswitch-switch-debuginfo~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-test\", rpm:\"openvswitch-test~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.12.67_58~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.12.67_58~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.12.67_58~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.12.67_58~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch\", rpm:\"python-openvswitch~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch-test\", rpm:\"python-openvswitch-test~1.11.0~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20130607~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default\", rpm:\"vhba-kmp-default~20130607_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo\", rpm:\"vhba-kmp-default-debuginfo~20130607_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop\", rpm:\"vhba-kmp-desktop~20130607_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo\", rpm:\"vhba-kmp-desktop-debuginfo~20130607_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen\", rpm:\"vhba-kmp-xen~20130607_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo\", rpm:\"vhba-kmp-xen-debuginfo~20130607_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.3.4_10_k3.12.67_58~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.3.4_10_k3.12.67_58~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.3.4_10_k3.12.67_58~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.3.4_10_k3.12.67_58~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.3~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.3~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.3~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.3_k3.12.67_58~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.3_k3.12.67_58~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.3_k3.12.67_58~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.3_k3.12.67_58~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.3_k3.12.67_58~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.3_k3.12.67_58~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.12.67~58.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~4.2.36~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools\", rpm:\"xen-xend-tools~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools-debuginfo\", rpm:\"xen-xend-tools-debuginfo~4.3.4_10~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.12.67_58~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.12.67_58~11.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.2_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.2_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.12.67_58~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.12.67_58~16.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.21.1_k3.12.67_58~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.21.1_k3.12.67_58~2.40.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae\", rpm:\"iscsitarget-kmp-pae~1.4.20.3_k3.12.67_58~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae-debuginfo\", rpm:\"iscsitarget-kmp-pae-debuginfo~1.4.20.3_k3.12.67_58~13.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae\", rpm:\"ndiswrapper-kmp-pae~1.58_k3.12.67_58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae-debuginfo\", rpm:\"ndiswrapper-kmp-pae-debuginfo~1.58_k3.12.67_58~37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae\", rpm:\"openvswitch-kmp-pae~1.11.0_k3.12.67_58~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae-debuginfo\", rpm:\"openvswitch-kmp-pae-debuginfo~1.11.0_k3.12.67_58~0.43.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.12.67_58~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.12.67_58~258.37.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae\", rpm:\"vhba-kmp-pae~20130607_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo\", rpm:\"vhba-kmp-pae-debuginfo~20130607_k3.12.67_58~2.36.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~4.2.36_k3.12.67_58~2.68.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.3.4_10_k3.12.67_58~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.3.4_10_k3.12.67_58~69.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.3_k3.12.67_58~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.3_k3.12.67_58~2.35.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.12.67~58.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:55:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2625-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-6480", "CVE-2016-5696", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-7513", "CVE-2015-8956", "CVE-2016-1237", "CVE-2016-8658", "CVE-2016-5195", "CVE-2016-6327", "CVE-2016-0823"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851420", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851420\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 05:01:03 +0200 (Wed, 26 Oct 2016)\");\n script_cve_id(\"CVE-2015-7513\", \"CVE-2015-8956\", \"CVE-2016-0823\", \"CVE-2016-1237\",\n \"CVE-2016-5195\", \"CVE-2016-5696\", \"CVE-2016-6327\", \"CVE-2016-6480\",\n \"CVE-2016-6828\", \"CVE-2016-7117\", \"CVE-2016-7425\", \"CVE-2016-8658\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2625-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.2 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n\n - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed,\n which is reportedly exploited in the wild (bsc#1004418).\n\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the\n Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01,\n allowed local users to obtain sensitive physical-address information by\n reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges\n or cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation (bnc#994748).\n\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly\n determine the rate of challenge ACK segments, which made it easier for\n man-in-the-middle attackers to hijack TCP sessions via a blind in-window\n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2625-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch\", rpm:\"bbswitch~0.8~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-debugsource\", rpm:\"bbswitch-debugsource~0.8~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-default\", rpm:\"bbswitch-kmp-default~0.8_k3.16.7_45~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-default-debuginfo\", rpm:\"bbswitch-kmp-default-debuginfo~0.8_k3.16.7_45~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-desktop\", rpm:\"bbswitch-kmp-desktop~0.8_k3.16.7_45~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-desktop-debuginfo\", rpm:\"bbswitch-kmp-desktop-debuginfo~0.8_k3.16.7_45~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-xen\", rpm:\"bbswitch-kmp-xen~0.8_k3.16.7_45~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-xen-debuginfo\", rpm:\"bbswitch-kmp-xen-debuginfo~0.8_k3.16.7_45~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.16.7_45~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.16.7_45~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.16.7_45~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.16.7_45~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.16.7_45~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.16.7_45~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.8~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.8_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.8_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.8_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.8_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.8_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.8_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.16.7_45~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.16.7_45~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.16.7_45~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.16.7_45~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.16.7_45~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.16.7_45~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.23~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.23~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.23~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.23~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.23_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.23_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.23_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.23_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.23_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.23_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.23~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.23~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.16.7_45~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.16.7_45~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.16.7_45~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.16.7_45~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20140629~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default\", rpm:\"vhba-kmp-default~20140629_k3.16.7_45~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo\", rpm:\"vhba-kmp-default-debuginfo~20140629_k3.16.7_45~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop\", rpm:\"vhba-kmp-desktop~20140629_k3.16.7_45~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo\", rpm:\"vhba-kmp-desktop-debuginfo~20140629_k3.16.7_45~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen\", rpm:\"vhba-kmp-xen~20140629_k3.16.7_45~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo\", rpm:\"vhba-kmp-xen-debuginfo~20140629_k3.16.7_45~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.6~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.6~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.6~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.6_k3.16.7_45~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.6_k3.16.7_45~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.6_k3.16.7_45~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.6_k3.16.7_45~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.6_k3.16.7_45~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.6_k3.16.7_45~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.16.7~45.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~5.0.28~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.4.4_05_k3.16.7_45~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.4.4_05_k3.16.7_45~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.4.4_05_k3.16.7_45~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.4.4_05_k3.16.7_45~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.4.4_05~51.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.16.7~45.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-pae\", rpm:\"bbswitch-kmp-pae~0.8_k3.16.7_45~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-pae-debuginfo\", rpm:\"bbswitch-kmp-pae-debuginfo~0.8_k3.16.7_45~3.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.16.7_45~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.16.7_45~14.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.8_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.8_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.16.7_45~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.16.7_45~18.23.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.23_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.23_k3.16.7_45~22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.16.7_45~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.16.7_45~260.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae\", rpm:\"vhba-kmp-pae~20140629_k3.16.7_45~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo\", rpm:\"vhba-kmp-pae-debuginfo~20140629_k3.16.7_45~2.22.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~5.0.28_k3.16.7_45~54.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.6_k3.16.7_45~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.6_k3.16.7_45~24.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:36:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2016-9754", "CVE-2017-7261", "CVE-2017-16525", "CVE-2014-9529", "CVE-2014-9420", "CVE-2016-4568", "CVE-2016-2383", "CVE-2013-2892", "CVE-2014-2568", "CVE-2017-18204", "CVE-2014-9730", "CVE-2016-7915", "CVE-2014-7843", "CVE-2018-16276", "CVE-2016-2070", "CVE-2016-6327", "CVE-2017-9605", "CVE-2018-1094", "CVE-2016-3134"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191472", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191472", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1472\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-2892\", \"CVE-2014-2568\", \"CVE-2014-7843\", \"CVE-2014-9420\", \"CVE-2014-9529\", \"CVE-2014-9730\", \"CVE-2016-2070\", \"CVE-2016-2383\", \"CVE-2016-3134\", \"CVE-2016-4568\", \"CVE-2016-6327\", \"CVE-2016-7915\", \"CVE-2016-9754\", \"CVE-2017-16525\", \"CVE-2017-18079\", \"CVE-2017-18204\", \"CVE-2017-7261\", \"CVE-2017-9605\", \"CVE-2018-1094\", \"CVE-2018-16276\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:49:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1472)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1472\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1472\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1472 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915)\n\nThe Linux kernel, before version 4.14.2, is vulnerable to a deadlock caused by fs/ocfs2/file.c:ocfs2_setattr(), as the function does not wait for DIO requests before locking the inode. This can be exploited by local users to cause a subsequent denial of service.(CVE-2017-18204)\n\nThe vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.(CVE-2017-9605)\n\nUse-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.(CVE-2014-2568)\n\nIt was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.(CVE-2014-9420)\n\nAn integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\nA symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9730)\n\nIn was found that in the Linux kernel ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-11T15:45:07", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1494)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6787", "CVE-2016-7097", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-4913", "CVE-2016-4581", "CVE-2016-5696", "CVE-2016-6136", "CVE-2016-4569", "CVE-2016-6828", "CVE-2016-5829", "CVE-2016-6198", "CVE-2016-4997", "CVE-2016-6197", "CVE-2016-7039", "CVE-2016-5195", "CVE-2016-6786", "CVE-2016-4578", "CVE-2016-6327", "CVE-2016-4805", "CVE-2016-4580", "CVE-2016-4998", "CVE-2016-7042"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562311220191494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191494", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1494\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_cve_id(\"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5195\", \"CVE-2016-5696\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6197\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-6828\", \"CVE-2016-7039\", \"CVE-2016-7042\", \"CVE-2016-7097\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1494)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1494\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1494\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1494 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in Linux kernel. There is an information leak in file 'sound/core/timer.c' of the latest mainline Linux kernel, the stack object thread has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak.(CVE-2016-4569)\n\nA vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object r1 has a total size of 32 bytes. Its field event and val both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized.(CVE-2016-4578)\n\nThe x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)\n\nfs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581)\n\nUse after free vulnerability was found in percpu using previously allocated memory in bpf. First __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed.(CVE-2016-4794)\n\nUse-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.(CVE-2016-4805)\n\nA vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb __copy_to_user() from a buffer allocated by __get_free_page().(CVE-2016-4913)\n\nA flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This fl ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2016:2574-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-3070", "CVE-2016-2069", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-2847", "CVE-2016-3156", "CVE-2015-8746", "CVE-2016-6136", "CVE-2015-8812", "CVE-2016-4569", "CVE-2015-8543", "CVE-2015-8374", "CVE-2016-3699", "CVE-2016-5829", "CVE-2016-6198", "CVE-2015-8956", "CVE-2013-4312", "CVE-2016-4578", "CVE-2016-5412", "CVE-2016-6327", "CVE-2016-3841", "CVE-2015-8844", "CVE-2016-2117", "CVE-2015-8845"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871708", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2016:2574-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871708\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:42:52 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\",\n \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\",\n \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\",\n \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\",\n \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\",\n \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\",\n \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2016:2574-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\n the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of service\n(use-after-free and system crash) via a crafted sendmsg system call.\n(CVE-2016-3841, Important)\n\n * Several Moderate and Low impact security issues were found in the Linux\nkernel. Space precludes documenting each of these issues in this advisory.\nRefer to the CVE links in the References section for a description of each\nof these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543,\nCVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069,\nCVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327,\nCVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384,\nCVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053 Tetsuo Handa for reporting CVE-2016-2847 the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117 and Linn Crosetto\n(HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by\nVenkatesh Pottem (Red Hat Engineering) the CVE-2015-8844 and CVE-2015-8845\nissues were discovered by Miroslav Vadkerti (Red Hat Engineering) the\nCVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat) the\nCVE-2016-6198 issue was discovered by CAI Qian (Red Hat) and the\nCVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2574-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2023-09-10T12:39:29", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-03T06:07:15", "type": "redhat", "title": "(RHSA-2016:2584) Important: kernel-rt security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2017-13167"], "modified": "2018-04-20T08:55:08", "id": "RHSA-2016:2584", "href": "https://access.redhat.com/errata/RHSA-2016:2584", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-10T12:39:29", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-03T06:07:14", "type": "redhat", "title": "(RHSA-2016:2574) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2018-10-22T15:17:57", "id": "RHSA-2016:2574", "href": "https://access.redhat.com/errata/RHSA-2016:2574", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2023-09-27T03:28:59", "description": "## Summary\n\nVulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. The applicable CVEs are CVE-2016-7117 CVE-2016-6828 \nCVE-2016-10229 CVE-2016-6480 CVE-2016-6327 CVE-2016-6198 CVE-2016-6136 CVE-2016-5829 CVE-2016-5828 CVE-2016-5412 CVE-2016-4794 CVE-2016-4581 CVE-2016-4578 CVE-2016-3699 CVE-2016-3156 CVE-2016-4569 CVE-2016-2847 CVE-2016-2384 CVE-2016-2069 CVE-2016-2053 CVE-2015-8956 CVE-2015-8845 CVE-2015-8844 CVE-2015-8812 CVE-2015-8746 CVE-2015-8543 CVE-2015-8374 CVE-2013-4312 and CVE-2016-3070. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-7117_](<https://vulners.com/cve/CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-6828_](<https://vulners.com/cve/CVE-2016-6828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly maintain certain SACK state in tcp_check_send_head function in include/net/tcp.h. By executing a specially-crafted SACK option, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118135_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118135>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-10229_](<https://vulners.com/cve/CVE-2016-10229>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-6480_](<https://vulners.com/cve/CVE-2016-6480>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115630_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115630>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6327_](<https://vulners.com/cve/CVE-2016-6327>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6198_](<https://vulners.com/cve/CVE-2016-6198>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service. A local attacker could exploit this vulnerability using rename syscall on overlayfs on top of xfs to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6136_](<https://vulners.com/cve/CVE-2016-6136>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114719_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114719>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5829_](<https://vulners.com/cve/CVE-2016-5829>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)\n\n**CVEID:** [_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-5412_](<https://vulners.com/cve/CVE-2016-5412>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116181_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116181>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4794_](<https://vulners.com/cve/CVE-2016-4794>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in array_map_alloc. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4581_](<https://vulners.com/cve/CVE-2016-4581>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4578_](<https://vulners.com/cve/CVE-2016-4578>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3699_](<https://vulners.com/cve/CVE-2016-3699>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system. By appending ACPI tables to the initrd, an attacker could exploit this vulnerability to bypass intended Secure Boot restrictions and execute arbitrary code on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118241_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118241>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-4569_](<https://vulners.com/cve/CVE-2016-4569>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2384_](<https://vulners.com/cve/CVE-2016-2384>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110587_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110587>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-2069_](<https://vulners.com/cve/CVE-2016-2069>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in arch/x86/mm/tlb.c. By triggering access to a paging structure by a different CPU, a local attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113822_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113822>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2053_](<https://vulners.com/cve/CVE-2016-2053>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the asn1_ber_decoder function. A remote attacker could exploit this vulnerability using an ASN.1 BER file that lacks a public key to cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114430_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114430>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8812_](<https://vulners.com/cve/CVE-2015-8812>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110574_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110574>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8746_](<https://vulners.com/cve/CVE-2015-8746>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109545_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109545>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8543_](<https://vulners.com/cve/CVE-2015-8543>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109383_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109383>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8374_](<https://vulners.com/cve/CVE-2015-8374>)** \nDESCRIPTION:** Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a information leak when truncating compressed/inlined extents on BTRFS. An attacker could exploit this vulnerability to obtain the truncated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108371_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108371>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2013-4312_](<https://vulners.com/cve/CVE-2013-4312>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3070_](<https://vulners.com/cve/CVE-2016-3070>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116338_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116338>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \nIBM FlashSystem V9000 \nIBM Spectrum Virtualize Software \nIBM Spectrum Virtualize for Public Cloud \n \nAll products are affected when running supported versions 7.6 to 8.1.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM FlashSystem V9000, IBM Spectrum Virtualize Software, and IBM Spectrum Virtualize for Public Cloud to the following code levels or higher: \n \n7.7.1.9 \n7.8.1.6 \n8.1.1.2 \n8.1.2.1 \n \n[_Latest IBM SAN Volume Controller Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Storage%20virtualization&product=ibm/StorageSoftware/SAN+Volume+Controller+\\(2145\\)&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V7000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V7000+\\(2076\\)&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V5000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V5000&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V3700 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3700&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V3500 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3500&release=All&platform=All&function=all>) \n[_Latest IBM FlashSystem V9000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>) \n[_Latest IBM Spectrum Virtualize Software_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+software&release=8.1&platform=All&function=all>) \n[_Latest IBM Spectrum Virtualize for Public Cloud_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>) \n \nFor unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of code.\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-10229", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7117"], "modified": "2023-03-29T01:48:02", "id": "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484", "href": "https://www.ibm.com/support/pages/node/650901", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:49:47", "description": "## Summary\n\nIBM Security Access Manager Appliance has addressed the following kernel vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-10229_](<https://vulners.com/cve/CVE-2016-10229>)** \nDESCRIPTION: **Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2016-6480_](<https://vulners.com/cve/CVE-2016-6480>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115630_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115630>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2016-6327_](<https://vulners.com/cve/CVE-2016-6327>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-6198_](<https://vulners.com/cve/CVE-2016-6198>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service. A local attacker could exploit this vulnerability using rename syscall on overlayfs on top of xfs to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-6136_](<https://vulners.com/cve/CVE-2016-6136>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114719_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114719>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2016-5829_](<https://vulners.com/cve/CVE-2016-5829>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L) \n** \nCVEID: **[_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-5412_](<https://vulners.com/cve/CVE-2016-5412>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116181_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116181>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-4581_](<https://vulners.com/cve/CVE-2016-4581>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-4578_](<https://vulners.com/cve/CVE-2016-4578>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2016-3699_](<https://vulners.com/cve/CVE-2016-3699>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system. By appending ACPI tables to the initrd, an attacker could exploit this vulnerability to bypass intended Secure Boot restrictions and execute arbitrary code on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118241_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118241>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2016-4569_](<https://vulners.com/cve/CVE-2016-4569>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2016-3841_](<https://vulners.com/cve/CVE-2016-3841>)** \nDESCRIPTION: **Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the IPv6 stack in the Linux Kernel. By using a specially-crafted sendmsg system call, an attacker could exploit this vulnerability to gain elevated privileges on the system or cause a denial of service. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115983_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115983>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-2384_](<https://vulners.com/cve/CVE-2016-2384>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110587_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110587>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2016-2117_](<https://vulners.com/cve/CVE-2016-2117>)** \nDESCRIPTION: **Atheros Linux wireless drivers could allow a remote attacker to obtain sensitive information, caused by the failure to check scatter/gather IO. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111533_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111533>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2016-2069_](<https://vulners.com/cve/CVE-2016-2069>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in arch/x86/mm/tlb.c. By triggering access to a paging structure by a different CPU, a local attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113822_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113822>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2016-2053_](<https://vulners.com/cve/CVE-2016-2053>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error in the asn1_ber_decoder function. A remote attacker could exploit this vulnerability using an ASN.1 BER file that lacks a public key to cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114430_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114430>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L) \n** \nCVEID: **[_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2015-8812_](<https://vulners.com/cve/CVE-2015-8812>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110574_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110574>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2015-8746_](<https://vulners.com/cve/CVE-2015-8746>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109545_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109545>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2015-8543_](<https://vulners.com/cve/CVE-2015-8543>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109383_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109383>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2015-8374_](<https://vulners.com/cve/CVE-2015-8374>)** \nDESCRIPTION: **Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a information leak when truncating compressed/inlined extents on BTRFS. An attacker could exploit this vulnerability to obtain the truncated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108371_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108371>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2013-4312_](<https://vulners.com/cve/CVE-2013-4312>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n** \nCVEID: **[_CVE-2016-3070_](<https://vulners.com/cve/CVE-2016-3070>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116338_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116338>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Security Access Manager Appliance**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Access Manager| 9.0.3.0 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nIBM Security Access Manager| 9.0.3.0| IJ00123| Upgrade to 9.0.3.1: \n[_9.0.3-ISS-ISAM-FP0001_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:03:41", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-10229", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2018-06-16T22:03:41", "id": "2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF", "href": "https://www.ibm.com/support/pages/node/299295", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:50:31", "description": "## Summary\n\nThere are multiple vulnerabilities in Linux Kernel used by IBM QRadar Network Security. IBM QRadar Network Security has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6480_](<https://vulners.com/cve/CVE-2016-6480>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115630_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115630>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-6327_](<https://vulners.com/cve/CVE-2016-6327>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6198_](<https://vulners.com/cve/CVE-2016-6198>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service. A local attacker could exploit this vulnerability using rename syscall on overlayfs on top of xfs to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6136_](<https://vulners.com/cve/CVE-2016-6136>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114719_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114719>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5829_](<https://vulners.com/cve/CVE-2016-5829>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)\n\n**CVEID:** [_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-5412_](<https://vulners.com/cve/CVE-2016-5412>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116181_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116181>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4794_](<https://vulners.com/cve/CVE-2016-4794>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in array_map_alloc. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4581_](<https://vulners.com/cve/CVE-2016-4581>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4578_](<https://vulners.com/cve/CVE-2016-4578>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3699_](<https://vulners.com/cve/CVE-2016-3699>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system. By appending ACPI tables to the initrd, an attacker could exploit this vulnerability to bypass intended Secure Boot restrictions and execute arbitrary code on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118241_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118241>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-4569_](<https://vulners.com/cve/CVE-2016-4569>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3841_](<https://vulners.com/cve/CVE-2016-3841>)** \nDESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the IPv6 stack in the Linux Kernel. By using a specially-crafted sendmsg system call, an attacker could exploit this vulnerability to gain elevated privileges on the system or cause a denial of service. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115983_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115983>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2384_](<https://vulners.com/cve/CVE-2016-2384>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110587_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110587>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-2117_](<https://vulners.com/cve/CVE-2016-2117>)** \nDESCRIPTION:** Atheros Linux wireless drivers could allow a remote attacker to obtain sensitive information, caused by the failure to check scatter/gather IO. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111533_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111533>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2069_](<https://vulners.com/cve/CVE-2016-2069>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in arch/x86/mm/tlb.c. By triggering access to a paging structure by a different CPU, a local attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113822_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113822>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2053_](<https://vulners.com/cve/CVE-2016-2053>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the asn1_ber_decoder function. A remote attacker could exploit this vulnerability using an ASN.1 BER file that lacks a public key to cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114430_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114430>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8812_](<https://vulners.com/cve/CVE-2015-8812>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110574_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110574>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8746_](<https://vulners.com/cve/CVE-2015-8746>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109545_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109545>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8543_](<https://vulners.com/cve/CVE-2015-8543>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109383_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109383>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8374_](<https://vulners.com/cve/CVE-2015-8374>)** \nDESCRIPTION:** Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a information leak when truncating compressed/inlined extents on BTRFS. An attacker could exploit this vulnerability to obtain the truncated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108371_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108371>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2013-4312_](<https://vulners.com/cve/CVE-2013-4312>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3070_](<https://vulners.com/cve/CVE-2016-3070>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116338_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116338>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.2 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.2 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:00:56", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2018-06-16T22:00:56", "id": "B7EDA2450D13E204B60C3A3E7379E6FCCD587CB32FEB5041ADDA6CB8E3C44FC3", "href": "https://www.ibm.com/support/pages/node/562779", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:52:09", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9604_](<https://vulners.com/cve/CVE-2016-9604>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the built-in keyrings for security tokens. By adding a new public key of its own devising to the keyring, an attacker could exploit this vulnerability to bypass module signature verification and gain direct access to an internal keyring. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125570_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125570>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2017-6951_](<https://vulners.com/cve/CVE-2017-6951>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the keyring_search_aux function in security/keys/keyring.c. By using a request_key system call for the \"dead\" type, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/123423_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123423>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-7472_](<https://vulners.com/cve/CVE-2017-7472>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the leaking of a thread keyring by the keyctl_set_reqkey_keyring(). A local authenticated attacker could exploit this vulnerability to exhaust all available kernel memory. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125573_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125573>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6213_](<https://vulners.com/cve/CVE-2016-6213>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the mount table. By overflowing kernel mount table using shared bind mount, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114989_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114989>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-8632_](<https://vulners.com/cve/CVE-2016-8632>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper validation of maximum packet size and minimum fragment length by tipc_msg_build function in net/tipc/msg.c. By leveraging the CAP_NET_ADMIN capability, a local attacker could gain privileges and cause a denial of service. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119633_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119633>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n \n**CVEID:** [_CVE-2016-10229_](<https://vulners.com/cve/CVE-2016-10229>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-6480_](<https://vulners.com/cve/CVE-2016-6480>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115630_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115630>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6327_](<https://vulners.com/cve/CVE-2016-6327>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6136_](<https://vulners.com/cve/CVE-2016-6136>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114719_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114719>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5829_](<https://vulners.com/cve/CVE-2016-5829>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)\n\n**CVEID:** [_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-5412_](<https://vulners.com/cve/CVE-2016-5412>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116181_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116181>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4794_](<https://vulners.com/cve/CVE-2016-4794>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in array_map_alloc. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4581_](<https://vulners.com/cve/CVE-2016-4581>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4578_](<https://vulners.com/cve/CVE-2016-4578>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-4569_](<https://vulners.com/cve/CVE-2016-4569>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3841_](<https://vulners.com/cve/CVE-2016-3841>)** \nDESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the IPv6 stack in the Linux Kernel. By using a specially-crafted sendmsg system call, an attacker could exploit this vulnerability to gain elevated privileges on the system or cause a denial of service. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115983_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115983>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2384_](<https://vulners.com/cve/CVE-2016-2384>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110587_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110587>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-2117_](<https://vulners.com/cve/CVE-2016-2117>)** \nDESCRIPTION:** Atheros Linux wireless drivers could allow a remote attacker to obtain sensitive information, caused by the failure to check scatter/gather IO. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111533_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111533>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8812_](<https://vulners.com/cve/CVE-2015-8812>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110574_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110574>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8746_](<https://vulners.com/cve/CVE-2015-8746>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109545_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109545>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8543_](<https://vulners.com/cve/CVE-2015-8543>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109383_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109383>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2013-4312_](<https://vulners.com/cve/CVE-2013-4312>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3070_](<https://vulners.com/cve/CVE-2016-3070>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116338_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116338>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n \n**CVEID:** [_CVE-2017-1000365_](<https://vulners.com/cve/CVE-2017-1000365>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by the failure to take the argument and environment pointers into account when imposing a size restriction. An attacker could exploit this vulnerability to bypass the limitation and perform unauthorized actions. \nCVSS Base Score: 2.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127531_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127531>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1 \n\nNote that PowerKVM v2.1 is not vulnerable to CVE-2016-6213.\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 8.\n\n \n \nFor version 2.1, see [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>). This issue is addressed starting with PowerKVM 2.1.1.3-65 update 17. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n \nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. \n\n## Workarounds and Mitigations\n\nCustomers using v2.1 can work around the problem by upgrading to the fixed version of v3.1.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:36:15", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-10229", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6213", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-8632", "CVE-2016-9604", "CVE-2017-1000365", "CVE-2017-6951", "CVE-2017-7472"], "modified": "2018-06-18T01:36:15", "id": "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "href": "https://www.ibm.com/support/pages/node/631229", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-08-23T20:45:55", "description": "**CentOS Errata and Security Advisory** CESA-2016:2574\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-November/023189.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2574", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-25T15:59:02", "type": "centos", "title": "kernel, perf, python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2016-11-25T15:59:02", "id": "CESA-2016:2574", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2016-November/023189.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2016-6327
