ID CVE-2017-5986 Type cve Reporter cve@mitre.org Modified 2019-10-03T00:03:00
Description
Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.
{"nessus": [{"lastseen": "2021-01-01T06:44:55", "description": "Alexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-04-25T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerability (USN-3264-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3264-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99655", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3264-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99655);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2017-5986\");\n script_xref(name:\"USN\", value:\"3264-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerability (USN-3264-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3264-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5986\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3264-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-117-generic\", pkgver:\"3.13.0-117.164\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-117-generic-lpae\", pkgver:\"3.13.0-117.164\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-117-lowlatency\", pkgver:\"3.13.0-117.164\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.117.127\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.117.127\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.117.127\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T06:44:56", "description": "USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-04-25T00:00:00", "title": "Ubuntu 16.04 LTS : linux-hwe vulnerability (USN-3266-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae"], "id": "UBUNTU_USN-3266-2.NASL", "href": "https://www.tenable.com/plugins/nessus/99660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3266-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99660);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2017-5986\");\n script_xref(name:\"USN\", value:\"3266-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe vulnerability (USN-3266-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3266-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5986\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3266-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-49-generic\", pkgver:\"4.8.0-49.52~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-49-generic-lpae\", pkgver:\"4.8.0-49.52~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.8.0-49-lowlatency\", pkgver:\"4.8.0-49.52~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.8.0.49.21\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.8.0.49.21\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.8.0.49.21\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T06:44:55", "description": "USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 LTS.\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-04-25T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-3264-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-3264-2.NASL", "href": "https://www.tenable.com/plugins/nessus/99656", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3264-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99656);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2017-5986\");\n script_xref(name:\"USN\", value:\"3264-2\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-3264-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 LTS.\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3264-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5986\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3264-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-117-generic\", pkgver:\"3.13.0-117.164~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-117-generic-lpae\", pkgver:\"3.13.0-117.164~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lpae-lts-trusty\", pkgver:\"3.13.0.117.108\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-lts-trusty\", pkgver:\"3.13.0.117.108\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T06:44:55", "description": "Alexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2017-04-25T00:00:00", "title": "Ubuntu 16.10 : linux, linux-raspi2 vulnerability (USN-3266-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "cpe:/o:canonical:ubuntu_linux:16.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3266-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99659", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3266-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99659);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2017-5986\");\n script_xref(name:\"USN\", value:\"3266-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux, linux-raspi2 vulnerability (USN-3266-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3266-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5986\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3266-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1035-raspi2\", pkgver:\"4.8.0-1035.38\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-49-generic\", pkgver:\"4.8.0-49.52\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-49-generic-lpae\", pkgver:\"4.8.0-49.52\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-49-lowlatency\", pkgver:\"4.8.0-49.52\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.49.61\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.49.61\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.49.61\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1035.39\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-07T10:15:20", "description": "The 4.9.9 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-15T00:00:00", "title": "Fedora 25 : kernel (2017-fb89ca752a)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986", "CVE-2017-5897"], "modified": "2017-02-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-FB89CA752A.NASL", "href": "https://www.tenable.com/plugins/nessus/97182", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-fb89ca752a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97182);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5897\", \"CVE-2017-5986\");\n script_xref(name:\"FEDORA\", value:\"2017-fb89ca752a\");\n\n script_name(english:\"Fedora 25 : kernel (2017-fb89ca752a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.9.9 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-fb89ca752a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5897\", \"CVE-2017-5986\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-fb89ca752a\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.9.9-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:11:57", "description": "The 4.9.9. update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 23, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-15T00:00:00", "title": "Fedora 24 : kernel (2017-92d84f68cf)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986", "CVE-2017-5897"], "modified": "2017-02-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-92D84F68CF.NASL", "href": "https://www.tenable.com/plugins/nessus/97173", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-92d84f68cf.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97173);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5897\", \"CVE-2017-5986\");\n script_xref(name:\"FEDORA\", value:\"2017-92d84f68cf\");\n\n script_name(english:\"Fedora 24 : kernel (2017-92d84f68cf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.9.9. update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-92d84f68cf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5897\", \"CVE-2017-5986\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-92d84f68cf\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.9.9-100.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:19:33", "description": "Possible double free in stcp_sendmsg() (incorrect fix for\nCVE-2017-5986) :\n\nIt was found that the code in net/sctp/socket.c in the Linux kernel\nthrough 4.10.1 does not properly restrict association peel-off\noperations during certain wait states, which allows local users to\ncause a denial of service (invalid unlock and double free) via a\nmultithreaded application. This vulnerability was introduced by\nCVE-2017-5986 fix (commit 2dcab5984841).\n\nReachable BUG_ON from userspace in sctp_wait_for_sndbuf :\n\nIt was reported that with Linux kernel, earlier than version\nv4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf\nif the socket tx buffer is full, a thread is waiting on it to queue\nmore data, and meanwhile another thread peels off the association\nbeing used by the first thread. (CVE-2017-5986)\n\nShmat allows mmap null page protection bypass :\n\nThe do_shmat function in ipc/shm.c in the Linux kernel, through\n4.9.12, does not restrict the address calculated by a certain rounding\noperation. This allows privileged local users to map page zero and,\nconsequently, bypass a protection mechanism that exists for the mmap\nsystem call. This is possible by making crafted shmget and shmat\nsystem calls in a privileged context. (CVE-2017-5669)", "edition": 23, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-18T00:00:00", "title": "Amazon Linux AMI : kernel (ALAS-2017-814)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6353"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:kernel-headers", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-814.NASL", "href": "https://www.tenable.com/plugins/nessus/99418", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-814.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99418);\n script_version(\"3.2\");\n script_cvs_date(\"Date: 2018/04/18 15:09:36\");\n\n script_cve_id(\"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6353\");\n script_xref(name:\"ALAS\", value:\"2017-814\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-814)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Possible double free in stcp_sendmsg() (incorrect fix for\nCVE-2017-5986) :\n\nIt was found that the code in net/sctp/socket.c in the Linux kernel\nthrough 4.10.1 does not properly restrict association peel-off\noperations during certain wait states, which allows local users to\ncause a denial of service (invalid unlock and double free) via a\nmultithreaded application. This vulnerability was introduced by\nCVE-2017-5986 fix (commit 2dcab5984841).\n\nReachable BUG_ON from userspace in sctp_wait_for_sndbuf :\n\nIt was reported that with Linux kernel, earlier than version\nv4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf\nif the socket tx buffer is full, a thread is waiting on it to queue\nmore data, and meanwhile another thread peels off the association\nbeing used by the first thread. (CVE-2017-5986)\n\nShmat allows mmap null page protection bypass :\n\nThe do_shmat function in ipc/shm.c in the Linux kernel, through\n4.9.12, does not restrict the address calculated by a certain rounding\noperation. This allows privileged local users to map page zero and,\nconsequently, bypass a protection mechanism that exists for the mmap\nsystem call. This is possible by making crafted shmget and shmat\nsystem calls in a privileged context. (CVE-2017-5669)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-814.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.20-10.30.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.20-10.30.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-01T01:06:55", "description": "An update of the linux package has been released.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Linux PHSA-2017-0006", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6074", "CVE-2017-5953", "CVE-2017-5986"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0006_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121672", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0006. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121672);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/02 21:54:17\");\n\n script_cve_id(\"CVE-2017-5986\", \"CVE-2017-6074\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2017-0006\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-26.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5953\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.51-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-debuginfo-4.4.51-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-02-08T12:48:10", "description": "An update of [linux,vim] packages for PhotonOS has been released.", "edition": 6, "published": "2018-08-17T00:00:00", "title": "Photon OS 1.0: Linux / Vim PHSA-2017-0006 (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6074", "CVE-2017-5953", "CVE-2017-5986"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "p-cpe:/a:vmware:photonos:vim", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111855", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0006. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111855);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2017-5953\", \"CVE-2017-5986\", \"CVE-2017-6074\");\n\n script_name(english:\"Photon OS 1.0: Linux / Vim PHSA-2017-0006 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [linux,vim] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-26\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c02e8b6a\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5953\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.51-1.ph1\",\n \"linux-api-headers-4.4.51-1.ph1\",\n \"linux-debuginfo-4.4.51-1.ph1\",\n \"linux-dev-4.4.51-1.ph1\",\n \"linux-docs-4.4.51-1.ph1\",\n \"linux-drivers-gpu-4.4.51-1.ph1\",\n \"linux-esx-4.4.51-1.ph1\",\n \"linux-esx-debuginfo-4.4.51-1.ph1\",\n \"linux-esx-devel-4.4.51-1.ph1\",\n \"linux-esx-docs-4.4.51-1.ph1\",\n \"linux-oprofile-4.4.51-1.ph1\",\n \"linux-sound-4.4.51-1.ph1\",\n \"linux-tools-4.4.51-1.ph1\",\n \"linux-tools-debuginfo-4.4.51-1.ph1\",\n \"vim-7.4-7.ph1\",\n \"vim-extra-7.4-7.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux / vim\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-09-14T16:36:52", "description": "The openSUSE Leap 42.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to cause a denial of\n service (invalid free) or possibly have unspecified\n other impact via an application that made an\n IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n\n - CVE-2017-5986: Race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bnc#1025235).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed\n attackers to cause a denial of service (system crash)\n via (1) an application that made crafted system calls or\n possibly (2) IPv4 traffic with invalid IP options\n (bnc#1024938).\n\n - CVE-2017-5897: A potential remote denial of service\n within the IPv6 GRE protocol was fixed. (bsc#1023762)\n\nThe following non-security bugs were fixed :\n\n - btrfs: support NFSv2 export (bnc#929871).\n\n - btrfs: Direct I/O: Fix space accounting (bsc#1025058).\n\n - btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation\n (bsc#1025069).\n\n - btrfs: bail out if block group has different mixed flag\n (bsc#1025072).\n\n - btrfs: be more precise on errors when getting an inode\n from disk (bsc#981038).\n\n - btrfs: check pending chunks when shrinking fs to avoid\n corruption (bnc#936445).\n\n - btrfs: check prepare_uptodate_page() error code earlier\n (bnc#966910).\n\n - btrfs: do not BUG() during drop snapshot (bsc#1025076).\n\n - btrfs: do not collect ordered extents when logging that\n inode exists (bsc#977685).\n\n - btrfs: do not initialize a space info as full to prevent\n ENOSPC (bnc#944001).\n\n - btrfs: do not leak reloc root nodes on error\n (bsc#1025074).\n\n - btrfs: fix block group ->space_info NULL pointer\n dereference (bnc#935088).\n\n - btrfs: fix chunk allocation regression leading to\n transaction abort (bnc#938550).\n\n - btrfs: fix crash on close_ctree() if cleaner starts new\n transaction (bnc#938891).\n\n - btrfs: fix deadlock between direct IO reads and buffered\n writes (bsc#973855).\n\n - btrfs: fix deadlock between direct IO write and\n defrag/readpages (bnc#965344).\n\n - btrfs: fix device replace of a missing RAID 5/6 device\n (bsc#1025057).\n\n - btrfs: fix empty symlink after creating symlink and\n fsync parent dir (bsc#977685).\n\n - btrfs: fix extent accounting for partial direct IO\n writes (bsc#1025062).\n\n - btrfs: fix file corruption after cloning inline extents\n (bnc#942512).\n\n - btrfs: fix file loss on log replay after renaming a file\n and fsync (bsc#977685).\n\n - btrfs: fix file read corruption after extent cloning and\n fsync (bnc#946902).\n\n - btrfs: fix fitrim discarding device area reserved for\n boot loader's use (bsc#904489).\n\n - btrfs: fix for incorrect directory entries after fsync\n log replay (bsc#957805, bsc#977685).\n\n - btrfs: fix hang when failing to submit bio of directIO\n (bnc#942685).\n\n - btrfs: fix incremental send failure caused by balance\n (bsc#985850).\n\n - btrfs: fix invalid page accesses in extent_same (dedup)\n ioctl (bnc#968230).\n\n - btrfs: fix listxattrs not listing all xattrs packed in\n the same item (bsc#1025063).\n\n - btrfs: fix loading of orphan roots leading to BUG_ON\n (bsc#972844).\n\n - btrfs: fix memory corruption on failure to submit bio\n for direct IO (bnc#942685).\n\n - btrfs: fix memory leak in do_walk_down (bsc#1025075).\n\n - btrfs: fix memory leak in reading btree blocks\n (bsc#1025071).\n\n - btrfs: fix order by which delayed references are run\n (bnc#949440).\n\n - btrfs: fix page reading in extent_same ioctl leading to\n csum errors (bnc#968230).\n\n - btrfs: fix qgroup rescan worker initialization\n (bsc#1025077).\n\n - btrfs: fix qgroup sanity tests (bnc#951615).\n\n - btrfs: fix race between balance and unused block group\n deletion (bnc#938892).\n\n - btrfs: fix race between fsync and lockless direct IO\n writes (bsc#977685).\n\n - btrfs: fix race waiting for qgroup rescan worker\n (bnc#960300).\n\n - btrfs: fix regression running delayed references when\n using qgroups (bnc#951615).\n\n - btrfs: fix regression when running delayed references\n (bnc#951615).\n\n - btrfs: fix relocation incorrectly dropping data\n references (bsc#990384).\n\n - btrfs: fix shrinking truncate when the no_holes feature\n is enabled (bsc#1025053).\n\n - btrfs: fix sleeping inside atomic context in qgroup\n rescan worker (bnc#960300).\n\n - btrfs: fix stale dir entries after removing a link and\n fsync (bnc#942925).\n\n - btrfs: fix unreplayable log after snapshot delete +\n parent dir fsync (bsc#977685).\n\n - btrfs: fix warning in backref walking (bnc#966278).\n\n - btrfs: fix warning of bytes_may_use (bsc#1025065).\n\n - btrfs: fix wrong check for btrfs_force_chunk_alloc()\n (bnc#938550).\n\n - btrfs: handle quota reserve failure properly\n (bsc#1005666).\n\n - btrfs: incremental send, check if orphanized dir inode\n needs delayed rename (bsc#1025049).\n\n - btrfs: incremental send, do not delay directory renames\n unnecessarily (bsc#1025048).\n\n - btrfs: incremental send, fix clone operations for\n compressed extents (fate#316463).\n\n - btrfs: incremental send, fix premature rmdir operations\n (bsc#1025064).\n\n - btrfs: keep dropped roots in cache until transaction\n commit (bnc#935087, bnc#945649, bnc#951615).\n\n - btrfs: remove misleading handling of missing device\n scrub (bsc#1025055).\n\n - btrfs: remove unnecessary locking of cleaner_mutex to\n avoid deadlock (bsc#904489).\n\n - btrfs: return gracefully from balance if fs tree is\n corrupted (bsc#1025073).\n\n - btrfs: send, do not bug on inconsistent snapshots\n (bsc#985850).\n\n - btrfs: send, fix corner case for reference overwrite\n detection (bsc#1025080).\n\n - btrfs: send, fix file corruption due to incorrect\n cloning operations (bsc#1025060).\n\n - btrfs: set UNWRITTEN for prealloc'ed extents in fiemap\n (bsc#1025047).\n\n - btrfs: test_check_exists: Fix infinite loop when\n searching for free space entries (bsc#987192).\n\n - btrfs: use btrfs_get_fs_root in resolve_indirect_ref\n (bnc#935087, bnc#945649).\n\n - btrfs: use received_uuid of parent during send\n (bsc#1025051).\n\n - btrfs: wake up extent state waiters on unlock through\n clear_extent_bits (bsc#1025050).\n\n - btrfs: Add handler for invalidate page (bsc#963193).\n\n - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).\n\n - btrfs: Avoid truncate tailing page if fallocate range\n does not exceed inode size (bsc#1025059).\n\n - btrfs: Continue write in case of can_not_nocow\n (bsc#1025070).\n\n - btrfs: Ensure proper sector alignment for\n btrfs_free_reserved_data_space (bsc#1005666).\n\n - btrfs: Export and move leaf/subtree qgroup helpers to\n qgroup.c (bsc#983087).\n\n - btrfs: Fix a data space underflow warning (bsc#985562,\n bsc#975596, bsc#984779).\n\n - btrfs: Handle unaligned length in extent_same\n (bsc#937609).\n\n - btrfs: abort transaction on btrfs_reloc_cow_block()\n (bsc#1025081).\n\n - btrfs: add missing discards when unpinning extents with\n -o discard (bsc#904489).\n\n - btrfs: advertise which crc32c implementation is being\n used on mount (bsc#946057).\n\n - btrfs: allow dedupe of same inode (bsc#1025067).\n\n - btrfs: backref: Add special time_seq == (u64)-1 case for\n btrfs_find_all_roots() (bnc#935087, bnc#945649).\n\n - btrfs: backref: Do not merge refs which are not for same\n block (bnc#935087, bnc#945649).\n\n - btrfs: btrfs_issue_discard ensure offset/length are\n aligned to sector boundaries (bsc#904489).\n\n - btrfs: change max_inline default to 2048 (bsc#949472).\n\n - btrfs: delayed-ref: Cleanup the unneeded functions\n (bnc#935087, bnc#945649).\n\n - btrfs: delayed-ref: Use list to replace the ref_root in\n ref_head (bnc#935087, bnc#945649).\n\n - btrfs: delayed-ref: double free in\n btrfs_add_delayed_tree_ref() (bsc#1025079).\n\n - btrfs: delayed_ref: Add new function to record reserved\n space into delayed ref (bsc#963193).\n\n - btrfs: delayed_ref: release and free qgroup reserved at\n proper timing (bsc#963193).\n\n - btrfs: disable defrag of tree roots.\n\n - btrfs: do not create or leak aliased root while cleaning\n up orphans (bsc#994881).\n\n - btrfs: do not update mtime/ctime on deduped inodes\n (bsc#937616).\n\n - btrfs: explictly delete unused block groups in\n close_ctree and ro-remount (bsc#904489).\n\n - btrfs: extent-tree: Add new version of\n btrfs_check_data_free_space and\n btrfs_free_reserved_data_space (bsc#963193).\n\n - btrfs: extent-tree: Add new version of\n btrfs_delalloc_reserve/release_space (bsc#963193).\n\n - btrfs: extent-tree: Switch to new check_data_free_space\n and free_reserved_data_space (bsc#963193).\n\n - btrfs: extent-tree: Switch to new delalloc space reserve\n and release (bsc#963193).\n\n - btrfs: extent-tree: Use ref_node to replace unneeded\n parameters in __inc_extent_ref() and __free_extent()\n (bnc#935087, bnc#945649).\n\n - btrfs: extent_io: Introduce needed structure for\n recoding set/clear bits (bsc#963193).\n\n - btrfs: extent_io: Introduce new function\n clear_record_extent_bits() (bsc#963193).\n\n - btrfs: extent_io: Introduce new function\n set_record_extent_bits (bsc#963193).\n\n - btrfs: fallocate: Add support to accurate qgroup reserve\n (bsc#963193).\n\n - btrfs: fix btrfs_compat_ioctl failures on non-compat\n ioctls (bsc#1018100).\n\n - btrfs: fix clone / extent-same deadlocks (bsc#937612).\n\n - btrfs: fix deadlock with extent-same and readpage\n (bsc#937612).\n\n - btrfs: fix resending received snapshot with parent\n (bsc#1025061).\n\n - btrfs: handle non-fatal errors in btrfs_qgroup_inherit()\n (bsc#972951).\n\n - btrfs: increment ctx->pos for every emitted or skipped\n dirent in readdir (bsc#981709).\n\n - btrfs: iterate over unused chunk space in FITRIM\n (bsc#904489).\n\n - btrfs: make btrfs_issue_discard return bytes discarded\n (bsc#904489).\n\n - btrfs: make file clone aware of fatal signals\n (bsc#1015787).\n\n - btrfs: pass unaligned length to btrfs_cmp_data()\n (bsc#937609).\n\n - btrfs: properly track when rescan worker is running\n (bsc#989953).\n\n - btrfs: provide super_operations->inode_get_dev\n (bsc#927455).\n\n - btrfs: qgroup: Add function qgroup_update_counters()\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Add function qgroup_update_refcnt()\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Add handler for NOCOW and inline\n (bsc#963193).\n\n - btrfs: qgroup: Add new function to record old_roots\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Add new qgroup calculation function\n btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Add new trace point for qgroup data\n reserve (bsc#963193).\n\n - btrfs: qgroup: Add the ability to skip given qgroup for\n old/new_roots (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Avoid calling\n btrfs_free_reserved_data_space in clear_bit_hook\n (bsc#963193).\n\n - btrfs: qgroup: Check if qgroup reserved space leaked\n (bsc#963193).\n\n - btrfs: qgroup: Cleanup old inaccurate facilities\n (bsc#963193).\n\n - btrfs: qgroup: Cleanup open-coded old/new_refcnt update\n and read (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Cleanup the old ref_node-oriented\n mechanism (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Do not copy extent buffer to do qgroup\n rescan (bnc#960300).\n\n - btrfs: qgroup: Fix a race in delayed_ref which leads to\n abort trans (bsc#963193).\n\n - btrfs: qgroup: Fix a rebase bug which will cause qgroup\n double free (bsc#963193).\n\n - btrfs: qgroup: Fix a regression in qgroup reserved space\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Fix qgroup accounting when creating\n snapshot (bsc#972993).\n\n - btrfs: qgroup: Fix qgroup data leaking by using subtree\n tracing (bsc#983087).\n\n - btrfs: qgroup: Introduce btrfs_qgroup_reserve_data\n function (bsc#963193).\n\n - btrfs: qgroup: Introduce functions to release/free\n qgroup reserve data space (bsc#963193).\n\n - btrfs: qgroup: Introduce new functions to reserve/free\n metadata (bsc#963193).\n\n - btrfs: qgroup: Make snapshot accounting work with new\n extent-oriented qgroup (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Record possible quota-related extent for\n qgroup (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Switch rescan to new mechanism\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Switch self test to extent-oriented\n qgroup mechanism (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Switch to new extent-oriented qgroup\n mechanism (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Use new metadata reservation\n (bsc#963193).\n\n - btrfs: qgroup: account shared subtree during snapshot\n delete (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: exit the rescan worker during umount\n (bnc#960300).\n\n - btrfs: qgroup: fix quota disable during rescan\n (bnc#960300).\n\n - btrfs: remove old tree_root dirent processing in\n btrfs_real_readdir() (bsc#981709).\n\n - btrfs: serialize subvolume mounts with potentially\n mismatching rw flags (bsc#951844).\n\n - btrfs: skip superblocks during discard (bsc#904489).\n\n - btrfs: syslog when quota is disabled.\n\n - btrfs: syslog when quota is enabled\n\n - btrfs: ulist: Add ulist_del() function (bnc#935087,\n bnc#945649).\n\n - btrfs: use the new VFS super_block_dev (bnc#865869).\n\n - btrfs: waiting on qgroup rescan should not always be\n interruptible (bsc#992712).\n\n - fs/super.c: add new super block sub devices\n super_block_dev (bnc#865869).\n\n - fs/super.c: fix race between freeze_super() and\n thaw_super() (bsc#1025066).\n\n - kabi: only use sops->get_inode_dev with proper fsflag\n (bsc#927455).\n\n - qgroup: Prevent qgroup->reserved from going subzero\n (bsc#993841).\n\n - vfs: add super_operations->get_inode_dev (bsc#927455).\n\n - xfs: do not allow di_size with high bit set\n (bsc#1024234).\n\n - xfs: exclude never-released buffers from buftarg I/O\n accounting (bsc#1024508).\n\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n\n - xfs: fix up xfs_swap_extent_forks inline extent handling\n (bsc#1023888).\n\n - xfs: track and serialize in-flight async buffers against\n unmount - kABI (bsc#1024508).\n\n - xfs: track and serialize in-flight async buffers against\n unmount (bsc#1024508).", "edition": 24, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-24T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-287)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6074", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-5897"], "modified": "2017-02-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"], "id": "OPENSUSE-2017-287.NASL", "href": "https://www.tenable.com/plugins/nessus/97367", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-287.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97367);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-287)\");\n script_summary(english:\"Check for the openSUSE-2017-287 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to cause a denial of\n service (invalid free) or possibly have unspecified\n other impact via an application that made an\n IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n\n - CVE-2017-5986: Race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bnc#1025235).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed\n attackers to cause a denial of service (system crash)\n via (1) an application that made crafted system calls or\n possibly (2) IPv4 traffic with invalid IP options\n (bnc#1024938).\n\n - CVE-2017-5897: A potential remote denial of service\n within the IPv6 GRE protocol was fixed. (bsc#1023762)\n\nThe following non-security bugs were fixed :\n\n - btrfs: support NFSv2 export (bnc#929871).\n\n - btrfs: Direct I/O: Fix space accounting (bsc#1025058).\n\n - btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation\n (bsc#1025069).\n\n - btrfs: bail out if block group has different mixed flag\n (bsc#1025072).\n\n - btrfs: be more precise on errors when getting an inode\n from disk (bsc#981038).\n\n - btrfs: check pending chunks when shrinking fs to avoid\n corruption (bnc#936445).\n\n - btrfs: check prepare_uptodate_page() error code earlier\n (bnc#966910).\n\n - btrfs: do not BUG() during drop snapshot (bsc#1025076).\n\n - btrfs: do not collect ordered extents when logging that\n inode exists (bsc#977685).\n\n - btrfs: do not initialize a space info as full to prevent\n ENOSPC (bnc#944001).\n\n - btrfs: do not leak reloc root nodes on error\n (bsc#1025074).\n\n - btrfs: fix block group ->space_info NULL pointer\n dereference (bnc#935088).\n\n - btrfs: fix chunk allocation regression leading to\n transaction abort (bnc#938550).\n\n - btrfs: fix crash on close_ctree() if cleaner starts new\n transaction (bnc#938891).\n\n - btrfs: fix deadlock between direct IO reads and buffered\n writes (bsc#973855).\n\n - btrfs: fix deadlock between direct IO write and\n defrag/readpages (bnc#965344).\n\n - btrfs: fix device replace of a missing RAID 5/6 device\n (bsc#1025057).\n\n - btrfs: fix empty symlink after creating symlink and\n fsync parent dir (bsc#977685).\n\n - btrfs: fix extent accounting for partial direct IO\n writes (bsc#1025062).\n\n - btrfs: fix file corruption after cloning inline extents\n (bnc#942512).\n\n - btrfs: fix file loss on log replay after renaming a file\n and fsync (bsc#977685).\n\n - btrfs: fix file read corruption after extent cloning and\n fsync (bnc#946902).\n\n - btrfs: fix fitrim discarding device area reserved for\n boot loader's use (bsc#904489).\n\n - btrfs: fix for incorrect directory entries after fsync\n log replay (bsc#957805, bsc#977685).\n\n - btrfs: fix hang when failing to submit bio of directIO\n (bnc#942685).\n\n - btrfs: fix incremental send failure caused by balance\n (bsc#985850).\n\n - btrfs: fix invalid page accesses in extent_same (dedup)\n ioctl (bnc#968230).\n\n - btrfs: fix listxattrs not listing all xattrs packed in\n the same item (bsc#1025063).\n\n - btrfs: fix loading of orphan roots leading to BUG_ON\n (bsc#972844).\n\n - btrfs: fix memory corruption on failure to submit bio\n for direct IO (bnc#942685).\n\n - btrfs: fix memory leak in do_walk_down (bsc#1025075).\n\n - btrfs: fix memory leak in reading btree blocks\n (bsc#1025071).\n\n - btrfs: fix order by which delayed references are run\n (bnc#949440).\n\n - btrfs: fix page reading in extent_same ioctl leading to\n csum errors (bnc#968230).\n\n - btrfs: fix qgroup rescan worker initialization\n (bsc#1025077).\n\n - btrfs: fix qgroup sanity tests (bnc#951615).\n\n - btrfs: fix race between balance and unused block group\n deletion (bnc#938892).\n\n - btrfs: fix race between fsync and lockless direct IO\n writes (bsc#977685).\n\n - btrfs: fix race waiting for qgroup rescan worker\n (bnc#960300).\n\n - btrfs: fix regression running delayed references when\n using qgroups (bnc#951615).\n\n - btrfs: fix regression when running delayed references\n (bnc#951615).\n\n - btrfs: fix relocation incorrectly dropping data\n references (bsc#990384).\n\n - btrfs: fix shrinking truncate when the no_holes feature\n is enabled (bsc#1025053).\n\n - btrfs: fix sleeping inside atomic context in qgroup\n rescan worker (bnc#960300).\n\n - btrfs: fix stale dir entries after removing a link and\n fsync (bnc#942925).\n\n - btrfs: fix unreplayable log after snapshot delete +\n parent dir fsync (bsc#977685).\n\n - btrfs: fix warning in backref walking (bnc#966278).\n\n - btrfs: fix warning of bytes_may_use (bsc#1025065).\n\n - btrfs: fix wrong check for btrfs_force_chunk_alloc()\n (bnc#938550).\n\n - btrfs: handle quota reserve failure properly\n (bsc#1005666).\n\n - btrfs: incremental send, check if orphanized dir inode\n needs delayed rename (bsc#1025049).\n\n - btrfs: incremental send, do not delay directory renames\n unnecessarily (bsc#1025048).\n\n - btrfs: incremental send, fix clone operations for\n compressed extents (fate#316463).\n\n - btrfs: incremental send, fix premature rmdir operations\n (bsc#1025064).\n\n - btrfs: keep dropped roots in cache until transaction\n commit (bnc#935087, bnc#945649, bnc#951615).\n\n - btrfs: remove misleading handling of missing device\n scrub (bsc#1025055).\n\n - btrfs: remove unnecessary locking of cleaner_mutex to\n avoid deadlock (bsc#904489).\n\n - btrfs: return gracefully from balance if fs tree is\n corrupted (bsc#1025073).\n\n - btrfs: send, do not bug on inconsistent snapshots\n (bsc#985850).\n\n - btrfs: send, fix corner case for reference overwrite\n detection (bsc#1025080).\n\n - btrfs: send, fix file corruption due to incorrect\n cloning operations (bsc#1025060).\n\n - btrfs: set UNWRITTEN for prealloc'ed extents in fiemap\n (bsc#1025047).\n\n - btrfs: test_check_exists: Fix infinite loop when\n searching for free space entries (bsc#987192).\n\n - btrfs: use btrfs_get_fs_root in resolve_indirect_ref\n (bnc#935087, bnc#945649).\n\n - btrfs: use received_uuid of parent during send\n (bsc#1025051).\n\n - btrfs: wake up extent state waiters on unlock through\n clear_extent_bits (bsc#1025050).\n\n - btrfs: Add handler for invalidate page (bsc#963193).\n\n - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).\n\n - btrfs: Avoid truncate tailing page if fallocate range\n does not exceed inode size (bsc#1025059).\n\n - btrfs: Continue write in case of can_not_nocow\n (bsc#1025070).\n\n - btrfs: Ensure proper sector alignment for\n btrfs_free_reserved_data_space (bsc#1005666).\n\n - btrfs: Export and move leaf/subtree qgroup helpers to\n qgroup.c (bsc#983087).\n\n - btrfs: Fix a data space underflow warning (bsc#985562,\n bsc#975596, bsc#984779).\n\n - btrfs: Handle unaligned length in extent_same\n (bsc#937609).\n\n - btrfs: abort transaction on btrfs_reloc_cow_block()\n (bsc#1025081).\n\n - btrfs: add missing discards when unpinning extents with\n -o discard (bsc#904489).\n\n - btrfs: advertise which crc32c implementation is being\n used on mount (bsc#946057).\n\n - btrfs: allow dedupe of same inode (bsc#1025067).\n\n - btrfs: backref: Add special time_seq == (u64)-1 case for\n btrfs_find_all_roots() (bnc#935087, bnc#945649).\n\n - btrfs: backref: Do not merge refs which are not for same\n block (bnc#935087, bnc#945649).\n\n - btrfs: btrfs_issue_discard ensure offset/length are\n aligned to sector boundaries (bsc#904489).\n\n - btrfs: change max_inline default to 2048 (bsc#949472).\n\n - btrfs: delayed-ref: Cleanup the unneeded functions\n (bnc#935087, bnc#945649).\n\n - btrfs: delayed-ref: Use list to replace the ref_root in\n ref_head (bnc#935087, bnc#945649).\n\n - btrfs: delayed-ref: double free in\n btrfs_add_delayed_tree_ref() (bsc#1025079).\n\n - btrfs: delayed_ref: Add new function to record reserved\n space into delayed ref (bsc#963193).\n\n - btrfs: delayed_ref: release and free qgroup reserved at\n proper timing (bsc#963193).\n\n - btrfs: disable defrag of tree roots.\n\n - btrfs: do not create or leak aliased root while cleaning\n up orphans (bsc#994881).\n\n - btrfs: do not update mtime/ctime on deduped inodes\n (bsc#937616).\n\n - btrfs: explictly delete unused block groups in\n close_ctree and ro-remount (bsc#904489).\n\n - btrfs: extent-tree: Add new version of\n btrfs_check_data_free_space and\n btrfs_free_reserved_data_space (bsc#963193).\n\n - btrfs: extent-tree: Add new version of\n btrfs_delalloc_reserve/release_space (bsc#963193).\n\n - btrfs: extent-tree: Switch to new check_data_free_space\n and free_reserved_data_space (bsc#963193).\n\n - btrfs: extent-tree: Switch to new delalloc space reserve\n and release (bsc#963193).\n\n - btrfs: extent-tree: Use ref_node to replace unneeded\n parameters in __inc_extent_ref() and __free_extent()\n (bnc#935087, bnc#945649).\n\n - btrfs: extent_io: Introduce needed structure for\n recoding set/clear bits (bsc#963193).\n\n - btrfs: extent_io: Introduce new function\n clear_record_extent_bits() (bsc#963193).\n\n - btrfs: extent_io: Introduce new function\n set_record_extent_bits (bsc#963193).\n\n - btrfs: fallocate: Add support to accurate qgroup reserve\n (bsc#963193).\n\n - btrfs: fix btrfs_compat_ioctl failures on non-compat\n ioctls (bsc#1018100).\n\n - btrfs: fix clone / extent-same deadlocks (bsc#937612).\n\n - btrfs: fix deadlock with extent-same and readpage\n (bsc#937612).\n\n - btrfs: fix resending received snapshot with parent\n (bsc#1025061).\n\n - btrfs: handle non-fatal errors in btrfs_qgroup_inherit()\n (bsc#972951).\n\n - btrfs: increment ctx->pos for every emitted or skipped\n dirent in readdir (bsc#981709).\n\n - btrfs: iterate over unused chunk space in FITRIM\n (bsc#904489).\n\n - btrfs: make btrfs_issue_discard return bytes discarded\n (bsc#904489).\n\n - btrfs: make file clone aware of fatal signals\n (bsc#1015787).\n\n - btrfs: pass unaligned length to btrfs_cmp_data()\n (bsc#937609).\n\n - btrfs: properly track when rescan worker is running\n (bsc#989953).\n\n - btrfs: provide super_operations->inode_get_dev\n (bsc#927455).\n\n - btrfs: qgroup: Add function qgroup_update_counters()\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Add function qgroup_update_refcnt()\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Add handler for NOCOW and inline\n (bsc#963193).\n\n - btrfs: qgroup: Add new function to record old_roots\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Add new qgroup calculation function\n btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Add new trace point for qgroup data\n reserve (bsc#963193).\n\n - btrfs: qgroup: Add the ability to skip given qgroup for\n old/new_roots (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Avoid calling\n btrfs_free_reserved_data_space in clear_bit_hook\n (bsc#963193).\n\n - btrfs: qgroup: Check if qgroup reserved space leaked\n (bsc#963193).\n\n - btrfs: qgroup: Cleanup old inaccurate facilities\n (bsc#963193).\n\n - btrfs: qgroup: Cleanup open-coded old/new_refcnt update\n and read (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Cleanup the old ref_node-oriented\n mechanism (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Do not copy extent buffer to do qgroup\n rescan (bnc#960300).\n\n - btrfs: qgroup: Fix a race in delayed_ref which leads to\n abort trans (bsc#963193).\n\n - btrfs: qgroup: Fix a rebase bug which will cause qgroup\n double free (bsc#963193).\n\n - btrfs: qgroup: Fix a regression in qgroup reserved space\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Fix qgroup accounting when creating\n snapshot (bsc#972993).\n\n - btrfs: qgroup: Fix qgroup data leaking by using subtree\n tracing (bsc#983087).\n\n - btrfs: qgroup: Introduce btrfs_qgroup_reserve_data\n function (bsc#963193).\n\n - btrfs: qgroup: Introduce functions to release/free\n qgroup reserve data space (bsc#963193).\n\n - btrfs: qgroup: Introduce new functions to reserve/free\n metadata (bsc#963193).\n\n - btrfs: qgroup: Make snapshot accounting work with new\n extent-oriented qgroup (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Record possible quota-related extent for\n qgroup (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Switch rescan to new mechanism\n (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Switch self test to extent-oriented\n qgroup mechanism (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Switch to new extent-oriented qgroup\n mechanism (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: Use new metadata reservation\n (bsc#963193).\n\n - btrfs: qgroup: account shared subtree during snapshot\n delete (bnc#935087, bnc#945649).\n\n - btrfs: qgroup: exit the rescan worker during umount\n (bnc#960300).\n\n - btrfs: qgroup: fix quota disable during rescan\n (bnc#960300).\n\n - btrfs: remove old tree_root dirent processing in\n btrfs_real_readdir() (bsc#981709).\n\n - btrfs: serialize subvolume mounts with potentially\n mismatching rw flags (bsc#951844).\n\n - btrfs: skip superblocks during discard (bsc#904489).\n\n - btrfs: syslog when quota is disabled.\n\n - btrfs: syslog when quota is enabled\n\n - btrfs: ulist: Add ulist_del() function (bnc#935087,\n bnc#945649).\n\n - btrfs: use the new VFS super_block_dev (bnc#865869).\n\n - btrfs: waiting on qgroup rescan should not always be\n interruptible (bsc#992712).\n\n - fs/super.c: add new super block sub devices\n super_block_dev (bnc#865869).\n\n - fs/super.c: fix race between freeze_super() and\n thaw_super() (bsc#1025066).\n\n - kabi: only use sops->get_inode_dev with proper fsflag\n (bsc#927455).\n\n - qgroup: Prevent qgroup->reserved from going subzero\n (bsc#993841).\n\n - vfs: add super_operations->get_inode_dev (bsc#927455).\n\n - xfs: do not allow di_size with high bit set\n (bsc#1024234).\n\n - xfs: exclude never-released buffers from buftarg I/O\n accounting (bsc#1024508).\n\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n\n - xfs: fix up xfs_swap_extent_forks inline extent handling\n (bsc#1023888).\n\n - xfs: track and serialize in-flight async buffers against\n unmount - kABI (bsc#1024508).\n\n - xfs: track and serialize in-flight async buffers against\n unmount (bsc#1024508).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1015787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1024938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025072\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=865869\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=904489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=929871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=938550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=938891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=938892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=944001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=946057\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=946902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=965344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968230\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=989953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994881\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.38-50.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.38-50.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.38-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.38-50.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.38-50.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.38-50.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-04-25T00:00:00", "id": "OPENVAS:1361412562310843137", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843137", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-3264-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-3264-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843137\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 06:32:50 +0200 (Tue, 25 Apr 2017)\");\n script_cve_id(\"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-3264-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3264-1 fixed vulnerabilities in the\nLinux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates\nfor the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 LTS.\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash).\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3264-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3264-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-generic\", ver:\"3.13.0-117.164~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-generic-lpae\", ver:\"3.13.0-117.164~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-trusty\", ver:\"3.13.0.117.108\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-trusty\", ver:\"3.13.0.117.108\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-04-25T00:00:00", "id": "OPENVAS:1361412562310843141", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843141", "type": "openvas", "title": "Ubuntu Update for linux USN-3264-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3264-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843141\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 06:33:40 +0200 (Tue, 25 Apr 2017)\");\n script_cve_id(\"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3264-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alexander Popov discovered that a race\ncondition existed in the Stream Control Transmission Protocol (SCTP)\nimplementation in the Linux kernel. A local attacker could use this to cause\na denial of service (system crash).\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3264-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3264-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-generic\", ver:\"3.13.0-117.164\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-generic-lpae\", ver:\"3.13.0-117.164\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-lowlatency\", ver:\"3.13.0-117.164\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-powerpc-e500\", ver:\"3.13.0-117.164\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-powerpc-e500mc\", ver:\"3.13.0-117.164\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-powerpc-smp\", ver:\"3.13.0-117.164\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-117-powerpc64-smp\", ver:\"3.13.0-117.164\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.117.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.117.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.117.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.117.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.117.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.117.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.117.127\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-04-25T00:00:00", "id": "OPENVAS:1361412562310843142", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843142", "type": "openvas", "title": "Ubuntu Update for linux-hwe USN-3266-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-hwe USN-3266-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843142\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 06:33:42 +0200 (Tue, 25 Apr 2017)\");\n script_cve_id(\"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-hwe USN-3266-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-hwe'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3266-1 fixed vulnerabilities in the\nLinux kernel for Ubuntu 16.10. This update provides the corresponding updates\nfor the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu\n16.04 LTS.\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system crash).\");\n script_tag(name:\"affected\", value:\"linux-hwe on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3266-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3266-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-49-generic\", ver:\"4.8.0-49.52~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-49-generic-lpae\", ver:\"4.8.0-49.52~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-49-lowlatency\", ver:\"4.8.0-49.52~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.8.0.49.21\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.8.0.49.21\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.8.0.49.21\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-04-25T00:00:00", "id": "OPENVAS:1361412562310843138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843138", "type": "openvas", "title": "Ubuntu Update for linux USN-3266-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3266-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843138\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-25 06:32:53 +0200 (Tue, 25 Apr 2017)\");\n script_cve_id(\"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3266-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alexander Popov discovered that a race\ncondition existed in the Stream Control Transmission Protocol (SCTP) implementation\nin the Linux kernel. A local attacker could use this to cause a denial of service\n(system crash).\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3266-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3266-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-1035-raspi2\", ver:\"4.8.0-1035.38\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-49-generic\", ver:\"4.8.0-49.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-49-generic-lpae\", ver:\"4.8.0-49.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-49-lowlatency\", ver:\"4.8.0-49.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-49-powerpc-e500mc\", ver:\"4.8.0-49.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-49-powerpc-smp\", ver:\"4.8.0-49.52\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.8.0.49.61\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.8.0.49.61\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.8.0.49.61\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.8.0.49.61\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.8.0.49.61\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.8.0.1035.39\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5986", "CVE-2017-5897"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-02-20T00:00:00", "id": "OPENVAS:1361412562310872383", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872383", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-fb89ca752a", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-fb89ca752a\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872383\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-20 11:39:16 +0100 (Mon, 20 Feb 2017)\");\n script_cve_id(\"CVE-2017-5897\", \"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-fb89ca752a\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-fb89ca752a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV75L7M7X3BY5VD66D2ZRLKLAEPB5V3F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.9~200.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6353"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-13T00:00:00", "id": "OPENVAS:1361412562310872476", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872476", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-2e1f3694b2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-2e1f3694b2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872476\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-13 05:54:56 +0100 (Mon, 13 Mar 2017)\");\n script_cve_id(\"CVE-2017-6353\", \"CVE-2017-5986\", \"CVE-2017-5669\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-2e1f3694b2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-2e1f3694b2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4X7CX2SZJY7U76VFTJIK3EKJMAZSWF4X\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.13~101.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6353"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-03-13T00:00:00", "id": "OPENVAS:1361412562310872473", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872473", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2017-387ff46a66", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2017-387ff46a66\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872473\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-13 05:54:52 +0100 (Mon, 13 Mar 2017)\");\n script_cve_id(\"CVE-2017-5669\", \"CVE-2017-6353\", \"CVE-2017-5986\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2017-387ff46a66\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-387ff46a66\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUOO7VCTFNU6MGG77KHXB7356HXGREDQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.9.13~201.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:28:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6074", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-5897"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-02-23T00:00:00", "id": "OPENVAS:1361412562310851516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851516", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0547-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851516\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-23 05:05:51 +0100 (Thu, 23 Feb 2017)\");\n script_cve_id(\"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0547-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to cause a denial of\n service (invalid free) or possibly have unspecified other impact via an\n application that made an IPV6_RECVPKTINFO setsockopt system call\n (bnc#1026024).\n\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bnc#1025235).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bnc#1024938).\n\n - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE\n protocol was fixed. (bsc#1023762)\n\n The following non-security bugs were fixed:\n\n - btrfs: support NFSv2 export (bnc#929871).\n\n - btrfs: Direct I/O: Fix space accounting (bsc#1025058).\n\n - btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069).\n\n - btrfs: bail out if block group has different mixed flag (bsc#1025072).\n\n - btrfs: be more precise on errors when getting an inode from disk\n (bsc#981038).\n\n - btrfs: check pending chunks when shrinking fs to avoid corruption\n (bnc#936445).\n\n - btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).\n\n - btrfs: do not BUG() during drop snapshot (bsc#1025076).\n\n - btrfs: do not collect ordered extents when logging that inode exists\n (bsc#977685).\n\n - btrfs: do not initialize a space info as full to prevent ENOSPC\n (bnc#944001).\n\n - btrfs: do not leak reloc root nodes on error (bsc#1025074).\n\n - btrfs: fix block group -& gt space_info null pointer dereference\n (bnc#935088).\n\n - btrfs: fix chunk allocation regression leading to transaction abort\n (bnc#938550).\n\n - btrfs: fix crash on close_ctree() if cleaner starts new transaction\n (bnc#938891).\n\n - btrfs: fix deadlock between direct IO reads and buffered writes\n (bsc#973855).\n\n - btrfs: fix deadlock between direct IO write and defrag/readpages\n (bnc#965344).\n\n - btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057).\n\n - btrfs: fix empty symlink after creating symlink and fsync pa ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0547-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.38~50.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.38~50.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.38~50.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.38~50.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.38~50.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.38~50.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-6074", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-5897"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-02-23T00:00:00", "id": "OPENVAS:1361412562310851515", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851515", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0541-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851515\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-23 05:05:46 +0100 (Thu, 23 Feb 2017)\");\n script_cve_id(\"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0541-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.2 kernel was updated\n to 4.4.49 to receive various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5986: A userlevel triggerable BUG_ON on sctp_wait_for_sndbuf\n was fixed. (bsc#1025235)\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bnc#1024938).\n\n - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE\n protocol was fixed. (bsc#1023762)\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to cause a denial of\n service (invalid free) or possibly have unspecified other impact via an\n application that makes an IPV6_RECVPKTINFO setsockopt system call.\n (bsc#1026024).\n\n The following non-security bugs were fixed:\n\n - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls\n (bsc#1018100).\n\n - iwlwifi: Expose the default fallback ucode API to module info\n (boo#1021082, boo#1023884).\n\n - kabi: protect struct tcp_fastopen_cookie (kabi).\n\n - md: ensure md devices are freed before module is unloaded (bsc#1022304).\n\n - md: Fix a regression reported by bsc#1020048 in\n patches.fixes/0003-md-lockless-I-O-submission-for-RAID1.patch\n (bsc#982783, bsc#998106, bsc#1020048).\n\n - net: ethtool: Initialize buffer when querying device channel settings\n (bsc#969479 FATE#320634).\n\n - net: implement netif_cond_dbg macro (bsc#1019168).\n\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n\n - sfc: refactor debug-or-warnings printks (bsc#1019168).\n\n - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n\n - xfs: do not allow di_size with high bit set (bsc#1024234).\n\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n\n - xfs: track and serialize in-flight async buffers against unmount - kABI\n (bsc#1024508).\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0541-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.49~16.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.49~16.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.49~16.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.49~16.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-7308", "CVE-2016-8646", "CVE-2017-5986"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-05-26T00:00:00", "id": "OPENVAS:1361412562310871823", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871823", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:1308-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2017:1308-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871823\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-05-26 06:31:20 +0200 (Fri, 26 May 2017)\");\n script_cve_id(\"CVE-2016-10208\", \"CVE-2016-7910\", \"CVE-2016-8646\", \"CVE-2017-5986\", \"CVE-2017-7308\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:1308-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nSecurity Fix(es):\n\n * It was found that the packet_set_ring() function of the Linux kernel's\nnetworking implementation did not properly validate certain block-size\ndata. A local attacker with CAP_NET_RAW capability could use this flaw to\ntrigger a buffer overflow, resulting in the crash of the system. Due to the\nnature of the flaw, privilege escalation cannot be fully ruled out.\n(CVE-2017-7308, Important)\n\n * Mounting a crafted EXT4 image read-only leads to an attacker controlled\nmemory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)\n\n * A flaw was found in the Linux kernel's implementation of seq_file where a\nlocal attacker could manipulate memory in the put() function pointer. This\ncould lead to memory corruption and possible privileged escalation.\n(CVE-2016-7910, Moderate)\n\n * A vulnerability was found in the Linux kernel. An unprivileged local user\ncould trigger oops in shash_async_export() by attempting to force the\nin-kernel hashing algorithms into decrypting an empty data set.\n(CVE-2016-8646, Moderate)\n\n * It was reported that with Linux kernel, earlier than version v4.10-rc8,\nan application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket\ntx buffer is full, a thread is waiting on it to queue more data, and\nmeanwhile another thread peels off the association being used by the first\nthread. (CVE-2017-5986, Moderate)\n\nRed Hat would like to thank Igor Redko (Virtuozzo kernel team) for\nreporting CVE-2016-8646.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements.\nDocumentation for these changes is available from the Technical Notes\ndocument linked to in the References section.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:1308-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-May/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.21.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:42:38", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5986"], "description": "USN-3264-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nAlexander Popov discovered that a race condition existed in the Stream \nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash).", "edition": 5, "modified": "2017-04-24T00:00:00", "published": "2017-04-24T00:00:00", "id": "USN-3264-2", "href": "https://ubuntu.com/security/notices/USN-3264-2", "title": "Linux kernel (Trusty HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-02T11:36:16", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5986"], "description": "Alexander Popov discovered that a race condition existed in the Stream \nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash).", "edition": 5, "modified": "2017-04-24T00:00:00", "published": "2017-04-24T00:00:00", "id": "USN-3264-1", "href": "https://ubuntu.com/security/notices/USN-3264-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-08T23:29:32", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5986"], "description": "Alexander Popov discovered that a race condition existed in the Stream \nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash).", "edition": 6, "modified": "2017-04-25T00:00:00", "published": "2017-04-25T00:00:00", "id": "USN-3266-1", "href": "https://ubuntu.com/security/notices/USN-3266-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-18T01:44:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5986"], "description": "USN-3266-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.\n\nAlexander Popov discovered that a race condition existed in the Stream \nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash).", "edition": 6, "modified": "2017-04-25T00:00:00", "published": "2017-04-25T00:00:00", "id": "USN-3266-2", "href": "https://ubuntu.com/security/notices/USN-3266-2", "title": "Linux kernel (HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-07-18T01:34:59", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5970", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-7374", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-5897"], "description": "It was discovered that a use-after-free flaw existed in the filesystem \nencryption subsystem in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic \nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel. \nAn attacker could use this to possibly expose sensitive information. \n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux \nkernel did not properly handle invalid IP options in some situations. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream \nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP \npackets with the URG flag. A remote attacker could use this to cause a \ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did \nnot properly set up a destructor in certain situations. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling \ncode in the Linux kernel. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made \nimproper assumptions about internal data layout when performing checksums. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (deadlock). (CVE-2017-6348)", "edition": 7, "modified": "2017-04-25T00:00:00", "published": "2017-04-25T00:00:00", "id": "USN-3265-1", "href": "https://ubuntu.com/security/notices/USN-3265-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-18T01:41:21", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5970", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-7374", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-5897"], "description": "USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nIt was discovered that a use-after-free flaw existed in the filesystem \nencryption subsystem in the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic \nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel. \nAn attacker could use this to possibly expose sensitive information. \n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux \nkernel did not properly handle invalid IP options in some situations. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream \nControl Transmission Protocol (SCTP) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP \npackets with the URG flag. A remote attacker could use this to cause a \ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did \nnot properly set up a destructor in certain situations. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling \ncode in the Linux kernel. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made \nimproper assumptions about internal data layout when performing checksums. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (deadlock). (CVE-2017-6348)", "edition": 6, "modified": "2017-04-25T00:00:00", "published": "2017-04-25T00:00:00", "id": "USN-3265-2", "href": "https://ubuntu.com/security/notices/USN-3265-2", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5897", "CVE-2017-5986"], "description": "The kernel meta package ", "modified": "2017-02-14T15:52:06", "published": "2017-02-14T15:52:06", "id": "FEDORA:2CC39660F53B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.9.9-200.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6353"], "description": "The kernel meta package ", "modified": "2017-03-11T12:22:11", "published": "2017-03-11T12:22:11", "id": "FEDORA:65FAD61713B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.9.13-201.fc25", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6353"], "description": "The kernel meta package ", "modified": "2017-03-11T11:52:58", "published": "2017-03-11T11:52:58", "id": "FEDORA:553DD615C92C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.9.13-101.fc24", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6353"], "description": "**Issue Overview:**\n\nPossible double free in stcp_sendmsg() (incorrect fix for [CVE-2017-5986 __](<https://access.redhat.com/security/cve/CVE-2017-5986>)):\n\nIt was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. This vulnerability was introduced by [CVE-2017-5986 __](<https://access.redhat.com/security/cve/CVE-2017-5986>) fix (commit 2dcab5984841).\n\nReachable BUG_ON from userspace in sctp_wait_for_sndbuf:\n\nIt was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. ([CVE-2017-5986 __](<https://access.redhat.com/security/cve/CVE-2017-5986>)) \n\nShmat allows mmap null page protection bypass:\n\nThe do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is possible by making crafted shmget and shmat system calls in a privileged context. ([CVE-2017-5669 __](<https://access.redhat.com/security/cve/CVE-2017-5669>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n perf-debuginfo-4.9.20-10.30.amzn1.i686 \n kernel-tools-devel-4.9.20-10.30.amzn1.i686 \n kernel-debuginfo-common-i686-4.9.20-10.30.amzn1.i686 \n kernel-tools-4.9.20-10.30.amzn1.i686 \n kernel-tools-debuginfo-4.9.20-10.30.amzn1.i686 \n perf-4.9.20-10.30.amzn1.i686 \n kernel-headers-4.9.20-10.30.amzn1.i686 \n kernel-debuginfo-4.9.20-10.30.amzn1.i686 \n kernel-4.9.20-10.30.amzn1.i686 \n kernel-devel-4.9.20-10.30.amzn1.i686 \n \n noarch: \n kernel-doc-4.9.20-10.30.amzn1.noarch \n \n src: \n kernel-4.9.20-10.30.amzn1.src \n \n x86_64: \n kernel-tools-4.9.20-10.30.amzn1.x86_64 \n kernel-headers-4.9.20-10.30.amzn1.x86_64 \n kernel-debuginfo-4.9.20-10.30.amzn1.x86_64 \n kernel-tools-devel-4.9.20-10.30.amzn1.x86_64 \n kernel-tools-debuginfo-4.9.20-10.30.amzn1.x86_64 \n perf-debuginfo-4.9.20-10.30.amzn1.x86_64 \n perf-4.9.20-10.30.amzn1.x86_64 \n kernel-devel-4.9.20-10.30.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.9.20-10.30.amzn1.x86_64 \n kernel-4.9.20-10.30.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-04-06T21:16:00", "published": "2017-04-06T21:16:00", "id": "ALAS-2017-814", "href": "https://alas.aws.amazon.com/ALAS-2017-814.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-11-10T12:34:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7097", "CVE-2017-6074", "CVE-2017-5970", "CVE-2017-5551", "CVE-2017-6214", "CVE-2017-5986", "CVE-2017-5897"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. ([CVE-2017-6074 __](<https://access.redhat.com/security/cve/CVE-2017-6074>))\n\nA vulnerability was found in the Linux kernel. When file permissions are modified via chmod and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod. ([CVE-2016-7097 __](<https://access.redhat.com/security/cve/CVE-2016-7097>))\n\nA vulnerability was found in the Linux kernel in \"tmpfs\" file system. When file permissions are modified via \"chmod\" and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via \"setxattr\" sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in \"chmod\". ([CVE-2017-5551 __](<https://access.redhat.com/security/cve/CVE-2017-5551>))\n\nAn issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. ([CVE-2017-5897 __](<https://access.redhat.com/security/cve/CVE-2017-5897>))\n\nIt was discovered that an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. ([CVE-2017-5986 __](<https://access.redhat.com/security/cve/CVE-2017-5986>))\n\nA vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation. ([CVE-2017-5970 __](<https://access.redhat.com/security/cve/CVE-2017-5970>))\n\nA flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely. ([CVE-2017-6214 __](<https://access.redhat.com/security/cve/CVE-2017-6214>))\n\n(Updated on 2017-03-21: [CVE-2017-5970 __](<https://access.redhat.com/security/cve/CVE-2017-5970>) was fixed in this release but was previously not part of this errata.)\n\n(Updated on 2017-06-07: [CVE-2017-6214 __](<https://access.redhat.com/security/cve/CVE-2017-6214>) was fixed in this release but was previously not part of this errata.)\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running.\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-devel-4.4.51-40.58.amzn1.i686 \n kernel-headers-4.4.51-40.58.amzn1.i686 \n kernel-tools-4.4.51-40.58.amzn1.i686 \n perf-debuginfo-4.4.51-40.58.amzn1.i686 \n perf-4.4.51-40.58.amzn1.i686 \n kernel-tools-debuginfo-4.4.51-40.58.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.51-40.58.amzn1.i686 \n kernel-debuginfo-4.4.51-40.58.amzn1.i686 \n kernel-tools-devel-4.4.51-40.58.amzn1.i686 \n kernel-4.4.51-40.58.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.51-40.58.amzn1.noarch \n \n src: \n kernel-4.4.51-40.58.amzn1.src \n \n x86_64: \n kernel-debuginfo-common-x86_64-4.4.51-40.58.amzn1.x86_64 \n kernel-tools-4.4.51-40.58.amzn1.x86_64 \n kernel-4.4.51-40.58.amzn1.x86_64 \n perf-debuginfo-4.4.51-40.58.amzn1.x86_64 \n perf-4.4.51-40.58.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.51-40.58.amzn1.x86_64 \n kernel-tools-devel-4.4.51-40.58.amzn1.x86_64 \n kernel-debuginfo-4.4.51-40.58.amzn1.x86_64 \n kernel-devel-4.4.51-40.58.amzn1.x86_64 \n kernel-headers-4.4.51-40.58.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2017-03-06T14:00:00", "published": "2017-03-06T14:00:00", "id": "ALAS-2017-805", "href": "https://alas.aws.amazon.com/ALAS-2017-805.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7472", "CVE-2016-9793", "CVE-2017-5986", "CVE-2017-6353"], "description": "The cumulative Virtuozzo ReadyKernel patch updated with security fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3).\n**Vulnerability id:** CVE-2017-7472\nIt was found that keyctl_set_reqkey_keyring() function leaked thread keyring which could allow an unprivileged local user to exhaust kernel memory.\n\n**Vulnerability id:** CVE-2017-6353\nnet/sctp/socket.c in the Linux kernel through 4.10.1 did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application.\n\n**Vulnerability id:** CVE-2017-5986\nRace condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 could allow local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peeled off an association in a certain buffer-full state.\n\n**Vulnerability id:** CVE-2016-9793\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption).\n\n**Vulnerability id:** PSBM-56705\nA vulnerability was discovered in the handling of pid namespaces in the kernel. A privileged user inside a container could trigger a kernel crash (NULL pointer dereference in proc_flush_task()) using a sequence of system calls including wait4().\n\n", "edition": 1, "modified": "2017-04-20T00:00:00", "published": "2017-04-20T00:00:00", "id": "VZA-2017-029", "href": "https://help.virtuozzo.com/customer/portal/articles/2792896", "title": "Kernel security update: CVE-2017-7472 and other; Virtuozzo ReadyKernel patch 19.1 for Virtuozzo 7.0.x", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-02-22T21:00:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6074", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-5897"], "edition": 1, "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.49 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5986: A userlevel triggerable BUG_ON on sctp_wait_for_sndbuf\n was fixed. (bsc#1025235)\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bnc#1024938).\n - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE\n protocol was fixed. (bsc#1023762)\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to cause a denial of\n service (invalid free) or possibly have unspecified other impact via an\n application that makes an IPV6_RECVPKTINFO setsockopt system call.\n (bsc#1026024).\n\n The following non-security bugs were fixed:\n\n - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls\n (bsc#1018100).\n - iwlwifi: Expose the default fallback ucode API to module info\n (boo#1021082, boo#1023884).\n - kabi: protect struct tcp_fastopen_cookie (kabi).\n - md: ensure md devices are freed before module is unloaded (bsc#1022304).\n - md: Fix a regression reported by bsc#1020048 in\n patches.fixes/0003-md-lockless-I-O-submission-for-RAID1.patch\n (bsc#982783,bsc#998106,bsc#1020048).\n - net: ethtool: Initialize buffer when querying device channel settings\n (bsc#969479 FATE#320634).\n - net: implement netif_cond_dbg macro (bsc#1019168).\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n - sfc: refactor debug-or-warnings printks (bsc#1019168).\n - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n - xfs: do not allow di_size with high bit set (bsc#1024234).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n - xfs: track and serialize in-flight async buffers against unmount - kABI\n (bsc#1024508).\n\n", "modified": "2017-02-22T21:10:07", "published": "2017-02-22T21:10:07", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00036.html", "id": "OPENSUSE-SU-2017:0541-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-02-22T21:00:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-6074", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-5897"], "edition": 1, "description": "The openSUSE Leap 42.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to cause a denial of\n service (invalid free) or possibly have unspecified other impact via an\n application that made an IPV6_RECVPKTINFO setsockopt system call\n (bnc#1026024).\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bnc#1025235).\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bnc#1024938).\n - CVE-2017-5897: A potential remote denial of service within the IPv6 GRE\n protocol was fixed. (bsc#1023762)\n\n The following non-security bugs were fixed:\n\n - btrfs: support NFSv2 export (bnc#929871).\n - btrfs: Direct I/O: Fix space accounting (bsc#1025058).\n - btrfs: add RAID 5/6 BTRFS_RBIO_REBUILD_MISSING operation (bsc#1025069).\n - btrfs: bail out if block group has different mixed flag (bsc#1025072).\n - btrfs: be more precise on errors when getting an inode from disk\n (bsc#981038).\n - btrfs: check pending chunks when shrinking fs to avoid corruption\n (bnc#936445).\n - btrfs: check prepare_uptodate_page() error code earlier (bnc#966910).\n - btrfs: do not BUG() during drop snapshot (bsc#1025076).\n - btrfs: do not collect ordered extents when logging that inode exists\n (bsc#977685).\n - btrfs: do not initialize a space info as full to prevent ENOSPC\n (bnc#944001).\n - btrfs: do not leak reloc root nodes on error (bsc#1025074).\n - btrfs: fix block group -&gt;space_info null pointer dereference\n (bnc#935088).\n - btrfs: fix chunk allocation regression leading to transaction abort\n (bnc#938550).\n - btrfs: fix crash on close_ctree() if cleaner starts new transaction\n (bnc#938891).\n - btrfs: fix deadlock between direct IO reads and buffered writes\n (bsc#973855).\n - btrfs: fix deadlock between direct IO write and defrag/readpages\n (bnc#965344).\n - btrfs: fix device replace of a missing RAID 5/6 device (bsc#1025057).\n - btrfs: fix empty symlink after creating symlink and fsync parent dir\n (bsc#977685).\n - btrfs: fix extent accounting for partial direct IO writes (bsc#1025062).\n - btrfs: fix file corruption after cloning inline extents (bnc#942512).\n - btrfs: fix file loss on log replay after renaming a file and fsync\n (bsc#977685).\n - btrfs: fix file read corruption after extent cloning and fsync\n (bnc#946902).\n - btrfs: fix fitrim discarding device area reserved for boot loader's use\n (bsc#904489).\n - btrfs: fix for incorrect directory entries after fsync log replay\n (bsc#957805, bsc#977685).\n - btrfs: fix hang when failing to submit bio of directIO (bnc#942685).\n - btrfs: fix incremental send failure caused by balance (bsc#985850).\n - btrfs: fix invalid page accesses in extent_same (dedup) ioctl\n (bnc#968230).\n - btrfs: fix listxattrs not listing all xattrs packed in the same item\n (bsc#1025063).\n - btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844).\n - btrfs: fix memory corruption on failure to submit bio for direct IO\n (bnc#942685).\n - btrfs: fix memory leak in do_walk_down (bsc#1025075).\n - btrfs: fix memory leak in reading btree blocks (bsc#1025071).\n - btrfs: fix order by which delayed references are run (bnc#949440).\n - btrfs: fix page reading in extent_same ioctl leading to csum errors\n (bnc#968230).\n - btrfs: fix qgroup rescan worker initialization (bsc#1025077).\n - btrfs: fix qgroup sanity tests (bnc#951615).\n - btrfs: fix race between balance and unused block group deletion\n (bnc#938892).\n - btrfs: fix race between fsync and lockless direct IO writes (bsc#977685).\n - btrfs: fix race waiting for qgroup rescan worker (bnc#960300).\n - btrfs: fix regression running delayed references when using qgroups\n (bnc#951615).\n - btrfs: fix regression when running delayed references (bnc#951615).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: fix shrinking truncate when the no_holes feature is enabled\n (bsc#1025053).\n - btrfs: fix sleeping inside atomic context in qgroup rescan worker\n (bnc#960300).\n - btrfs: fix stale dir entries after removing a link and fsync\n (bnc#942925).\n - btrfs: fix unreplayable log after snapshot delete + parent dir fsync\n (bsc#977685).\n - btrfs: fix warning in backref walking (bnc#966278).\n - btrfs: fix warning of bytes_may_use (bsc#1025065).\n - btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550).\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n - btrfs: incremental send, check if orphanized dir inode needs delayed\n rename (bsc#1025049).\n - btrfs: incremental send, do not delay directory renames unnecessarily\n (bsc#1025048).\n - btrfs: incremental send, fix clone operations for compressed extents\n (fate#316463).\n - btrfs: incremental send, fix premature rmdir operations (bsc#1025064).\n - btrfs: keep dropped roots in cache until transaction commit (bnc#935087,\n bnc#945649, bnc#951615).\n - btrfs: remove misleading handling of missing device scrub (bsc#1025055).\n - btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock\n (bsc#904489).\n - btrfs: return gracefully from balance if fs tree is corrupted\n (bsc#1025073).\n - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).\n - btrfs: send, fix corner case for reference overwrite detection\n (bsc#1025080).\n - btrfs: send, fix file corruption due to incorrect cloning operations\n (bsc#1025060).\n - btrfs: set UNWRITTEN for prealloc'ed extents in fiemap (bsc#1025047).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,\n bnc#945649).\n - btrfs: use received_uuid of parent during send (bsc#1025051).\n - btrfs: wake up extent state waiters on unlock through clear_extent_bits\n (bsc#1025050).\n - btrfs: Add handler for invalidate page (bsc#963193).\n - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).\n - btrfs: Avoid truncate tailing page if fallocate range does not exceed\n inode size (bsc#1025059).\n - btrfs: Continue write in case of can_not_nocow (bsc#1025070).\n - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space\n (bsc#1005666).\n - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c\n (bsc#983087).\n - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,\n bsc#984779).\n - btrfs: Handle unaligned length in extent_same (bsc#937609).\n - btrfs: abort transaction on btrfs_reloc_cow_block() (bsc#1025081).\n - btrfs: add missing discards when unpinning extents with -o discard\n (bsc#904489).\n - btrfs: advertise which crc32c implementation is being used on mount\n (bsc#946057).\n - btrfs: allow dedupe of same inode (bsc#1025067).\n - btrfs: backref: Add special time_seq == (u64)-1 case for\n btrfs_find_all_roots() (bnc#935087, bnc#945649).\n - btrfs: backref: Do not merge refs which are not for same block\n (bnc#935087, bnc#945649).\n - btrfs: btrfs_issue_discard ensure offset/length are aligned to sector\n boundaries (bsc#904489).\n - btrfs: change max_inline default to 2048 (bsc#949472).\n - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,\n bnc#945649).\n - btrfs: delayed-ref: Use list to replace the ref_root in ref_head\n (bnc#935087, bnc#945649).\n - btrfs: delayed-ref: double free in btrfs_add_delayed_tree_ref()\n (bsc#1025079).\n - btrfs: delayed_ref: Add new function to record reserved space into\n delayed ref (bsc#963193).\n - btrfs: delayed_ref: release and free qgroup reserved at proper timing\n (bsc#963193).\n - btrfs: disable defrag of tree roots.\n - btrfs: do not create or leak aliased root while cleaning up orphans\n (bsc#994881).\n - btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).\n - btrfs: explictly delete unused block groups in close_ctree and\n ro-remount (bsc#904489).\n - btrfs: extent-tree: Add new version of btrfs_check_data_free_space and\n btrfs_free_reserved_data_space (bsc#963193).\n - btrfs: extent-tree: Add new version of\n btrfs_delalloc_reserve/release_space (bsc#963193).\n - btrfs: extent-tree: Switch to new check_data_free_space and\n free_reserved_data_space (bsc#963193).\n - btrfs: extent-tree: Switch to new delalloc space reserve and release\n (bsc#963193).\n - btrfs: extent-tree: Use ref_node to replace unneeded parameters in\n __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).\n - btrfs: extent_io: Introduce needed structure for recoding set/clear bits\n (bsc#963193).\n - btrfs: extent_io: Introduce new function clear_record_extent_bits()\n (bsc#963193).\n - btrfs: extent_io: Introduce new function set_record_extent_bits\n (bsc#963193).\n - btrfs: fallocate: Add support to accurate qgroup reserve (bsc#963193).\n - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls\n (bsc#1018100).\n - btrfs: fix clone / extent-same deadlocks (bsc#937612).\n - btrfs: fix deadlock with extent-same and readpage (bsc#937612).\n - btrfs: fix resending received snapshot with parent (bsc#1025061).\n - btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951).\n - btrfs: increment ctx-&gt;pos for every emitted or skipped dirent in\n readdir (bsc#981709).\n - btrfs: iterate over unused chunk space in FITRIM (bsc#904489).\n - btrfs: make btrfs_issue_discard return bytes discarded (bsc#904489).\n - btrfs: make file clone aware of fatal signals (bsc#1015787).\n - btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).\n - btrfs: properly track when rescan worker is running (bsc#989953).\n - btrfs: provide super_operations-&gt;inode_get_dev (bsc#927455).\n - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add handler for NOCOW and inline (bsc#963193).\n - btrfs: qgroup: Add new function to record old_roots (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new qgroup calculation function\n btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).\n - btrfs: qgroup: Add new trace point for qgroup data reserve (bsc#963193).\n - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Avoid calling btrfs_free_reserved_data_space in\n clear_bit_hook (bsc#963193).\n - btrfs: qgroup: Check if qgroup reserved space leaked (bsc#963193).\n - btrfs: qgroup: Cleanup old inaccurate facilities (bsc#963193).\n - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan\n (bnc#960300).\n - btrfs: qgroup: Fix a race in delayed_ref which leads to abort trans\n (bsc#963193).\n - btrfs: qgroup: Fix a rebase bug which will cause qgroup double free\n (bsc#963193).\n - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972993).\n - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing\n (bsc#983087).\n - btrfs: qgroup: Introduce btrfs_qgroup_reserve_data function (bsc#963193).\n - btrfs: qgroup: Introduce functions to release/free qgroup reserve data\n space (bsc#963193).\n - btrfs: qgroup: Introduce new functions to reserve/free metadata\n (bsc#963193).\n - btrfs: qgroup: Make snapshot accounting work with new extent-oriented\n qgroup (bnc#935087, bnc#945649).\n - btrfs: qgroup: Record possible quota-related extent for qgroup\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Use new metadata reservation (bsc#963193).\n - btrfs: qgroup: account shared subtree during snapshot delete\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: exit the rescan worker during umount (bnc#960300).\n - btrfs: qgroup: fix quota disable during rescan (bnc#960300).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: serialize subvolume mounts with potentially mismatching rw flags\n (bsc#951844).\n - btrfs: skip superblocks during discard (bsc#904489).\n - btrfs: syslog when quota is disabled.\n - btrfs: syslog when quota is enabled\n - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).\n - btrfs: use the new VFS super_block_dev (bnc#865869).\n - btrfs: waiting on qgroup rescan should not always be interruptible\n (bsc#992712).\n - fs/super.c: add new super block sub devices super_block_dev (bnc#865869).\n - fs/super.c: fix race between freeze_super() and thaw_super()\n (bsc#1025066).\n - kabi: only use sops-&gt;get_inode_dev with proper fsflag (bsc#927455).\n - qgroup: Prevent qgroup-&gt;reserved from going subzero (bsc#993841).\n - vfs: add super_operations-&gt;get_inode_dev (bsc#927455).\n - xfs: do not allow di_size with high bit set (bsc#1024234).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: track and serialize in-flight async buffers against unmount - kABI\n (bsc#1024508).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n\n", "modified": "2017-02-22T21:15:53", "published": "2017-02-22T21:15:53", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00037.html", "id": "OPENSUSE-SU-2017:0547-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-02-28T23:11:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5576", "CVE-2016-9806", "CVE-2017-2584", "CVE-2016-7117", "CVE-2017-5577", "CVE-2017-5970", "CVE-2017-5551", "CVE-2017-2583", "CVE-2017-5986", "CVE-2015-8709", "CVE-2017-5897"], "edition": 1, "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive\n various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n was mishandled during error processing (bnc#1003077).\n - CVE-2017-5576: Integer overflow in the vc4_get_bcl function in\n drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified\n other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call\n (bnc#1021294).\n - CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c\n in the VideoCore DRM driver in the Linux kernel did not set an errno\n value upon certain overflow detections, which allowed local users to\n cause a denial of service (incorrect pointer dereference and OOPS) via\n inconsistent size values in a VC4_SUBMIT_CL ioctl call (bnc#1021294).\n - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the\n Linux kernel preserved the setgid bit during a setxattr call involving a\n tmpfs filesystem, which allowed local users to gain group privileges by\n leveraging the existence of a setgid program with restrictions on\n execute permissions. (bnc#1021258).\n - CVE-2017-2583: The load_segment_descriptor implementation in\n arch/x86/kvm/emulate.c in the Linux kernel improperly emulated a "MOV\n SS, NULL selector" instruction, which allowed guest OS users to cause a\n denial of service (guest OS crash) or gain guest OS privileges via a\n crafted application (bnc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and\n gid mappings, which allowed local users to gain privileges by\n establishing a user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the ptrace system\n call. NOTE: the vendor states "there is no kernel bug here"\n (bnc#1010933).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free\n operation associated with a new dump that started earlier than\n anticipated (bnc#1013540).\n - CVE-2017-5897: fixed a bug in the Linux kernel IPv6 implementation which\n allowed remote attackers to trigger an out-of-bounds access, leading to\n a denial-of-service attack (bnc#1023762).\n - CVE-2017-5970: Fixed a possible denial-of-service that could have been\n triggered by sending bad IP options on a socket (bsc#1024938).\n - CVE-2017-5986: an application could have triggered a BUG_ON() in\n sctp_wait_for_sndbuf() if the socket TX buffer was full, a thread was\n waiting\n on it to queue more data, and meanwhile another thread peeled off the\n association being used by the first thread (bsc#1025235).\n\n The following non-security bugs were fixed:\n\n - 8250: fintek: rename IRQ_MODE macro (boo#1009546).\n - acpi: nfit, libnvdimm: fix / harden ars_status output length handling\n (bsc#1023175).\n - acpi: nfit: fix bus vs dimm confusion in xlat_status (bsc#1023175).\n - acpi: nfit: validate ars_status output buffer size (bsc#1023175).\n - arm64: numa: fix incorrect log for memory-less node (bsc#1019631).\n - asoc: cht_bsw_rt5645: Fix leftover kmalloc (bsc#1010690).\n - asoc: rt5670: add HS ground control (bsc#1016250).\n - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1021260).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1019784).\n - blk-mq: Allow timeouts to run while queue is freezing (bsc#1020817).\n - blk-mq: Always schedule hctx->next_cpu (bsc#1020817).\n - blk-mq: Avoid memory reclaim when remapping queues (bsc#1020817).\n - blk-mq: Fix failed allocation path when mapping queues (bsc#1020817).\n - blk-mq: do not overwrite rq->mq_ctx (bsc#1020817).\n - blk-mq: improve warning for running a queue on the wrong CPU\n (bsc#1020817).\n - block: Change extern inline to static inline (bsc#1023175).\n - bluetooth: btmrvl: fix hung task warning dump (bsc#1018813).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - brcmfmac: Change error print on wlan0 existence (bsc#1000092).\n - btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT (bsc#1020975).\n - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in\n btrfs_ioctl (bsc#1018100).\n - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls\n (bsc#1018100).\n - btrfs: fix inode leak on failure to setup whiteout inode in rename\n (bsc#1020975).\n - btrfs: fix lockdep warning about log_mutex (bsc#1021455).\n - btrfs: fix lockdep warning on deadlock against an inode's log mutex\n (bsc#1021455).\n - btrfs: fix number of transaction units for renames with whiteout\n (bsc#1020975).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: incremental send, fix invalid paths for rename operations\n (bsc#1018316).\n - btrfs: incremental send, fix premature rmdir operations (bsc#1018316).\n - btrfs: pin log earlier when renaming (bsc#1020975).\n - btrfs: pin logs earlier when doing a rename exchange operation\n (bsc#1020975).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: send, add missing error check for calls to path_loop()\n (bsc#1018316).\n - btrfs: send, avoid incorrect leaf accesses when sending utimes\n operations (bsc#1018316).\n - btrfs: send, fix failure to move directories with the same name around\n (bsc#1018316).\n - btrfs: send, fix invalid leaf accesses due to incorrect utimes\n operations (bsc#1018316).\n - btrfs: send, fix warning due to late freeing of orphan_dir_info\n structures (bsc#1018316).\n - btrfs: test_check_exists: Fix infinite loop when searching for free\n space entries (bsc#987192).\n - btrfs: unpin log if rename operation fails (bsc#1020975).\n - btrfs: unpin logs if rename exchange operation fails (bsc#1020975).\n - ceph: fix bad endianness handling in parse_reply_info_extra\n (bsc#1020488).\n - clk: xgene: Add PMD clock (bsc#1019351).\n - clk: xgene: Do not call __pa on ioremaped address (bsc#1019351).\n - clk: xgene: Remove CLK_IS_ROOT (bsc#1019351).\n - config: enable CONFIG_OCFS2_DEBUG_MASKLOG for ocfs2 (bsc#1015038)\n - config: enable Ceph kernel client modules for ppc64le\n - config: enable Ceph kernel client modules for s390x\n - crypto: FIPS - allow tests to be disabled in FIPS mode (bsc#1018913).\n - crypto: drbg - do not call drbg_instantiate in healt test (bsc#1018913).\n - crypto: drbg - remove FIPS 140-2 continuous test (bsc#1018913).\n - crypto: qat - fix bar discovery for c62x (bsc#1021251).\n - crypto: qat - zero esram only for DH85x devices (bsc#1021248).\n - crypto: rsa - allow keys >= 2048 bits in FIPS mode (bsc#1018913).\n - crypto: xts - consolidate sanity check for keys (bsc#1018913).\n - crypto: xts - fix compile errors (bsc#1018913).\n - cxl: fix potential NULL dereference in free_adapter() (bsc#1016517).\n - dax: fix deadlock with DAX 4k holes (bsc#1012829).\n - dax: fix device-dax region base (bsc#1023175).\n - device-dax: check devm_nsio_enable() return value (bsc#1023175).\n - device-dax: fail all private mapping attempts (bsc#1023175).\n - device-dax: fix percpu_ref_exit ordering (bsc#1023175).\n - driver core: fix race between creating/querying glue dir and its cleanup\n (bnc#1008742).\n - drivers: hv: Introduce a policy for controlling channel affinity.\n - drivers: hv: balloon: Add logging for dynamic memory operations.\n - drivers: hv: balloon: Disable hot add when CONFIG_MEMORY_HOTPLUG is not\n set.\n - drivers: hv: balloon: Fix info request to show max page count.\n - drivers: hv: balloon: Use available memory value in pressure report.\n - drivers: hv: balloon: account for gaps in hot add regions.\n - drivers: hv: balloon: keep track of where ha_region starts.\n - drivers: hv: balloon: replace ha_region_mutex with spinlock.\n - drivers: hv: cleanup vmbus_open() for wrap around mappings.\n - drivers: hv: do not leak memory in vmbus_establish_gpadl().\n - drivers: hv: get rid of id in struct vmbus_channel.\n - drivers: hv: get rid of redundant messagecount in create_gpadl_header().\n - drivers: hv: get rid of timeout in vmbus_open().\n - drivers: hv: make VMBus bus ids persistent.\n - drivers: hv: ring_buffer: count on wrap around mappings in\n get_next_pkt_raw() (v2).\n - drivers: hv: ring_buffer: use wrap around mappings in hv_copy{from,\n to}_ringbuffer().\n - drivers: hv: ring_buffer: wrap around mappings for ring buffers.\n - drivers: hv: utils: Check VSS daemon is listening before a hot backup.\n - drivers: hv: utils: Continue to poll VSS channel after handling requests.\n - drivers: hv: utils: Fix the mapping between host version and protocol to\n use.\n - drivers: hv: utils: reduce HV_UTIL_NEGO_TIMEOUT timeout.\n - drivers: hv: vmbus: Base host signaling strictly on the ring state.\n - drivers: hv: vmbus: Enable explicit signaling policy for NIC channels.\n - drivers: hv: vmbus: Implement a mechanism to tag the channel for low\n latency.\n - drivers: hv: vmbus: Make mmio resource local.\n - drivers: hv: vmbus: On the read path cleanup the logic to interrupt the\n host.\n - drivers: hv: vmbus: On write cleanup the logic to interrupt the host.\n - drivers: hv: vmbus: Reduce the delay between retries in vmbus_post_msg().\n - drivers: hv: vmbus: finally fix hv_need_to_signal_on_read().\n - drivers: hv: vmbus: fix the race when querying and updating the percpu\n list.\n - drivers: hv: vmbus: suppress some "hv_vmbus: Unknown GUID" warnings.\n - drivers: hv: vss: Improve log messages.\n - drivers: hv: vss: Operation timeouts should match host expectation.\n - drivers: net: phy: mdio-xgene: Add hardware dependency (bsc#1019351).\n - drivers: net: phy: xgene: Fix 'remove' function (bsc#1019351).\n - drivers: net: xgene: Add change_mtu function (bsc#1019351).\n - drivers: net: xgene: Add flow control configuration (bsc#1019351).\n - drivers: net: xgene: Add flow control initialization (bsc#1019351).\n - drivers: net: xgene: Add helper function (bsc#1019351).\n - drivers: net: xgene: Add support for Jumbo frame (bsc#1019351).\n - drivers: net: xgene: Configure classifier with pagepool (bsc#1019351).\n - drivers: net: xgene: Fix MSS programming (bsc#1019351).\n - drivers: net: xgene: fix build after change_mtu function change\n (bsc#1019351).\n - drivers: net: xgene: fix: Coalescing values for v2 hardware\n (bsc#1019351).\n - drivers: net: xgene: fix: Disable coalescing on v1 hardware\n (bsc#1019351).\n - drivers: net: xgene: fix: RSS for non-TCP/UDP (bsc#1019351).\n - drivers: net: xgene: fix: Use GPIO to get link status (bsc#1019351).\n - drivers: net: xgene: uninitialized variable in\n xgene_enet_free_pagepool() (bsc#1019351).\n - drm: Delete previous two fixes for i915 (bsc#1019061). These upstream\n fixes brought some regressions, so better to revert for now.\n - drm: Disable\n patches.drivers/drm-i915-Exit-cherryview_irq_handler-after-one-pass The\n patch seems leading to the instability on Wyse box (bsc#1015367).\n - drm: Fix broken VT switch with video=1366x768 option (bsc#1018358).\n - drm: Use u64 for intermediate dotclock calculations (bnc#1006472).\n - drm: i915: Do not init hpd polling for vlv and chv from\n runtime_suspend() (bsc#1014120).\n - drm: i915: Fix PCODE polling during CDCLK change notification\n (bsc#1015367).\n - drm: i915: Fix watermarks for VLV/CHV (bsc#1011176).\n - drm: i915: Force VDD off on the new power seqeuencer before starting to\n use it (bsc#1009674).\n - drm: i915: Mark CPU cache as dirty when used for rendering (bsc#1015367).\n - drm: i915: Mark i915_hpd_poll_init_work as static (bsc#1014120).\n - drm: i915: Prevent PPS stealing from a normal DP port on VLV/CHV\n (bsc#1019061).\n - drm: i915: Prevent enabling hpd polling in late suspend (bsc#1014120).\n - drm: i915: Restore PPS HW state from the encoder resume hook\n (bsc#1019061).\n - drm: i915: Workaround for DP DPMS D3 on Dell monitor (bsc#1019061).\n - drm: vc4: Fix an integer overflow in temporary allocation layout\n (bsc#1021294).\n - drm: vc4: Return -EINVAL on the overflow checks failing (bsc#1021294).\n - drm: virtio-gpu: get the fb from the plane state for atomic updates\n (bsc#1023101).\n - edac: xgene: Fix spelling mistake in error messages (bsc#1019351).\n - efi: libstub: Move Graphics Output Protocol handling to generic code\n (bnc#974215).\n - fbcon: Fix vc attr at deinit (bsc#1000619).\n - fs: nfs: avoid including "mountproto=" with no protocol in /proc/mounts\n (bsc#1019260).\n - gpio: xgene: make explicitly non-modular (bsc#1019351).\n - hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels().\n - hv: change clockevents unbind tactics.\n - hv: do not reset hv_context.tsc_page on crash.\n - hv_netvsc: Add handler for physical link speed change.\n - hv_netvsc: Add query for initial physical link speed.\n - hv_netvsc: Implement batching of receive completions.\n - hv_netvsc: Revert "make inline functions static".\n - hv_netvsc: Revert "report vmbus name in ethtool".\n - hv_netvsc: add ethtool statistics for tx packet issues.\n - hv_netvsc: count multicast packets received.\n - hv_netvsc: dev hold/put reference to VF.\n - hv_netvsc: fix a race between netvsc_send() and netvsc_init_buf().\n - hv_netvsc: fix comments.\n - hv_netvsc: fix rtnl locking in callback.\n - hv_netvsc: improve VF device matching.\n - hv_netvsc: init completion during alloc.\n - hv_netvsc: make RSS hash key static.\n - hv_netvsc: make device_remove void.\n - hv_netvsc: make inline functions static.\n - hv_netvsc: make netvsc_destroy_buf void.\n - hv_netvsc: make variable local.\n - hv_netvsc: rearrange start_xmit.\n - hv_netvsc: refactor completion function.\n - hv_netvsc: remove VF in flight counters.\n - hv_netvsc: remove excessive logging on MTU change.\n - hv_netvsc: report vmbus name in ethtool.\n - hv_netvsc: simplify callback event code.\n - hv_netvsc: style cleanups.\n - hv_netvsc: use ARRAY_SIZE() for NDIS versions.\n - hv_netvsc: use RCU to protect vf_netdev.\n - hv_netvsc: use consume_skb.\n - hv_netvsc: use kcalloc.\n - hyperv: Fix spelling of HV_UNKOWN.\n - i2c: designware-baytrail: Disallow the CPU to enter C6 or C7 while\n holding the punit semaphore (bsc#1011913).\n - i2c: designware: Implement support for SMBus block read and write\n (bsc#1019351).\n - i2c: designware: fix wrong Tx/Rx FIFO for ACPI (bsc#1019351).\n - i2c: xgene: Fix missing code of DTB support (bsc#1019351).\n - i40e: Be much more verbose about what we can and cannot offload\n (bsc#985561).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - igb: Workaround for igb i210 firmware issue (bsc#1009911).\n - igb: add i211 to i210 PHY workaround (bsc#1009911).\n - input: i8042: Trust firmware a bit more when probing on X86\n (bsc#1011660).\n - intel_idle: Add KBL support (bsc#1016884).\n - ip6_gre: fix ip6gre_err() invalid reads (CVE-2017-5897, bsc#1023762).\n - ipc: msg, make msgrcv work with LONG_MIN (bnc#1005918).\n - iwlwifi: Expose the default fallback ucode API to module info\n (boo#1021082, boo#1023884).\n - kgraft: iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612).\n - kgraft: xen: Do not block kGraft in xenbus kthread (bsc#1017410).\n - libnvdimm: pfn: fix align attribute (bsc#1023175).\n - mailbox: xgene-slimpro: Fix wrong test for devm_kzalloc (bsc#1019351).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - md-cluster: convert the completion to wait queue.\n - md-cluster: protect md_find_rdev_nr_rcu with rcu lock.\n - md: ensure md devices are freed before module is unloaded (bsc#1022304).\n - md: fix refcount problem on mddev when stopping array (bsc#1022304).\n - misc: genwqe: ensure zero initialization.\n - mm: do not loop on GFP_REPEAT high order requests if there is no reclaim\n progress (bnc#1013000).\n - mm: memcg: do not retry precharge charges (bnc#1022559).\n - mm: page_alloc: fix check for NULL preferred_zone (bnc#971975 VM\n performance -- page allocator).\n - mm: page_alloc: fix fast-path race with cpuset update or removal\n (bnc#971975 VM performance -- page allocator).\n - mm: page_alloc: fix premature OOM when racing with cpuset mems update\n (bnc#971975 VM performance -- page allocator).\n - mm: page_alloc: keep pcp count and list contents in sync if struct page\n is corrupted (bnc#971975 VM performance -- page allocator).\n - mm: page_alloc: move cpuset seqcount checking to slowpath (bnc#971975 VM\n performance -- page allocator).\n - mmc: sdhci-of-arasan: Remove no-hispd and no-cmd23 quirks for\n sdhci-arasan4.9a (bsc#1019351).\n - mwifiex: add missing check for PCIe8997 chipset (bsc#1018813).\n - mwifiex: fix IBSS data path issue (bsc#1018813).\n - mwifiex: fix PCIe register information for 8997 chipset (bsc#1018813).\n - net: af_iucv: do not use paged skbs for TX on HiperSockets (bnc#1020945,\n LTC#150566).\n - net: ethernet: apm: xgene: use phydev from struct net_device\n (bsc#1019351).\n - net: ethtool: Initialize buffer when querying device channel settings\n (bsc#969479).\n - net: hyperv: avoid uninitialized variable.\n - net: implement netif_cond_dbg macro (bsc#1019168).\n - net: remove useless memset's in drivers get_stats64 (bsc#1019351).\n - net: xgene: avoid bogus maybe-uninitialized warning (bsc#1019351).\n - net: xgene: fix backward compatibility fix (bsc#1019351).\n - net: xgene: fix error handling during reset (bsc#1019351).\n - net: xgene: move xgene_cle_ptree_ewdn data off stack (bsc#1019351).\n - netvsc: Remove mistaken udp.h inclusion.\n - netvsc: add rcu_read locking to netvsc callback.\n - netvsc: fix checksum on UDP IPV6.\n - netvsc: reduce maximum GSO size.\n - nfit: fail DSMs that return non-zero status by default (bsc#1023175).\n - nfsv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - nvdimm: kabi protect nd_cmd_out_size() (bsc#1023175).\n - nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too (bsc#1020685).\n - ocfs2: fix deadlock on mmapped page in ocfs2_write_begin_nolock()\n (bnc#921494).\n - pci: Add devm_request_pci_bus_resources() (bsc#1019351).\n - pci: generic: Fix pci_remap_iospace() failure path (bsc#1019630).\n - pci: hv: Allocate physically contiguous hypercall params buffer.\n - pci: hv: Fix hv_pci_remove() for hot-remove.\n - pci: hv: Handle hv_pci_generic_compl() error case.\n - pci: hv: Handle vmbus_sendpacket() failure in hv_compose_msi_msg().\n - pci: hv: Make unnecessarily global IRQ masking functions static.\n - pci: hv: Remove the unused 'wrk' in struct hv_pcibus_device.\n - pci: hv: Use list_move_tail() instead of list_del() + list_add_tail().\n - pci: hv: Use pci_function_description in struct definitions.\n - pci: hv: Use the correct buffer size in new_pcichild_device().\n - pci: hv: Use zero-length array in struct pci_packet.\n - pci: include header file (bsc#964944).\n - pci: xgene: Add local struct device pointers (bsc#1019351).\n - pci: xgene: Add register accessors (bsc#1019351).\n - pci: xgene: Free bridge resource list on failure (bsc#1019351).\n - pci: xgene: Make explicitly non-modular (bsc#1019351).\n - pci: xgene: Pass struct xgene_pcie_port to setup functions (bsc#1019351).\n - pci: xgene: Remove unused platform data (bsc#1019351).\n - pci: xgene: Request host bridge window resources (bsc#1019351).\n - perf: xgene: Remove bogus IS_ERR() check (bsc#1019351).\n - phy: xgene: rename "enum phy_mode" to "enum xgene_phy_mode"\n (bsc#1019351).\n - power: reset: xgene-reboot: Unmap region obtained by of_iomap\n (bsc#1019351).\n - powerpc: fadump: Fix the race in crash_fadump() (bsc#1022971).\n - qeth: check not more than 16 SBALEs on the completion queue\n (bnc#1009718, LTC#148203).\n - raid1: Fix a regression observed during the rebuilding of degraded\n MDRAID VDs (bsc#1020048).\n - raid1: ignore discard error (bsc#1017164).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm: kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm: kernel-binary.spec.in: Fix installation of /etc/uefi/certs\n (bsc#1019594)\n - rtc: cmos: Clear ACPI-driven alarms upon resume (bsc#1022429).\n - rtc: cmos: Do not enable interrupts in the middle of the interrupt\n handler (bsc#1022429).\n - rtc: cmos: Restore alarm after resume (bsc#1022429).\n - rtc: cmos: avoid unused function warning (bsc#1022429).\n - s390: Fix invalid domain response handling (bnc#1009718).\n - s390: cpuinfo: show maximum thread id (bnc#1009718, LTC#148580).\n - s390: sysinfo: show partition extended name and UUID if available\n (bnc#1009718, LTC#150160).\n - s390: time: LPAR offset handling (bnc#1009718, LTC#146920).\n - s390: time: move PTFF definitions (bnc#1009718, LTC#146920).\n - sched: Allow hotplug notifiers to be setup early (bnc#1022476).\n - sched: Make wake_up_nohz_cpu() handle CPUs going offline (bnc#1022476).\n - sched: core, x86/topology: Fix NUMA in package topology bug\n (bnc#1022476).\n - sched: core: Fix incorrect utilization accounting when switching to fair\n class (bnc#1022476).\n - sched: core: Fix set_user_nice() (bnc#1022476).\n - sched: cputime: Add steal time support to full dynticks CPU time\n accounting (bnc#1022476).\n - sched: cputime: Fix prev steal time accouting during CPU hotplug\n (bnc#1022476).\n - sched: deadline: Always calculate end of period on sched_yield()\n (bnc#1022476).\n - sched: deadline: Fix a bug in dl_overflow() (bnc#1022476).\n - sched: deadline: Fix lock pinning warning during CPU hotplug\n (bnc#1022476).\n - sched: deadline: Fix wrap-around in DL heap (bnc#1022476).\n - sched: fair: Avoid using decay_load_missed() with a negative value\n (bnc#1022476).\n - sched: fair: Fix fixed point arithmetic width for shares and effective\n load (bnc#1022476).\n - sched: fair: Fix load_above_capacity fixed point arithmetic width\n (bnc#1022476).\n - sched: fair: Fix min_vruntime tracking (bnc#1022476).\n - sched: fair: Fix the wrong throttled clock time for cfs_rq_clock_task()\n (bnc#1022476).\n - sched: fair: Improve PELT stuff some more (bnc#1022476).\n - sched: rt, sched/dl: Do not push if task's scheduling class was changed\n (bnc#1022476).\n - sched: rt: Fix PI handling vs. sched_setscheduler() (bnc#1022476).\n - sched: rt: Kick RT bandwidth timer immediately on start up (bnc#1022476).\n - scsi: Add 'AIX VDASD' to blacklist (bsc#1006469).\n - scsi: Modify HITACHI OPEN-V blacklist entry (bsc#1006469).\n - scsi: bfa: Increase requested firmware version to 3.2.5.1 (bsc#1013273).\n - scsi: storvsc: Payload buffer incorrectly sized for 32 bit kernels.\n - scsi_dh_alua: uninitialized variable in alua_rtpg() (bsc#1012910).\n - sctp: avoid BUG_ON on sctp_wait_for_sndbuf (CVE-2017-5986, bsc#1025235).\n - sd: always scan VPD pages if thin provisioning is enabled (bsc#1013792).\n - serial: 8250: Integrate Fintek into 8250_base (boo#1016979). Update\n config files to change CONFIG_SERIAL_8250_FINTEK to boolean accordingly,\n too. Also, the corresponding entry got removed from supported.conf.\n - serial: 8250_fintek: fix the mismatched IRQ mode (boo#1009546).\n - serial: Update metadata for serial fixes (bsc#1013001)\n - ses: Fix SAS device detection in enclosure (bsc#1016403).\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n - sfc: refactor debug-or-warnings printks (bsc#1019168).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - supported.conf: Support Marvell WiFi/BT SDIO and pinctrl-cherrytrail\n (bsc#1018813)\n - supported.conf: delete xilinx/ll_temac (bsc#1011602)\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - tools: hv: Enable network manager for bonding scripts on RHEL.\n - tools: hv: fix a compile warning in snprintf.\n - tools: hv: kvp: configurable external scripts path.\n - tools: hv: kvp: ensure kvp device fd is closed on exec.\n - tools: hv: remove unnecessary header files and netlink related code.\n - tools: hv: remove unnecessary link flag.\n - tty: n_hdlc, fix lockdep false positive (bnc#1015840).\n - uvcvideo: uvc_scan_fallback() for webcams with broken chain\n (bsc#1021474).\n - vmbus: make sysfs names consistent with PCI.\n - x86: MCE: Dump MCE to dmesg if no consumers (bsc#1013994).\n - x86: hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic.\n - xfs: don't allow di_size with high bit set (bsc#1024234).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n - xfs: track and serialize in-flight async buffers against unmount - kABI\n (bsc#1024508).\n\n", "modified": "2017-03-01T00:09:01", "published": "2017-03-01T00:09:01", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00047.html", "id": "SUSE-SU-2017:0575-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-01T13:17:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9191", "CVE-2017-7184", "CVE-2016-10200", "CVE-2017-2636", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-2596", "CVE-2017-6353", "CVE-2016-2117", "CVE-2017-6347"], "edition": 1, "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security\n issues and bugs.\n\n The following security bugs were fixed:\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls (bnc#1027190).\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux\n kernel allowed local users to cause a denial of service (use-after-free)\n or possibly have unspecified other impact via a multithreaded\n application that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1025235).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly\n enables scatter/gather I/O, which allowed remote attackers to obtain\n sensitive information from kernel memory by reading packet data\n (bnc#968697).\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in\n net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations\n about skb data layout, which allowed local users to cause a denial of\n service (buffer over-read) or possibly have unspecified other impact via\n crafted system calls, as demonstrated by use of the MSG_MORE flag in\n conjunction with loopback UDP transmission (bnc#1027179).\n - CVE-2016-9191: The cgroup offline implementation in the Linux kernel\n mishandled certain drain operations, which allowed local users to cause\n a denial of service (system hang) by leveraging access to a container\n environment for executing a crafted application, as demonstrated by\n trinity (bnc#1008842).\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c\n in the Linux kernel improperly emulates the VMXON instruction, which\n allowed KVM L1 guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of page references\n (bnc#1022785).\n\n The following non-security bugs were fixed:\n\n - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819).\n - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819).\n - ACPI: Remove platform devices from a bus on removal (bsc#1028819).\n - add mainline tag to one hyperv patch\n - bnx2x: allow adding VLANs while interface is down (bsc#1027273).\n - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641).\n - btrfs: incremental send, do not delay rename when parent inode is new\n (bsc#1028325).\n - btrfs: incremental send, do not issue invalid rmdir operations\n (bsc#1028325).\n - btrfs: qgroup: Move half of the qgroup accounting time out of commit\n trans (bsc#1017461).\n - btrfs: send, fix failure to rename top level inode due to name collision\n (bsc#1028325).\n - btrfs: serialize subvolume mounts with potentially mismatching rw flags\n (bsc#951844 bsc#1024015)\n - crypto: algif_hash - avoid zero-sized array (bnc#1007962).\n - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692).\n - drivers: hv: vmbus: Prevent sending data on a rescinded channel\n (fate#320485, bug#1028217).\n - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913).\n - drm/i915: Listen for PMIC bus access notifications (bsc#1011913).\n - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959,\n fate#322780)\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n - Fix kABI breakage of dccp in 4.4.56 (stable-4.4.56).\n - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755).\n - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755).\n - i2c: designware-baytrail: Acquire P-Unit access on bus acquire\n (bsc#1011913).\n - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain\n (bsc#1011913).\n - i2c: designware-baytrail: Fix race when resetting the semaphore\n (bsc#1011913).\n - i2c: designware-baytrail: Only check iosf_mbi_available() for shared\n hosts (bsc#1011913).\n - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM\n method (bsc#1011913).\n - i2c-designware: increase timeout (bsc#1011913).\n - i2c: designware: Never suspend i2c-busses used for accessing the system\n PMIC (bsc#1011913).\n - i2c: designware: Rename accessor_flags to flags (bsc#1011913).\n - kABI: protect struct iscsi_conn (kabi).\n - kABI: protect struct se_node_acl (kabi).\n - kABI: restore can_rx_register parameters (kabi).\n - kgr/module: make a taint flag module-specific (fate#313296).\n - kgr: remove all arch-specific kgraft header files (fate#313296).\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip\n (bsc#1028415).\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()\n (bsc#1028415).\n - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()\n (bsc#1028415).\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n - md/raid1: add rcu protection to rdev in fix_read_error (References:\n bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: handle flush request correctly\n (bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: Refactor raid1_make_request\n (bsc#998106,bsc#1020048,bsc#982783).\n - mm: fix set pageblock migratetype in deferred struct page init\n (bnc#1027195).\n - mm/page_alloc: Remove useless parameter of __free_pages_boot_core\n (bnc#1027195).\n - module: move add_taint_module() to a header file (fate#313296).\n - net/ena: change condition for host attribute configuration (bsc#1026509).\n - net/ena: change driver's default timeouts (bsc#1026509).\n - net: ena: change the return type of ena_set_push_mode() to be void\n (bsc#1026509).\n - net: ena: Fix error return code in ena_device_init() (bsc#1026509).\n - net/ena: fix ethtool RSS flow configuration (bsc#1026509).\n - net/ena: fix NULL dereference when removing the driver after device\n reset failed (bsc#1026509).\n - net/ena: fix potential access to freed memory during device reset\n (bsc#1026509).\n - net/ena: fix queues number calculation (bsc#1026509).\n - net/ena: fix RSS default hash configuration (bsc#1026509).\n - net/ena: reduce the severity of ena printouts (bsc#1026509).\n - net/ena: refactor ena_get_stats64 to be atomic context safe\n (bsc#1026509).\n - net/ena: remove ntuple filter support from device feature list\n (bsc#1026509).\n - net: ena: remove superfluous check in ena_remove() (bsc#1026509).\n - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509).\n - net/ena: update driver version to 1.1.2 (bsc#1026509).\n - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509).\n - net: ena: use setup_timer() and mod_timer() (bsc#1026509).\n - net/mlx4_core: Avoid command timeouts during VF driver device shutdown\n (bsc#1028017).\n - net/mlx4_core: Avoid delays during VF driver device shutdown\n (bsc#1028017).\n - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017).\n - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to\n VGT transitions (bsc#1028017).\n - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs\n (bsc#1028017).\n - net/mlx4_en: Fix bad WQE issue (bsc#1028017).\n - NFS: do not try to cross a mountpount when there isn't one there\n (bsc#1028041).\n - nvme: Do not suspend admin queue that wasn't created (bsc#1026505).\n - nvme: Suspend all queues before deletion (bsc#1026505).\n - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal\n (fate#320485, bug#1028217).\n - PCI: hv: Use device serial number as PCI domain (fate#320485,\n bug#1028217).\n - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).\n - RAID1: a new I/O barrier implementation to remove resync window\n (bsc#998106,bsc#1020048,bsc#982783).\n - RAID1: avoid unnecessary spin locks in I/O barrier code\n (bsc#998106,bsc#1020048,bsc#982783).\n - Revert "give up on gcc ilog2() constant optimizations" (kabi).\n - Revert "net: introduce device min_header_len" (kabi).\n - Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow"\n (bsc#1028017).\n - Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi).\n - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi).\n - Revert "target: Fix NULL dereference during LUN lookup + active I/O\n shutdown" (kabi).\n - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data\n (bsc#1026462).\n - s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573).\n - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683,\n LTC#152318).\n - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting\n (bsc#1018419).\n - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910).\n - scsi: do not print 'reservation conflict' for TEST UNIT READY\n (bsc#1027054).\n - softirq: Let ksoftirqd do its job (bsc#1019618).\n - supported.conf: Add tcp_westwood as supported module (fate#322432)\n - taint/module: Clean up global and module taint flags handling\n (fate#313296).\n - Update mainline reference in\n patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-ast_fb_create.patch S\n ee (bsc#1028158) for the context in which this was discovered upstream.\n - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866).\n - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994).\n - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405).\n - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405).\n - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913).\n - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier\n (bsc#1011913).\n - x86/platform: Remove warning message for duplicate NMI handlers\n (bsc#1029220).\n - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866).\n - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866).\n - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866).\n - x86/platform/UV: Clean up the NMI code to match current coding style\n (bsc#1023866).\n - x86/platform/UV: Clean up the UV APIC code (bsc#1023866).\n - x86/platform/UV: Ensure uv_system_init is called when necessary\n (bsc#1023866).\n - x86/platform/UV: Fix 2 socket config problem (bsc#1023866).\n - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866).\n - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source\n (bsc#1023866).\n - x86/platform/UV: Verify NMI action is valid, default is standard\n (bsc#1023866).\n - xen-blkfront: correct maximum segment accounting (bsc#1018263).\n - xen-blkfront: do not call talk_to_blkback when already connected to\n blkback.\n - xen/blkfront: Fix crash if backend does not follow the right states.\n - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.\n - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163).\n - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163).\n - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation\n (bsc#1015609).\n\n", "modified": "2017-04-01T15:11:17", "published": "2017-04-01T15:11:17", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00001.html", "id": "OPENSUSE-SU-2017:0907-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-01T13:17:35", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2017-7184", "CVE-2017-2584", "CVE-2016-10200", "CVE-2017-2636", "CVE-2017-6348", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-2596", "CVE-2017-6353", "CVE-2016-2117", "CVE-2017-6347"], "edition": 1, "description": "======================================================================\n Still left to do:\n - Check CVE descriptions. They need to be written in the past tense. They\n are processed automatically, THERE CAN BE ERRORS IN THERE!\n - Remove version numbers from the CVE descriptions\n - Check the capitalization of the subsystems, then sort again\n - For each CVE: Check the corresponding bug if everything is okay\n - If you remove CVEs or bugs: Do not forget to change the meta information\n - Determine which of the bugs after the CVE lines is the right one\n\n ======================================================================\n\n The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914).\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly manages lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178).\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability, as demonstrated\n during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10\n linux-image-* package 4.8.0.41.52 (bnc#1030573).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (double free) by setting the HDLC line discipline (bnc#1027565).\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls (bnc#1027190).\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux\n kernel allowed local users to cause a denial of service (use-after-free)\n or possibly have unspecified other impact via a multithreaded\n application that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in\n net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations\n about skb data layout, which allowed local users to cause a denial of\n service (buffer over-read) or possibly have unspecified other impact via\n crafted system calls, as demonstrated by use of the MSG_MORE flag in\n conjunction with loopback UDP transmission (bnc#1027179).\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1025235).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly\n enables scatter/gather I/O, which allowed remote attackers to obtain\n sensitive information from kernel memory by reading packet data\n (bnc#968697).\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the\n Linux kernel did not properly validate meta block groups, which allowed\n physically proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4 image\n (bnc#1023377).\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c\n in the Linux kernel improperly emulates the VMXON instruction, which\n allowed KVM L1 guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of page references\n (bnc#1022785).\n - CVE-2017-2583: The load_segment_descriptor implementation in\n arch/x86/kvm/emulate.c in the Linux kernel improperly emulates a "MOV\n SS, NULL selector" instruction, which allowed guest OS users to cause a\n denial of service (guest OS crash) or gain guest OS privileges via a\n crafted application (bnc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n\n The following non-security bugs were fixed:\n\n - Fix kABI breakage of musb struct in 4.1.39 (stable 4.1.39).\n - Revert "ptrace: Capture the ptracer's creds not PT_PTRACE_CAP" (stable\n 4.1.39).\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n - ext4: validate s_first_meta_bg at mount time (bsc#1023377).\n - kabi/severities: Ignore x86/kvm kABI changes for 4.1.39\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip\n (bsc#1028415).\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()\n (bsc#1028415).\n - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()\n (bsc#1028415).\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bsc#1030118).\n\n", "modified": "2017-04-01T15:07:45", "published": "2017-04-01T15:07:45", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00000.html", "id": "OPENSUSE-SU-2017:0906-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-05-05T13:19:32", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9191", "CVE-2017-7261", "CVE-2017-6074", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-6214", "CVE-2017-7374", "CVE-2017-7308", "CVE-2017-6345", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-2596", "CVE-2017-6353", "CVE-2017-7187", "CVE-2016-2117", "CVE-2017-6347"], "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive\n various security and bugfixes.\n\n Notable new/improved features:\n - Improved support for Hyper-V\n - Support for Matrox G200eH3\n - Support for tcp_westwood\n\n The following security bugs were fixed:\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel was too late in obtaining a certain lock and consequently could\n not ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted system calls\n (bnc#1031579).\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052).\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function (bnc#1030213).\n - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux\n kernel allowed local users to cause a denial of service (NULL pointer\n dereference) or possibly gain privileges by revoking keyring keys being\n used for ext4, f2fs, or ubifs encryption, causing cryptographic\n transform objects to be freed prematurely (bnc#1032006).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls (bnc#1027190).\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux\n kernel allowed local users to cause a denial of service (use-after-free)\n or possibly have unspecified other impact via a multithreaded\n application that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1027066).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly\n enables scatter/gather I/O, which allowed remote attackers to obtain\n sensitive information from kernel memory by reading packet data\n (bnc#968697).\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in\n net/ipv4/ip_sockglue.c in the Linux kernel had incorrect expectations\n about skb data layout, which allowed local users to cause a denial of\n service (buffer over-read) or possibly have unspecified other impact via\n crafted system calls, as demonstrated by use of the MSG_MORE flag in\n conjunction with loopback UDP transmission (bnc#1027179).\n - CVE-2016-9191: The cgroup offline implementation in the Linux kernel\n mishandled certain drain operations, which allowed local users to cause\n a denial of service (system hang) by leveraging access to a container\n environment for executing a crafted application (bnc#1008842).\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c\n in the Linux kernel improperly emulated the VMXON instruction, which\n allowed KVM L1 guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of page references\n (bnc#1022785).\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to obtain root privileges\n or cause a denial of service (double free) via an application that made\n an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n\n The following non-security bugs were fixed:\n\n - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819).\n - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819).\n - ACPI: Remove platform devices from a bus on removal (bsc#1028819).\n - HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL\n (bsc#1022340).\n - NFS: do not try to cross a mountpount when there isn't one there\n (bsc#1028041).\n - NFS: flush out dirty data on file fput() (bsc#1021762).\n - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal\n (bug#1028217).\n - PCI: hv: Use device serial number as PCI domain (bug#1028217).\n - RAID1: a new I/O barrier implementation to remove resync window\n (bsc#998106,bsc#1020048,bsc#982783).\n - RAID1: avoid unnecessary spin locks in I/O barrier code\n (bsc#998106,bsc#1020048,bsc#982783).\n - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi).\n - Revert "give up on gcc ilog2() constant optimizations" (kabi).\n - Revert "net/mlx4_en: Avoid unregister_netdev at shutdown flow"\n (bsc#1028017).\n - Revert "net: introduce device min_header_len" (kabi).\n - Revert "nfit, libnvdimm: fix interleave set cookie calculation" (kabi).\n - Revert "target: Fix NULL dereference during LUN lookup + active I/O\n shutdown" (kabi).\n - acpi, nfit: fix acpi_nfit_flush_probe() crash (bsc#1031717).\n - acpi, nfit: fix extended status translations for ACPI DSMs (bsc#1031717).\n - arm64: Use full path in KBUILD_IMAGE definition (bsc#1010032).\n - arm64: hugetlb: fix the wrong address for several functions\n (bsc#1032681).\n - arm64: hugetlb: fix the wrong return value for\n huge_ptep_set_access_flags (bsc#1032681).\n - arm64: hugetlb: remove the wrong pmd check in find_num_contig()\n (bsc#1032681).\n - arm: Use full path in KBUILD_IMAGE definition (bsc#1010032).\n - bnx2x: allow adding VLANs while interface is down (bsc#1027273).\n - bonding: fix 802.3ad aggregator reselection (bsc#1029514).\n - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614).\n - btrfs: allow unlink to exceed subvolume quota (bsc#1019614).\n - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641).\n - btrfs: incremental send, do not delay rename when parent inode is new\n (bsc#1028325).\n - btrfs: incremental send, do not issue invalid rmdir operations\n (bsc#1028325).\n - btrfs: qgroup: Move half of the qgroup accounting time out of commit\n trans (bsc#1017461).\n - btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1019614).\n - btrfs: send, fix failure to rename top level inode due to name collision\n (bsc#1028325).\n - btrfs: serialize subvolume mounts with potentially mismatching rw flags\n (bsc#951844 bsc#1024015)\n - cgroup/pids: remove spurious suspicious RCU usage warning (bnc#1031831).\n - crypto: algif_hash - avoid zero-sized array (bnc#1007962).\n - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692).\n - device-dax: fix private mapping restriction, permit read-only\n (bsc#1031717).\n - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913).\n - drm/i915: Fix crash after S3 resume with DP MST mode change\n (bsc#1029634).\n - drm/i915: Listen for PMIC bus access notifications (bsc#1011913).\n - drm/i915: Only enable hotplug interrupts if the display interrupts are\n enabled (bsc#1031717).\n - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959)\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755).\n - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755).\n - hv: export current Hyper-V clocksource (bsc#1031206).\n - hv: util: do not forget to init host_ts.lock (bsc#1031206).\n - hv: vmbus: Prevent sending data on a rescinded channel (bug#1028217).\n - hv_utils: implement Hyper-V PTP source (bsc#1031206).\n - i2c-designware: increase timeout (bsc#1011913).\n - i2c: designware-baytrail: Acquire P-Unit access on bus acquire\n (bsc#1011913).\n - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain\n (bsc#1011913).\n - i2c: designware-baytrail: Fix race when resetting the semaphore\n (bsc#1011913).\n - i2c: designware-baytrail: Only check iosf_mbi_available() for shared\n hosts (bsc#1011913).\n - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM\n method (bsc#1011913).\n - i2c: designware: Never suspend i2c-busses used for accessing the system\n PMIC (bsc#1011913).\n - i2c: designware: Rename accessor_flags to flags (bsc#1011913).\n - iommu/vt-d: Make sure IOMMUs are off when intel_iommu=off (bsc#1031208).\n - kABI: protect struct iscsi_conn (kabi).\n - kABI: protect struct se_node_acl (kabi).\n - kABI: restore can_rx_register parameters (kabi).\n - kgr/module: make a taint flag module-specific\n - kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662).\n - kgr: remove all arch-specific kgraft header files\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip\n (bsc#1028415).\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()\n (bsc#1028415).\n - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()\n (bsc#1028415).\n - l2tp: hold tunnel socket when handling control frames in l2tp_ip and\n l2tp_ip6 (bsc#1028415).\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n - libnvdimm, pfn: fix memmap reservation size versus 4K alignment\n (bsc#1031717).\n - locking/semaphore: Add down_interruptible_timeout() (bsc#1031662).\n - md/raid1: Refactor raid1_make_request\n (bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: add rcu protection to rdev in fix_read_error (References:\n bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783).\n - md/raid1: handle flush request correctly\n (bsc#998106,bsc#1020048,bsc#982783).\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).\n - mm/memblock.c: fix memblock_next_valid_pfn() (bnc#1031200).\n - mm/page_alloc: Remove useless parameter of __free_pages_boot_core\n (bnc#1027195).\n - mm: fix set pageblock migratetype in deferred struct page init\n (bnc#1027195).\n - mm: page_alloc: skip over regions of invalid pfns where possible\n (bnc#1031200).\n - module: move add_taint_module() to a header file\n - net/ena: change condition for host attribute configuration (bsc#1026509).\n - net/ena: change driver's default timeouts (bsc#1026509).\n - net/ena: fix NULL dereference when removing the driver after device\n reset failed (bsc#1026509).\n - net/ena: fix RSS default hash configuration (bsc#1026509).\n - net/ena: fix ethtool RSS flow configuration (bsc#1026509).\n - net/ena: fix potential access to freed memory during device reset\n (bsc#1026509).\n - net/ena: fix queues number calculation (bsc#1026509).\n - net/ena: reduce the severity of ena printouts (bsc#1026509).\n - net/ena: refactor ena_get_stats64 to be atomic context safe\n (bsc#1026509).\n - net/ena: remove ntuple filter support from device feature list\n (bsc#1026509).\n - net/ena: update driver version to 1.1.2 (bsc#1026509).\n - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509).\n - net/mlx4_core: Avoid command timeouts during VF driver device shutdown\n (bsc#1028017).\n - net/mlx4_core: Avoid delays during VF driver device shutdown\n (bsc#1028017).\n - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017).\n - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to\n VGT transitions (bsc#1028017).\n - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs\n (bsc#1028017).\n - net/mlx4_en: Fix bad WQE issue (bsc#1028017).\n - net: ena: Fix error return code in ena_device_init() (bsc#1026509).\n - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509).\n - net: ena: change the return type of ena_set_push_mode() to be void\n (bsc#1026509).\n - net: ena: remove superfluous check in ena_remove() (bsc#1026509).\n - net: ena: use setup_timer() and mod_timer() (bsc#1026509).\n - netfilter: allow logging from non-init namespaces (bsc#970083).\n - nvme: Do not suspend admin queue that wasn't created (bsc#1026505).\n - nvme: Suspend all queues before deletion (bsc#1026505).\n - ping: implement proper locking (bsc#1031003).\n - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).\n - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data\n (bsc#1026462).\n - s390/kmsg: add missing kmsg descriptions (bnc#1025683).\n - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683).\n - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting\n (bsc#1018419).\n - scsi: do not print 'reservation conflict' for TEST UNIT READY\n (bsc#1027054).\n - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910).\n - softirq: Let ksoftirqd do its job (bsc#1019618).\n - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405).\n - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866).\n - x86/ioapic: Change prototype of acpi_ioapic_add() (bsc#1027153,\n bsc#1027616).\n - x86/ioapic: Fix IOAPIC failing to request resource (bsc#1027153,\n bsc#1027616).\n - x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()\n (bsc#1027153, bsc#1027616).\n - x86/ioapic: Fix lost IOAPIC resource after hot-removal and hotadd\n (bsc#1027153, bsc#1027616).\n - x86/ioapic: Fix setup_res() failing to get resource (bsc#1027153,\n bsc#1027616).\n - x86/ioapic: Ignore root bridges without a companion ACPI device\n (bsc#1027153, bsc#1027616).\n - x86/ioapic: Simplify ioapic_setup_resources() (bsc#1027153, bsc#1027616).\n - x86/ioapic: Support hot-removal of IOAPICs present during boot\n (bsc#1027153, bsc#1027616).\n - x86/ioapic: fix kABI (hide added include) (bsc#1027153, bsc#1027616).\n - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994).\n - x86/mce: Fix copy/paste error in exception table entries\n - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405).\n - x86/platform/UV: Add Support for UV4 Hubless NMIs (bsc#1023866).\n - x86/platform/UV: Add Support for UV4 Hubless systems (bsc#1023866).\n - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866).\n - x86/platform/UV: Clean up the NMI code to match current coding style\n (bsc#1023866).\n - x86/platform/UV: Clean up the UV APIC code (bsc#1023866).\n - x86/platform/UV: Ensure uv_system_init is called when necessary\n (bsc#1023866).\n - x86/platform/UV: Fix 2 socket config problem (bsc#1023866).\n - x86/platform/UV: Fix panic with missing UVsystab support (bsc#1023866).\n - x86/platform/UV: Initialize PCH GPP_D_0 NMI Pin to be NMI source\n (bsc#1023866).\n - x86/platform/UV: Verify NMI action is valid, default is standard\n (bsc#1023866).\n - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier\n (bsc#1011913).\n - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913).\n - x86/platform: Remove warning message for duplicate NMI handlers\n (bsc#1029220).\n - x86/ras/therm_throt: Do not log a fake MCE for thermal events\n (bsc#1028027).\n - xen-blkfront: correct maximum segment accounting (bsc#1018263).\n - xen-blkfront: do not call talk_to_blkback when already connected to\n blkback.\n - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.\n - xen/blkfront: Fix crash if backend does not follow the right states.\n - xen/netback: set default upper limit of tx/rx queues to 8 (bnc#1019163).\n - xen/netfront: set default upper limit of tx/rx queues to 8 (bnc#1019163).\n - xen: Use machine addresses in /sys/kernel/vmcoreinfo when PV\n (bsc#1014136)\n - xfs: do not take the IOLOCK exclusive for direct I/O page invalidation\n (bsc#1015609).\n - xgene_enet: remove bogus forward declarations (bsc#1032673).\n\n", "edition": 1, "modified": "2017-05-05T15:11:30", "published": "2017-05-05T15:11:30", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00011.html", "id": "SUSE-SU-2017:1183-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-05-15T21:20:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7261", "CVE-2017-7184", "CVE-2017-6074", "CVE-2017-7616", "CVE-2015-3288", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-6348", "CVE-2015-8970", "CVE-2016-5243", "CVE-2017-6214", "CVE-2017-7308", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6353", "CVE-2017-7187"], "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n Notable new features:\n\n - Toleration of newer crypto hardware for z Systems\n - USB 2.0 Link power management for Haswell-ULT\n\n The following security bugs were fixed:\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted system calls\n (bnc#1031579)\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel was too late in obtaining a certain lock and consequently could\n not ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003)\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size\n data after an XFRM_MSG_NEWAE update, which allowed local users to obtain\n root privileges or cause a denial of service (heap-based out-of-bounds\n access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573).\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bsc#1024938).\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bsc#1033336).\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440)\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052)\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function (bnc#1030213)\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly managed lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178)\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914)\n - CVE-2015-3288: mm/memory.c in the Linux kernel mishandled anonymous\n pages, which allowed local users to gain privileges or cause a denial of\n service (page tainting) via a crafted application that triggers writing\n to page zero (bsc#979021).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415)\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not properly copy a\n certain string, which allowed local users to obtain sensitive\n information from kernel stack memory by reading a Netlink message\n (bnc#983212)\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application (bnc#1027066)\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722)\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to obtain root privileges\n or cause a denial of service (double free) via an application that made\n an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024)\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bsc#1025235)\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not\n verify that a setkey operation has been performed on an AF_ALG socket an\n accept system call is processed, which allowed local users to cause a\n denial of service (NULL pointer dereference and system crash) via a\n crafted application that does not supply a key, related to the lrw_crypt\n function in crypto/lrw.c (bsc#1008374).\n\n The following non-security bugs were fixed:\n\n - NFSD: do not risk using duplicate owner/file/delegation ids\n (bsc#1029212).\n - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#982783,\n bsc#1026260).\n - SUNRPC: Clean up the slot table allocation (bsc#1013862).\n - SUNRPC: Initalise the struct xprt upon allocation (bsc#1013862).\n - USB: cdc-acm: fix broken runtime suspend (bsc#1033771).\n - USB: cdc-acm: fix open and suspend race (bsc#1033771).\n - USB: cdc-acm: fix potential urb leak and PM imbalance in write\n (bsc#1033771).\n - USB: cdc-acm: fix runtime PM for control messages (bsc#1033771).\n - USB: cdc-acm: fix runtime PM imbalance at shutdown (bsc#1033771).\n - USB: cdc-acm: fix shutdown and suspend race (bsc#1033771).\n - USB: cdc-acm: fix write and resume race (bsc#1033771).\n - USB: cdc-acm: fix write and suspend race (bsc#1033771).\n - USB: hub: Fix crash after failure to read BOS descriptor\n - USB: serial: iuu_phoenix: fix NULL-deref at open (bsc#1033794).\n - USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256).\n - USB: serial: mos7720: fix NULL-deref at open (bsc#1033816).\n - USB: serial: mos7720: fix parallel probe (bsc#1033816).\n - USB: serial: mos7720: fix parport use-after-free on probe errors\n (bsc#1033816).\n - USB: serial: mos7720: fix use-after-free on probe errors (bsc#1033816).\n - USB: serial: mos7840: fix NULL-deref at open (bsc#1034026).\n - USB: xhci-mem: use passed in GFP flags instead of GFP_KERNEL\n (bsc#1023014).\n - Update metadata for serial fixes (bsc#1013070)\n - Use PF_LESS_THROTTLE in loop device thread (bsc#1027101).\n - clocksource: Remove "weak" from clocksource_default_clock() declaration\n (bnc#1013018).\n - dlm: backport "fix lvb invalidation conditions" (bsc#1005651).\n - drm/mgag200: Add support for G200e rev 4 (bnc#995542, comment #81)\n - enic: set skb->hash type properly (bsc#911105).\n - ext4: fix mballoc breakage with 64k block size (bsc#1013018).\n - ext4: fix stack memory corruption with 64k block size (bsc#1013018).\n - ext4: reject inodes with negative size (bsc#1013018).\n - fuse: initialize fc->release before calling it (bsc#1013018).\n - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx\n (bsc#985561).\n - i40e/i40evf: Fix mixed size frags and linearization (bsc#985561).\n - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per\n packet (bsc#985561).\n - i40e/i40evf: Rewrite logic for 8 descriptor per packet check\n (bsc#985561).\n - i40e: Fix TSO with more than 8 frags per segment issue (bsc#985561).\n - i40e: Impose a lower limit on gso size (bsc#985561).\n - i40e: Limit TX descriptor count in cases where frag size is greater than\n 16K (bsc#985561).\n - i40e: avoid null pointer dereference (bsc#909486).\n - jbd: Fix oops in journal_remove_journal_head() (bsc#1017143).\n - jbd: do not wait (forever) for stale tid caused by wraparound\n (bsc#1020229).\n - kABI: mask struct xfs_icdinode change (bsc#1024788).\n - kabi: Protect xfs_mount and xfs_buftarg (bsc#1024508).\n - kabi: fix (bsc#1008893).\n - lockd: use init_utsname for id encoding (bsc#1033804).\n - lockd: use rpc client's cl_nodename for id encoding (bsc#1033804).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - md/linear: shutup lockdep warnning (bsc#1018446).\n - mm/mempolicy.c: do not put mempolicy before using its nodemask\n (bnc#931620).\n - ocfs2: do not write error flag to user structure we cannot copy from/to\n (bsc#1013018).\n - ocfs2: fix crash caused by stale lvb with fsdlm plugin (bsc#1013800).\n - ocfs2: fix error return code in ocfs2_info_handle_freefrag()\n (bsc#1013018).\n - ocfs2: null deref on allocation error (bsc#1013018).\n - pciback: only check PF if actually dealing with a VF (bsc#999245).\n - pciback: use pci_physfn() (bsc#999245).\n - posix-timers: Fix stack info leak in timer_create() (bnc#1013018).\n - powerpc,cpuidle: Dont toggle CPUIDLE_FLAG_IGNORE while setting\n smt_snooze_delay (bsc#1023163).\n - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).\n - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM\n (bsc#1032141).\n - powerpc/fadump: Update fadump documentation (bsc#1032141).\n - powerpc/nvram: Fix an incorrect partition merge (bsc#1016489).\n - powerpc/vdso64: Use double word compare on pointers (bsc#1016489).\n - rcu: Call out dangers of expedited RCU primitives (bsc#1008893).\n - rcu: Direct algorithmic SRCU implementation (bsc#1008893).\n - rcu: Flip ->completed only once per SRCU grace period (bsc#1008893).\n - rcu: Implement a variant of Peter's SRCU algorithm (bsc#1008893).\n - rcu: Increment upper bit only for srcu_read_lock() (bsc#1008893).\n - rcu: Remove fast check path from __synchronize_srcu() (bsc#1008893).\n - s390/kmsg: add missing kmsg descriptions (bnc#1025702).\n - s390/vmlogrdr: fix IUCV buffer allocation (bnc#1025702).\n - s390/zcrypt: Introduce CEX6 toleration\n - sched/core: Fix TASK_DEAD race in finish_task_switch() (bnc#1013018).\n - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded\n systems (bnc#1013018).\n - scsi: zfcp: do not trace pure benign residual HBA responses at default\n level (bnc#1025702).\n - scsi: zfcp: fix rport unblock race with LUN recovery (bnc#1025702).\n - scsi: zfcp: fix use-after-"free" in FC ingress path after TMF\n (bnc#1025702).\n - scsi: zfcp: fix use-after-free by not tracing WKA port open/close on\n failed send (bnc#1025702).\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).\n - vfs: split generic splice code from i_mutex locking (bsc#1024788).\n - virtio_scsi: fix memory leak on full queue condition (bsc#1028880).\n - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065, bsc#1029770).\n - xen-blkfront: correct maximum segment accounting (bsc#1018263).\n - xen-blkfront: do not call talk_to_blkback when already connected to\n blkback.\n - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.\n - xfs: Fix lock ordering in splice write (bsc#1024788).\n - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788).\n - xfs: do not assert fail on non-async buffers on ioacct decrement\n (bsc#1024508).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: kill xfs_itruncate_start (bsc#1024788).\n - xfs: remove the i_new_size field in struct xfs_inode (bsc#1024788).\n - xfs: remove the i_size field in struct xfs_inode (bsc#1024788).\n - xfs: remove xfs_itruncate_data (bsc#1024788).\n - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).\n - xfs: split xfs_itruncate_finish (bsc#1024788).\n - xfs: split xfs_setattr (bsc#1024788).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n\n", "edition": 1, "modified": "2017-05-15T21:33:24", "published": "2017-05-15T21:33:24", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00043.html", "id": "SUSE-SU-2017:1301-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-05-11T19:19:57", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2017-7261", "CVE-2017-6074", "CVE-2016-7117", "CVE-2017-7616", "CVE-2016-3070", "CVE-2017-5970", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-6348", "CVE-2016-5243", "CVE-2017-6214", "CVE-2015-1350", "CVE-2017-7308", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353", "CVE-2017-7187", "CVE-2016-2117", "CVE-2016-10044", "CVE-2017-5897"], "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an\n incomplete set of requirements for setattr operations that\n underspecifies removing extended privilege attributes, which allowed\n local users to cause a denial of service (capability stripping) via a\n failed invocation of a system call, as demonstrated by using chown to\n remove a capability from the ping or Wireshark dumpcap program\n (bnc#914939).\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly\n enabled scatter/gather I/O, which allowed remote attackers to obtain\n sensitive information from kernel memory by reading packet data\n (bnc#968697).\n - CVE-2016-3070: The trace_writeback_dirty_page implementation in\n include/trace/events/writeback.h in the Linux kernel improperly\n interacted with mm/migrate.c, which allowed local users to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by triggering a certain page move\n (bnc#979215).\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not properly copy a\n certain string, which allowed local users to obtain sensitive\n information from kernel stack memory by reading a Netlink message\n (bnc#983212).\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP\n and #OF exceptions, which allowed guest OS users to cause a denial of\n service (guest OS crash) by declining to handle an exception thrown by\n an L2 guest (bnc#1015703).\n - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel\n did not properly restrict execute access, which made it easier for local\n users to bypass intended SELinux W^X policy restrictions, and\n consequently gain privileges, via an io_setup system call (bnc#1023992).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415).\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the\n Linux kernel did not properly validate meta block groups, which allowed\n physically proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4 image\n (bnc#1023377).\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel is too late in obtaining a certain lock and consequently cannot\n ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914).\n - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the\n Linux kernel allowed remote attackers to have unspecified impact via\n vectors involving GRE flags in an IPv6 packet, which trigger an\n out-of-bounds access (bnc#1023762).\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a\n denial of service (system crash) via (1) an application that made\n crafted system calls or possibly (2) IPv4 traffic with invalid IP\n options (bnc#1024938).\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bnc#1025235).\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to obtain root privileges\n or cause a denial of service (double free) via an application that made\n an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls (bnc#1027190).\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux\n kernel allowed local users to cause a denial of service (use-after-free)\n or possibly have unspecified other impact via a multithreaded\n application that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly managed lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178).\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1027066).\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function (bnc#1030213).\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052).\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted system calls\n (bnc#1031579).\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation (bnc#1033336).\n\n The following non-security bugs were fixed:\n\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n - hwrng: virtio - ensure reads happen after successful probe (bsc#954763\n bsc#1032344).\n - kgr/module: make a taint flag module-specific (fate#313296).\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip\n (bsc#1028415).\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()\n (bsc#1028415).\n - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()\n (bsc#1028415).\n - l2tp: hold tunnel socket when handling control frames in l2tp_ip and\n l2tp_ip6 (bsc#1028415).\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).\n - module: move add_taint_module() to a header file (fate#313296).\n - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149).\n - nfs: flush out dirty data on file fput() (bsc#1021762).\n - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).\n - powerpc: Reject binutils 2.24 when building little endian (boo#1028895).\n - revert "procfs: mark thread stack correctly in proc/<pid>/maps"\n (bnc#1030901).\n - taint/module: Clean up global and module taint flags handling\n (fate#313296).\n - usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).\n - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n\n", "edition": 1, "modified": "2017-05-11T21:09:07", "published": "2017-05-11T21:09:07", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00022.html", "id": "SUSE-SU-2017:1247-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-05-19T17:20:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2016-9604", "CVE-2016-9191", "CVE-2017-7261", "CVE-2017-6074", "CVE-2016-7117", "CVE-2017-7616", "CVE-2016-3070", "CVE-2017-7645", "CVE-2016-10200", "CVE-2017-2671", "CVE-2017-7294", "CVE-2017-6348", "CVE-2016-5243", "CVE-2017-6214", "CVE-2015-1350", "CVE-2017-7308", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353", "CVE-2017-8106", "CVE-2017-7187", "CVE-2016-2117", "CVE-2016-10044", "CVE-2017-5897"], "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive\n various security and bugfixes.\n\n Notable new/improved features:\n - Improved support for Hyper-V\n - Support for the tcp_westwood TCP scheduling algorithm\n\n The following security bugs were fixed:\n\n - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the\n Linux kernel allowed privileged KVM guest OS users to cause a denial of\n service (NULL pointer dereference and host OS crash) via a\n single-context INVEPT instruction with a NULL EPT pointer (bsc#1035877).\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed local users to cause\n a denial of service (NULL pointer dereference and OOPS) via a\n request_key system call for the "dead" type. (bsc#1029850).\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (NULL pointer\n dereference and system crash) via vectors involving a NULL value for a\n certain match field, related to the keyring_search_iterator function in\n keyring.c. (bsc#1030593)\n - CVE-2016-9604: This fixes handling of keyrings starting with '.' in\n KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to\n manipulate privileged keyrings (bsc#1035576)\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind\n compat syscalls in mm/mempolicy.c in the Linux kernel allowed local\n users to obtain sensitive information from uninitialized stack data by\n triggering failure of a certain bitmap operation. (bnc#1033336).\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux\n kernel allowed remote attackers to cause a denial of service (system\n crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670).\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in\n the Linux kernel did not properly validate certain block-size data,\n which allowed local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted system calls\n (bnc#1031579)\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux\n kernel was too late in obtaining a certain lock and consequently could\n not ensure that disconnect function calls are safe, which allowed local\n users to cause a denial of service (panic) by leveraging access to the\n protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003)\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n validate addition of certain levels data, which allowed local users to\n trigger an integer overflow and out-of-bounds write, and cause a denial\n of service (system hang or crash) or possibly gain privileges, via a\n crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440)\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not\n check for a zero value of certain levels data, which allowed local users\n to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and\n possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031052)\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allowed local users to cause a denial of service (stack-based\n buffer overflow) or possibly have unspecified other impact via a large\n command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function (bnc#1030213)\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanaged the #BP\n and #OF exceptions, which allowed guest OS users to cause a denial of\n service (guest OS crash) by declining to handle an exception thrown by\n an L2 guest (bsc#1015703).\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel\n did not restrict the address calculated by a certain rounding operation,\n which allowed local users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system call, by making\n crafted shmget and shmat system calls in a privileged context\n (bnc#1026914).\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in\n the Linux kernel allowed local users to gain privileges or cause a\n denial of service (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the SOCK_ZAPPED\n status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c\n (bnc#1028415)\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the\n Linux kernel did not properly validate meta block groups, which allowed\n physically proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4 image\n (bnc#1023377).\n - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the\n Linux kernel allowed remote attackers to have unspecified impact via\n vectors involving GRE flags in an IPv6 packet, which trigger an\n out-of-bounds access (bsc#1023762).\n - CVE-2017-5986: A race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bsc#1025235).\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c\n in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures\n in the LISTEN state, which allowed local users to obtain root privileges\n or cause a denial of service (double free) via an application that made\n an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024)\n - CVE-2016-9191: The cgroup offline implementation in the Linux kernel\n mishandled certain drain operations, which allowed local users to cause\n a denial of service (system hang) by leveraging access to a container\n environment for executing a crafted application (bnc#1008842)\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the\n Linux kernel improperly managed lock dropping, which allowed local users\n to cause a denial of service (deadlock) via crafted operations on IrDA\n devices (bnc#1027178).\n - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel\n did not properly restrict execute access, which made it easier for local\n users to bypass intended SELinux W^X policy restrictions, and\n consequently gain privileges, via an io_setup system call (bnc#1023992).\n - CVE-2016-3070: The trace_writeback_dirty_page implementation in\n include/trace/events/writeback.h in the Linux kernel improperly\n interacts with mm/migrate.c, which allowed local users to cause a denial\n of service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact by triggering a certain page move (bnc#979215).\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not properly copy a\n certain string, which allowed local users to obtain sensitive\n information from kernel stack memory by reading a Netlink message\n (bnc#983212).\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that\n a certain destructor exists in required circumstances, which allowed\n local users to cause a denial of service (BUG_ON) or possibly have\n unspecified other impact via crafted system calls (bnc#1027190)\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux\n kernel allowed local users to cause a denial of service (use-after-free)\n or possibly have unspecified other impact via a multithreaded\n application that made PACKET_FANOUT setsockopt system calls (bnc#1027189)\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly\n restrict association peel-off operations during certain wait states,\n which allowed local users to cause a denial of service (invalid unlock\n and double free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for CVE-2017-5986\n (bnc#1027066)\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in\n net/sctp/socket.c in the Linux kernel allowed local users to cause a\n denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state\n (bsc#1025235).\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel allowed remote attackers to cause a denial of service\n (infinite loop and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722)\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly\n enables scatter/gather I/O, which allowed remote attackers to obtain\n sensitive information from kernel memory by reading packet data\n (bnc#968697)\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an\n incomplete set of requirements for setattr operations that\n underspecifies removing extended privilege attributes, which allowed\n local users to cause a denial of service (capability stripping) via a\n failed invocation of a system call, as demonstrated by using chown to\n remove a capability from the ping or Wireshark dumpcap program\n (bsc#914939).\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bsc#1003077).\n\n The following non-security bugs were fixed:\n\n - ACPI / APEI: Fix NMI notification handling (bsc#917630).\n - arch: Mass conversion of smp_mb__*() (bsc#1020795).\n - asm-generic: add __smp_xxx wrappers (bsc#1020795).\n - block: remove struct request buffer member (bsc#1020795).\n - block: submit_bio_wait() conversions (bsc#1020795).\n - bonding: Advertize vxlan offload features when supported (bsc#1009682).\n - bonding: handle more gso types (bsc#1009682).\n - bonding: use the correct ether type for alb (bsc#1028595).\n - btrfs: allow unlink to exceed subvolume quota (bsc#1015821).\n - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1015821).\n - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls\n (bsc#1018100).\n - btrfs: make file clone aware of fatal signals (bsc#1015787).\n - btrfs: qgroups: Retry after commit on getting EDQUOT (bsc#1015821).\n - cancel the setfilesize transation when io error happen (bsc#1028648).\n - cgroup: remove stray references to css_id (bsc#1020795).\n - cpuidle: powernv/pseries: Auto-promotion of snooze to deeper idle state\n (bnc#1023164).\n - dm: add era target (bsc#1020795).\n - dm: allow remove to be deferred (bsc#1020795).\n - dm bitset: only flush the current word if it has been dirtied\n (bsc#1020795).\n - dm btree: add dm_btree_find_lowest_key (bsc#1020795).\n - dm cache: actually resize cache (bsc#1020795).\n - dm cache: add block sizes and total cache blocks to status output\n (bsc#1020795).\n - dm cache: add cache block invalidation support (bsc#1020795).\n - dm cache: add passthrough mode (bsc#1020795).\n - dm cache: add policy name to status output (bsc#1020795).\n - dm cache: add remove_cblock method to policy interface (bsc#1020795).\n - dm cache: be much more aggressive about promoting writes to discarded\n blocks (bsc#1020795).\n - dm cache: cache shrinking support (bsc#1020795).\n - dm cache: do not add migration to completed list before unhooking bio\n (bsc#1020795).\n - dm cache: fix a lock-inversion (bsc#1020795).\n - dm cache: fix truncation bug when mapping I/O to more than 2TB fast\n device (bsc#1020795).\n - dm cache: fix writethrough mode quiescing in cache_map (bsc#1020795).\n - dm cache: improve efficiency of quiescing flag management (bsc#1020795).\n - dm cache: io destined for the cache device can now serve as tick bios\n (bsc#1020795).\n - dm cache: log error message if dm_kcopyd_copy() fails (bsc#1020795).\n - dm cache metadata: check the metadata version when reading the\n superblock (bsc#1020795).\n - dm cache metadata: return bool from __superblock_all_zeroes\n (bsc#1020795).\n - dm cache: move hook_info into common portion of per_bio_data structure\n (bsc#1020795).\n - dm cache: optimize commit_if_needed (bsc#1020795).\n - dm cache policy mq: a few small fixes (bsc#1020795).\n - dm cache policy mq: fix promotions to occur as expected (bsc#1020795).\n - dm cache policy mq: implement writeback_work() and\n mq_{set,clear}_dirty() (bsc#1020795).\n - dm cache policy mq: introduce three promotion threshold tunables\n (bsc#1020795).\n - dm cache policy mq: protect residency method with existing mutex\n (bsc#1020795).\n - dm cache policy mq: reduce memory requirements (bsc#1020795).\n - dm cache policy mq: use list_del_init instead of list_del +\n INIT_LIST_HEAD (bsc#1020795).\n - dm cache policy: remove return from void policy_remove_mapping\n (bsc#1020795).\n - dm cache: promotion optimisation for writes (bsc#1020795).\n - dm cache: resolve small nits and improve Documentation (bsc#1020795).\n - dm cache: return -EINVAL if the user specifies unknown cache policy\n (bsc#1020795).\n - dm cache: use cell_defer() boolean argument consistently (bsc#1020795).\n - dm: change sector_count member in clone_info from sector_t to unsigned\n (bsc#1020795).\n - dm crypt: add TCW IV mode for old CBC TCRYPT containers (bsc#1020795).\n - dm crypt: properly handle extra key string in initialization\n (bsc#1020795).\n - dm delay: use per-bio data instead of a mempool and slab cache\n (bsc#1020795).\n - dm: fix Kconfig indentation (bsc#1020795).\n - dm: fix Kconfig menu indentation (bsc#1020795).\n - dm: make dm_table_alloc_md_mempools static (bsc#1020795).\n - dm mpath: do not call pg_init when it is already running (bsc#1020795).\n - dm mpath: fix lock order inconsistency in multipath_ioctl (bsc#1020795).\n - dm mpath: print more useful warnings in multipath_message()\n (bsc#1020795).\n - dm mpath: push back requests instead of queueing (bsc#1020795).\n - dm mpath: really fix lockdep warning (bsc#1020795).\n - dm mpath: reduce memory pressure when requeuing (bsc#1020795).\n - dm mpath: remove extra nesting in map function (bsc#1020795).\n - dm mpath: remove map_io() (bsc#1020795).\n - dm mpath: remove process_queued_ios() (bsc#1020795).\n - dm mpath: requeue I/O during pg_init (bsc#1020795).\n - dm persistent data: cleanup dm-thin specific references in text\n (bsc#1020795).\n - dm snapshot: call destroy_work_on_stack() to pair with\n INIT_WORK_ONSTACK() (bsc#1020795).\n - dm snapshot: fix metadata corruption (bsc#1020795).\n - dm snapshot: prepare for switch to using dm-bufio (bsc#1020795).\n - dm snapshot: use dm-bufio (bsc#1020795).\n - dm snapshot: use dm-bufio prefetch (bsc#1020795).\n - dm snapshot: use GFP_KERNEL when initializing exceptions (bsc#1020795).\n - dm space map disk: optimise sm_disk_dec_block (bsc#1020795).\n - dm space map metadata: limit errors in sm_metadata_new_block\n (bsc#1020795).\n - dm: stop using bi_private (bsc#1020795).\n - dm table: add dm_table_run_md_queue_async (bsc#1020795).\n - dm table: print error on preresume failure (bsc#1020795).\n - dm table: remove unused buggy code that extends the targets array\n (bsc#1020795).\n - dm thin: add error_if_no_space feature (bsc#1020795).\n - dm thin: add mappings to end of prepared_* lists (bsc#1020795).\n - dm thin: add 'no_space_timeout' dm-thin-pool module param (bsc#1020795).\n - dm thin: add timeout to stop out-of-data-space mode holding IO forever\n (bsc#1020795).\n - dm thin: allow metadata commit if pool is in PM_OUT_OF_DATA_SPACE mode\n (bsc#1020795).\n - dm thin: allow metadata space larger than supported to go unused\n (bsc#1020795).\n - dm thin: cleanup and improve no space handling (bsc#1020795).\n - dm thin: eliminate the no_free_space flag (bsc#1020795).\n - dm thin: ensure user takes action to validate data and metadata\n consistency (bsc#1020795).\n - dm thin: factor out check_low_water_mark and use bools (bsc#1020795).\n - dm thin: fix deadlock in __requeue_bio_list (bsc#1020795).\n - dm thin: fix noflush suspend IO queueing (bsc#1020795).\n - dm thin: fix out of data space handling (bsc#1020795).\n - dm thin: fix pool feature parsing (bsc#1020795).\n - dm thin: fix rcu_read_lock being held in code that can sleep\n (bsc#1020795).\n - dm thin: handle metadata failures more consistently (bsc#1020795).\n - dm thin: irqsave must always be used with the pool->lock spinlock\n (bsc#1020795).\n - dm thin: log info when growing the data or metadata device (bsc#1020795).\n - dm thin: requeue bios to DM core if no_free_space and in read-only mode\n (bsc#1020795).\n - dm thin: return error from alloc_data_block if pool is not in write mode\n (bsc#1020795).\n - dm thin: simplify pool_is_congested (bsc#1020795).\n - dm thin: sort the per thin deferred bios using an rb_tree (bsc#1020795).\n - dm thin: synchronize the pool mode during suspend (bsc#1020795).\n - dm thin: use bool rather than unsigned for flags in structures\n (bsc#1020795).\n - dm thin: use INIT_WORK_ONSTACK in noflush_work to avoid ODEBUG warning\n (bsc#1020795).\n - dm thin: use per thin device deferred bio lists (bsc#1020795).\n - dm: use RCU_INIT_POINTER instead of rcu_assign_pointer in __unbind\n (bsc#1020795).\n - drm/i915: relax uncritical udelay_range() (bsc#1038261).\n - ether: add loopback type ETH_P_LOOPBACK (bsc#1028595).\n - ext4: fix bh leak on error paths in ext4_rename() and\n ext4_cross_rename() (bsc#1012985).\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n - ext4: mark inode dirty after converting inline directory (bsc#1012985).\n - ftrace: Make ftrace_location_range() global (FATE#322421).\n - HID: usbhid: improve handling of Clear-Halt and reset (bsc#1031080).\n - hv: util: catch allocation errors\n - hv: utils: use memdup_user in hvt_op_write\n - hwrng: virtio - ensure reads happen after successful probe (bsc#954763\n bsc#1032344).\n - i40e: avoid null pointer dereference (bsc#922853).\n - i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx\n (bsc#985561).\n - i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per\n packet (bsc#985561).\n - i40e/i40evf: Rewrite logic for 8 descriptor per packet check\n (bsc#985561).\n - i40e: Impose a lower limit on gso size (bsc#985561).\n - i40e: Limit TX descriptor count in cases where frag size is greater than\n 16K (bsc#985561).\n - iommu/vt-d: Flush old iommu caches for kdump when the device gets\n context mapped (bsc#1023824).\n - iommu/vt-d: Tylersburg isoch identity map check is done too late\n (bsc#1032125).\n - ipv6: make ECMP route replacement less greedy (bsc#930399).\n - kabi: hide changes in struct sk_buff (bsc#1009682).\n - KABI: Hide new include in arch/powerpc/kernel/process.c (fate#322421).\n - kABI: mask struct xfs_icdinode change (bsc#1024788).\n - kABI: protect struct inet6_dev (kabi).\n - kABI: protect struct iscsi_conn (bsc#103470).\n - kABI: protect struct xfs_buftarg and struct xfs_mount (bsc#1024508).\n - kABI: restore can_rx_register parameters (kabi).\n - kernel/watchdog: use nmi registers snapshot in hardlockup handler\n (bsc#940946, bsc#937444).\n - kgr: Mark eeh_event_handler() kthread safe using a timeout (bsc#1031662).\n - kgr/module: make a taint flag module-specific\n - kgr: remove unneeded kgr_needs_lazy_migration() s390x definition\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip\n (bsc#1028415).\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()\n (bsc#1028415).\n - l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()\n (bsc#1028415).\n - l2tp: hold tunnel socket when handling control frames in l2tp_ip and\n l2tp_ip6 (bsc#1028415).\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n - livepatch: Allow architectures to specify an alternate ftrace location\n (FATE#322421).\n - locking/semaphore: Add down_interruptible_timeout() (bsc#1031662).\n - md: avoid oops on unload if some process is in poll or select\n (bsc#1020795).\n - md: Convert use of typedef ctl_table to struct ctl_table (bsc#1020795).\n - md: ensure metadata is writen after raid level change (bsc#1020795).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - md: md_clear_badblocks should return an error code on failure\n (bsc#1020795).\n - md: refuse to change shape of array if it is active but read-only\n (bsc#1020795).\n - megaraid_sas: add missing curly braces in ioctl handler (bsc#1023207).\n - megaraid_sas: Fixup tgtid count in megasas_ld_list_query() (bsc#971933).\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).\n - mm, memcg: do not retry precharge charges (bnc#1022559).\n - mm/mempolicy.c: do not put mempolicy before using its nodemask\n (References: VM Performance, bnc#931620).\n - mm/page_alloc: fix nodes for reclaim in fast path (bnc#1031842).\n - module: move add_taint_module() to a header file\n - net: Add skb_gro_postpull_rcsum to udp and vxlan (bsc#1009682).\n - net: add skb_pop_rcv_encapsulation (bsc#1009682).\n - net: Call skb_checksum_init in IPv4 (bsc#1009682).\n - net: Call skb_checksum_init in IPv6 (bsc#1009682).\n - netfilter: allow logging fron non-init netns (bsc#970083).\n - net: Generalize checksum_init functions (bsc#1009682).\n - net: Preserve CHECKSUM_COMPLETE at validation (bsc#1009682).\n - NFS: do not try to cross a mountpount when there isn't one there\n (bsc#1028041).\n - NFS: Expedite unmount of NFS auto-mounts (bnc#1025802).\n - NFS: Fix a performance regression in readdir (bsc#857926).\n - NFS: flush out dirty data on file fput() (bsc#1021762).\n - ocfs2: do not write error flag to user structure we cannot copy from/to\n (bsc#1012985).\n - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).\n - powerpc: Create a helper for getting the kernel toc value (FATE#322421).\n - powerpc/fadump: Fix the race in crash_fadump() (bsc#1022971).\n - powerpc/fadump: Reserve memory at an offset closer to bottom of RAM\n (bsc#1032141).\n - powerpc/fadump: Update fadump documentation (bsc#1032141).\n - powerpc/ftrace: Add Kconfig & Make glue for mprofile-kernel\n (FATE#322421).\n - powerpc/ftrace: Add support for -mprofile-kernel ftrace ABI\n (FATE#322421).\n - powerpc/ftrace: Use $(CC_FLAGS_FTRACE) when disabling ftrace\n (FATE#322421).\n - powerpc/ftrace: Use generic ftrace_modify_all_code() (FATE#322421).\n - powerpc: introduce TIF_KGR_IN_PROGRESS thread flag (FATE#322421).\n - powerpc/kgraft: Add kgraft header (FATE#322421).\n - powerpc/kgraft: Add kgraft stack to struct thread_info (FATE#322421).\n - powerpc/kgraft: Add live patching support on ppc64le (FATE#322421).\n - powerpc/module: Create a special stub for ftrace_caller() (FATE#322421).\n - powerpc/module: Mark module stubs with a magic value (FATE#322421).\n - powerpc/module: Only try to generate the ftrace_caller() stub once\n (FATE#322421).\n - powerpc/modules: Never restore r2 for a mprofile-kernel style mcount()\n call (FATE#322421).\n - powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530).\n - powerpc/pseries/cpuidle: Remove MAX_IDLE_STATE macro (bnc#1023164).\n - powerpc/pseries/cpuidle: Use cpuidle_register() for initialisation\n (bnc#1023164).\n - powerpc: Reject binutils 2.24 when building little endian (boo#1028895).\n - RAID1: avoid unnecessary spin locks in I/O barrier code\n (bsc#982783,bsc#1020048).\n - raid1: include bio_end_io_list in nr_queued to prevent freeze_array hang\n - remove mpath patches from dmcache backport, for bsc#1035738\n - revert "procfs: mark thread stack correctly in proc/PID/maps"\n (bnc#1030901).\n - Revert "RDMA/core: Fix incorrect structure packing for booleans" (kabi).\n - rtnetlink: allow to register ops without ops->setup set (bsc#1021374).\n - s390/zcrypt: Introduce CEX6 toleration (FATE#321783, LTC#147506,\n bsc#1019514).\n - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting\n (bsc#1018419).\n - scsi_error: count medium access timeout only once per EH run\n (bsc#993832, bsc#1032345).\n - scsi: libiscsi: add lock around task lists to fix list corruption\n regression (bsc#1034700).\n - scsi: storvsc: fix SRB_STATUS_ABORTED handling\n - sfc: reduce severity of PIO buffer alloc failures (bsc#1019168).\n - svcrpc: fix gss-proxy NULL dereference in some error cases (bsc#1024309).\n - taint/module: Clean up global and module taint flags handling\n - tcp: abort orphan sockets stalling on zero window probes (bsc#1021913).\n - thp: fix MADV_DONTNEED vs. numa balancing race (bnc#1027974).\n - thp: reduce indentation level in change_huge_pmd() (bnc#1027974).\n - treewide: fix "distingush" typo (bsc#1020795).\n - tree-wide: use reinit_completion instead of INIT_COMPLETION\n (bsc#1020795).\n - usb: dwc3: gadget: Fix incorrect DEPCMD and DGCMD status macros\n (bsc#1035699).\n - usb: host: xhci: print correct command ring address (bnc#1035699).\n - USB: serial: kl5kusb105: fix line-state error handling (bsc#1021256).\n - vfs: Do not exchange "short" filenames unconditionally (bsc#1012985).\n - vfs: split generic splice code from i_mutex locking (bsc#1024788).\n - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).\n - VSOCK: Detach QP check should filter out non matching QPs (bsc#1036752).\n - vxlan: cancel sock_work in vxlan_dellink() (bsc#1031567).\n - vxlan: Checksum fixes (bsc#1009682).\n - vxlan: GRO support at tunnel layer (bsc#1009682).\n - xen-blkfront: correct maximum segment accounting (bsc#1018263).\n - xen-blkfront: do not call talk_to_blkback when already connected to\n blkback.\n - xen-blkfront: free resources if xlvbd_alloc_gendisk fails.\n - xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n - xfs: do not allow di_size with high bit set (bsc#1024234).\n - xfs: do not assert fail on non-async buffers on ioacct decrement\n (bsc#1024508).\n - xfs: exclude never-released buffers from buftarg I/O accounting\n (bsc#1024508).\n - xfs: fix broken multi-fsb buffer logging (bsc#1024081).\n - xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n - xfs: Fix lock ordering in splice write (bsc#1024788).\n - xfs: fix up xfs_swap_extent_forks inline extent handling (bsc#1023888).\n - xfs: Make xfs_icdinode->di_dmstate atomic_t (bsc#1024788).\n - xfs: pass total block res. as total xfs_bmapi_write() parameter\n (bsc#1029470).\n - xfs: replace global xfslogd wq with per-mount wq (bsc#1024508).\n - xfs: track and serialize in-flight async buffers against unmount\n (bsc#1024508).\n\n", "edition": 1, "modified": "2017-05-19T18:10:39", "published": "2017-05-19T18:10:39", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html", "id": "SUSE-SU-2017:1360-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2016-8646", "CVE-2017-5986", "CVE-2017-7308"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)\n\n* Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)\n\n* A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)\n\n* It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. (CVE-2017-5986, Moderate)\n\nRed Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section.", "modified": "2018-04-12T03:32:55", "published": "2017-05-25T17:27:24", "id": "RHSA-2017:1308", "href": "https://access.redhat.com/errata/RHSA-2017:1308", "type": "redhat", "title": "(RHSA-2017:1308) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10088", "CVE-2016-9576", "CVE-2016-9588", "CVE-2017-5986", "CVE-2017-6074"], "description": "Arch Linux Security Advisory ASA-201702-17\n==========================================\n\nSeverity: High\nDate : 2017-02-22\nCVE-ID : CVE-2016-10088 CVE-2016-9588 CVE-2017-5986 CVE-2017-6074\nPackage : linux\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-178\n\nSummary\n=======\n\nThe package linux before version 4.9.11-1 is vulnerable to multiple\nissues including privilege escalation and denial of service.\n\nResolution\n==========\n\nUpgrade to 4.9.11-1.\n\n# pacman -Syu \"linux>=4.9.11-1\"\n\nThe problems have been fixed upstream in version 4.9.11.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-10088 (privilege escalation)\n\nThe sg implementation in the Linux kernel through 4.9 does not properly\nrestrict write operations in situations where the KERNEL_DS option is\nset, which allows local users to read or write to arbitrary kernel\nmemory locations or cause a denial of service (use-after-free) by\nleveraging access to a /dev/sg device, related to block/bsg.c and\ndrivers/scsi/sg.c. NOTE: this vulnerability exists because of an\nincomplete fix for CVE-2016-9576.\n\n- CVE-2016-9588 (denial of service)\n\nLinux kernel built with the KVM visualization support (CONFIG_KVM),\nwith nested visualization(nVMX) feature enabled(nested=1), is\nvulnerable to an uncaught exception issue. It could occur if an L2\nguest was to throw an exception which is not handled by an L1 guest.\n\n- CVE-2017-5986 (denial of service)\n\nIt was reported that with Linux kernel, earlier than version v4.10-rc8,\nan application may trigger a BUG_ON in sctp_wait_for_sndbuf if the\nsocket tx buffer is full, a thread is waiting on it to queue more data,\nand meanwhile another thread peels off the association being used by\nthe first thread. This issue may then lead to a segmentation fault\nresulting in denial of service.\n\n- CVE-2017-6074 (privilege escalation)\n\nA use-after-free vulnerability has been discovered in the DCCP\nimplementation in the Linux kernel. The dccp_rcv_state_process function\nin net/dccp/input.c in the Linux kernel through 4.9.11 mishandles\nDCCP_PKT_REQUEST packet data structures in the LISTEN state. A local\nunprivileged user could use this flaw to alter the kernel memory,\nallowing them to escalate their privileges on the system via an\napplication that makes an IPV6_RECVPKTINFO setsockopt system call.\n\nImpact\n======\n\nA local unprivileged attacker is able to perform a denial of service\nattack or escalate their privileges on the system.\n\nReferences\n==========\n\nhttps://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90\nhttp://seclists.org/oss-sec/2017/q1/432\nhttps://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4\nhttps://patchwork.ozlabs.org/patch/728808/\nhttps://security.archlinux.org/CVE-2016-10088\nhttps://security.archlinux.org/CVE-2016-9588\nhttps://security.archlinux.org/CVE-2017-5986\nhttps://security.archlinux.org/CVE-2017-6074", "modified": "2017-02-22T00:00:00", "published": "2017-02-22T00:00:00", "id": "ASA-201702-17", "href": "https://security.archlinux.org/ASA-201702-17", "type": "archlinux", "title": "[ASA-201702-17] linux: multiple issues", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10088", "CVE-2016-9576", "CVE-2016-9588", "CVE-2017-5986", "CVE-2017-6074"], "description": "Arch Linux Security Advisory ASA-201702-18\n==========================================\n\nSeverity: High\nDate : 2017-02-22\nCVE-ID : CVE-2016-10088 CVE-2016-9588 CVE-2017-5986 CVE-2017-6074\nPackage : linux-zen\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-186\n\nSummary\n=======\n\nThe package linux-zen before version 4.9.11-2 is vulnerable to multiple\nissues including privilege escalation and denial of service.\n\nResolution\n==========\n\nUpgrade to 4.9.11-2.\n\n# pacman -Syu \"linux-zen>=4.9.11-2\"\n\nThe problems have been fixed upstream in version 4.9.11.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2016-10088 (privilege escalation)\n\nThe sg implementation in the Linux kernel through 4.9 does not properly\nrestrict write operations in situations where the KERNEL_DS option is\nset, which allows local users to read or write to arbitrary kernel\nmemory locations or cause a denial of service (use-after-free) by\nleveraging access to a /dev/sg device, related to block/bsg.c and\ndrivers/scsi/sg.c. NOTE: this vulnerability exists because of an\nincomplete fix for CVE-2016-9576.\n\n- CVE-2016-9588 (denial of service)\n\nLinux kernel built with the KVM visualization support (CONFIG_KVM),\nwith nested visualization(nVMX) feature enabled(nested=1), is\nvulnerable to an uncaught exception issue. It could occur if an L2\nguest was to throw an exception which is not handled by an L1 guest.\n\n- CVE-2017-5986 (denial of service)\n\nIt was reported that with Linux kernel, earlier than version v4.10-rc8,\nan application may trigger a BUG_ON in sctp_wait_for_sndbuf if the\nsocket tx buffer is full, a thread is waiting on it to queue more data,\nand meanwhile another thread peels off the association being used by\nthe first thread. This issue may then lead to a segmentation fault\nresulting in denial of service.\n\n- CVE-2017-6074 (privilege escalation)\n\nA use-after-free vulnerability has been discovered in the DCCP\nimplementation in the Linux kernel. The dccp_rcv_state_process function\nin net/dccp/input.c in the Linux kernel through 4.9.11 mishandles\nDCCP_PKT_REQUEST packet data structures in the LISTEN state. A local\nunprivileged user could use this flaw to alter the kernel memory,\nallowing them to escalate their privileges on the system via an\napplication that makes an IPV6_RECVPKTINFO setsockopt system call.\n\nImpact\n======\n\nA local unprivileged attacker is able to perform a denial of service\nattack or escalate their privileges on the system.\n\nReferences\n==========\n\nhttps://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90\nhttp://seclists.org/oss-sec/2017/q1/432\nhttps://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4\nhttps://patchwork.ozlabs.org/patch/728808/\nhttps://security.archlinux.org/CVE-2016-10088\nhttps://security.archlinux.org/CVE-2016-9588\nhttps://security.archlinux.org/CVE-2017-5986\nhttps://security.archlinux.org/CVE-2017-6074", "modified": "2017-02-22T00:00:00", "published": "2017-02-22T00:00:00", "id": "ASA-201702-18", "href": "https://security.archlinux.org/ASA-201702-18", "type": "archlinux", "title": "[ASA-201702-18] linux-zen: multiple issues", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:39:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-7308", "CVE-2016-8646", "CVE-2017-5986"], "description": "**CentOS Errata and Security Advisory** CESA-2017:1308\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)\n\n* Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)\n\n* A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)\n\n* It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. (CVE-2017-5986, Moderate)\n\nRed Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646.\n\nAdditional Changes:\n\nThis update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-May/034479.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-1308.html", "edition": 4, "modified": "2017-05-26T02:33:51", "published": "2017-05-26T02:33:51", "href": "http://lists.centos.org/pipermail/centos-announce/2017-May/034479.html", "id": "CESA-2017:1308", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-7308", "CVE-2016-8646", "CVE-2017-5986", "CVE-2017-6353"], "description": "- [3.10.0-514.21.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.21.1]\n- [kernel] sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (Gustavo Duarte) [1441547 1423400]\n- [drivers] Set dev->device_rh to NULL after free (Prarit Bhargava) [1441544 1414064]\n- [security] keys: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) [1441287 1408330]\n- [security] keys: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags (David Howells) [1441287 1408330]\n- [net] packet: fix overflow in check for tp_reserve (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [net] packet: fix overflow in check for tp_frame_nr (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [net] packet: fix overflow in check for priv area size (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [powerpc] pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (Steve Best) [1439812 1423396]\n- [netdrv] fjes: Fix wrong netdevice feature flags (Yasuaki Ishimatsu) [1439802 1435603]\n- [kernel] mlx5e: Implement Fragmented Work Queue (WQ) (Don Dutile) [1439164 1368400]\n- [netdrv] mlx5e: Copy all L2 headers into inline segment (Don Dutile) [1439161 1383013]\n- [nvdimm] fix PHYS_PFN/PFN_PHYS mixup (Jeff Moyer) [1439160 1428115]\n- [s390] scsi: zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1433413 1421750]\n- [fs] gfs2: Avoid alignment hole in struct lm_lockname (Robert S Peterson) [1432554 1425450]\n- [fs] gfs2: Add missing rcu locking for glock lookup (Robert S Peterson) [1432554 1425450]\n- [fs] ext4: fix fencepost in s_first_meta_bg validation (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [fs] ext4: sanity check the block and cluster size at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [fs] ext4: validate s_first_meta_bg at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}\n- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}\n- [x86] perf/x86/intel/rapl: Make package handling more robust (Jiri Olsa) [1443902 1418688]\n- [x86] perf/x86/intel/rapl: Convert to hotplug state machine (Jiri Olsa) [1443902 1418688]\n- [x86] perf/x86: Set pmu->module in Intel PMU modules (Jiri Olsa) [1443902 1418688]\n- [kernel] sched/core, x86/topology: Fix NUMA in package topology bug (Jiri Olsa) [1441645 1369832]\n- [kernel] sched: Allow hotplug notifiers to be setup early (Jiri Olsa) [1441645 1369832]\n- [x86] x86/smpboot: Make logical package management more robust (Prarit Bhargava) [1441643 1414054]\n- [x86] x86/cpu: Deal with broken firmware (VMWare/XEN) (Prarit Bhargava) [1441643 1414054]\n- [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]\n- [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- [block] fix use-after-free in seq file (Denys Vlasenko) [1418550 1418551] {CVE-2016-7910}\n- [crypto] algif_hash - Only export and import on sockets with data (Herbert Xu) [1394101 1387632] {CVE-2016-8646}\n- [char] hwrng: core - sleep interruptible in read (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - correct error check of kthread_run call (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Move hwrng_init call into set_current_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Drop current rng in set_current_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Do not register device opportunistically (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Fix current_rng init/cleanup race yet again (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Use struct completion for cleanup_done (Amit Shah) [1443503 1376397]\n- [char] hwrng: don't init list element we're about to add to list (Amit Shah) [1443503 1376397]\n- [char] hwrng: don't double-check old_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: fix unregister race (Amit Shah) [1443503 1376397]\n- [char] hwrng: use reference counts on each struct hwrng (Amit Shah) [1443503 1376397]\n- [char] hwrng: move some code out mutex_lock for avoiding underlying deadlock (Amit Shah) [1443503 1376397]\n- [char] hwrng: place mutex around read functions and buffers (Amit Shah) [1443503 1376397]\n- [char] virtio-rng: skip reading when we start to remove the device (Amit Shah) [1443503 1376397]\n- [char] virtio-rng: fix stuck of hot-unplugging busy device (Amit Shah) [1443503 1376397]\n- [infiniband] ib/mlx5: Resolve soft lock on massive reg MRs (Don Dutile) [1444347 1417285]\n[3.10.0-514.20.1]\n- [powerpc] fadump: Fix the race in crash_fadump() (Steve Best) [1439810 1420077]\n- [kernel] locking/mutex: Explicitly mark task as running after wakeup (Gustavo Duarte) [1439803 1423397]\n- [netdrv] ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (Ken Cox) [1438421 1383524]\n- [fs] nfsv4.0: always send mode in SETATTR after EXCLUSIVE4 (Benjamin Coddington) [1437967 1415780]\n- [net] fix creation adjacent device symlinks (Adrian Reber) [1436646 1412898]\n- [net] prevent of emerging cross-namespace symlinks (Adrian Reber) [1436646 1412898]\n- [netdrv] macvlan: unregister net device when netdev_upper_dev_link() fails (Adrian Reber) [1436646 1412898]\n- [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1435764 1394172]\n- [infiniband] ib/uverbs: Fix race between uverbs_close and remove_one (Don Dutile) [1435187 1417284]\n- [fs] gfs2: Prevent BUG from occurring when normal Withdraws occur (Robert S Peterson) [1433882 1404005]\n- [fs] jbd2: fix incorrect unlock on j_list_lock (Lukas Czerner) [1433881 1403346]\n- [fs] xfs: don't wrap ID in xfs_dq_get_next_id (Eric Sandeen) [1433415 1418182]\n- [net] tcp/dccp: avoid starving bh on connect (Paolo Abeni) [1433320 1401419]\n- [fs] xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [1432154 1412945]\n- [x86] kvm: vmx: handle PML full VMEXIT that occurs during event delivery (Radim Krcmar) [1431666 1421296]\n- [virt] kvm: vmx: ensure VMCS is current while enabling PML (Radim Krcmar) [1431666 1421296]\n- [net] ip_tunnel: Create percpu gro_cell (Jiri Benc) [1431197 1424076]\n- [x86] kvm: x86: do not save guest-unsupported XSAVE state (Radim Krcmar) [1431150 1401767]\n- [scsi] mpt3sas: Force request partial completion alignment (Tomas Henzl) [1430809 1418286]\n[3.10.0-514.19.1]\n- [fs] gfs2: Wake up io waiters whenever a flush is done (Robert S Peterson) [1437126 1404301]\n- [fs] gfs2: Made logd daemon take into account log demand (Robert S Peterson) [1437126 1404301]\n- [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1437126 1404301]\n- [net] ipv6: addrconf: fix dev refcont leak when DAD failed (Hangbin Liu) [1436588 1416105]\n[3.10.0-514.18.1]\n- [net] ipv6: don't increase size when refragmenting forwarded ipv6 skbs (Florian Westphal) [1434589 1430571]\n- [net] bridge: drop netfilter fake rtable unconditionally (Florian Westphal) [1434589 1430571]\n- [net] ipv6: avoid write to a possibly cloned skb (Florian Westphal) [1434589 1430571]\n- [net] netfilter: bridge: honor frag_max_size when refragmenting (Florian Westphal) [1434589 1430571]\n- [net] bridge: Add br_netif_receive_skb remove netif_receive_skb_sk (Ivan Vecera) [1434589 1352289]\n[3.10.0-514.17.1]\n- [netdrv] i40e: Be much more verbose about what we can and cannot offload (Stefan Assmann) [1433273 1383521]\n- [kernel] watchdog: prevent false hardlockup on overloaded system (Don Zickus) [1433267 1399881]\n- [net] dccp/tcp: fix routing redirect race (Eric Garver) [1433265 1387485]", "edition": 4, "modified": "2017-05-26T00:00:00", "published": "2017-05-26T00:00:00", "id": "ELSA-2017-1308", "href": "http://linux.oracle.com/errata/ELSA-2017-1308.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-30T19:22:11", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-7308", "CVE-2016-8646", "CVE-2017-5986", "CVE-2017-6353"], "description": "- [3.10.0-514.21.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514.21.1.el7]\n- [kernel] sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (Gustavo Duarte) [1441547 1423400]\n- [drivers] Set dev->device_rh to NULL after free (Prarit Bhargava) [1441544 1414064]\n- [security] keys: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) [1441287 1408330]\n- [security] keys: Simplify KEYRING_SEARCH_{NO, DO}_STATE_CHECK flags (David Howells) [1441287 1408330]\n- [net] packet: fix overflow in check for tp_reserve (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [net] packet: fix overflow in check for tp_frame_nr (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [net] packet: fix overflow in check for priv area size (Hangbin Liu) [1441171 1441172] {CVE-2017-7308}\n- [powerpc] pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (Steve Best) [1439812 1423396]\n- [netdrv] fjes: Fix wrong netdevice feature flags (Yasuaki Ishimatsu) [1439802 1435603]\n- [kernel] mlx5e: Implement Fragmented Work Queue (WQ) (Don Dutile) [1439164 1368400]\n- [netdrv] mlx5e: Copy all L2 headers into inline segment (Don Dutile) [1439161 1383013]\n- [nvdimm] fix PHYS_PFN/PFN_PHYS mixup (Jeff Moyer) [1439160 1428115]\n- [s390] scsi: zfcp: fix rport unblock race with LUN recovery (Hendrik Brueckner) [1433413 1421750]\n- [fs] gfs2: Avoid alignment hole in struct lm_lockname (Robert S Peterson) [1432554 1425450]\n- [fs] gfs2: Add missing rcu locking for glock lookup (Robert S Peterson) [1432554 1425450]\n- [fs] ext4: fix fencepost in s_first_meta_bg validation (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [fs] ext4: sanity check the block and cluster size at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [fs] ext4: validate s_first_meta_bg at mount time (Lukas Czerner) [1430969 1332503] {CVE-2016-10208}\n- [net] sctp: deny peeloff operation on asocs with threads sleeping on it (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}\n- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1429496 1429497] {CVE-2017-5986 CVE-2017-6353}\n- [x86] perf/x86/intel/rapl: Make package handling more robust (Jiri Olsa) [1443902 1418688]\n- [x86] perf/x86/intel/rapl: Convert to hotplug state machine (Jiri Olsa) [1443902 1418688]\n- [x86] perf/x86: Set pmu->module in Intel PMU modules (Jiri Olsa) [1443902 1418688]\n- [kernel] sched/core, x86/topology: Fix NUMA in package topology bug (Jiri Olsa) [1441645 1369832]\n- [kernel] sched: Allow hotplug notifiers to be setup early (Jiri Olsa) [1441645 1369832]\n- [x86] x86/smpboot: Make logical package management more robust (Prarit Bhargava) [1441643 1414054]\n- [x86] x86/cpu: Deal with broken firmware (VMWare/XEN) (Prarit Bhargava) [1441643 1414054]\n- [x86] perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code (Prarit Bhargava) [1426633 1373738]\n- [x86] revert 'perf/uncore: Disable uncore on kdump kernel' (Prarit Bhargava) [1426633 1373738]\n- [x86] smpboot: Init apic mapping before usage (Prarit Bhargava) [1426633 1373738]\n- [x86] smp: Don't try to poke disabled/non-existent APIC (Prarit Bhargava) [1426633 1373738]\n- [x86] Handle non enumerated CPU after physical hotplug (Prarit Bhargava) [1426633 1373738]\n- [block] fix use-after-free in seq file (Denys Vlasenko) [1418550 1418551] {CVE-2016-7910}\n- [crypto] algif_hash - Only export and import on sockets with data (Herbert Xu) [1394101 1387632] {CVE-2016-8646}\n- [char] hwrng: core - sleep interruptible in read (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - correct error check of kthread_run call (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Move hwrng_init call into set_current_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Drop current rng in set_current_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Do not register device opportunistically (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Fix current_rng init/cleanup race yet again (Amit Shah) [1443503 1376397]\n- [char] hwrng: core - Use struct completion for cleanup_done (Amit Shah) [1443503 1376397]\n- [char] hwrng: don't init list element we're about to add to list (Amit Shah) [1443503 1376397]\n- [char] hwrng: don't double-check old_rng (Amit Shah) [1443503 1376397]\n- [char] hwrng: fix unregister race (Amit Shah) [1443503 1376397]\n- [char] hwrng: use reference counts on each struct hwrng (Amit Shah) [1443503 1376397]\n- [char] hwrng: move some code out mutex_lock for avoiding underlying deadlock (Amit Shah) [1443503 1376397]\n- [char] hwrng: place mutex around read functions and buffers (Amit Shah) [1443503 1376397]\n- [char] virtio-rng: skip reading when we start to remove the device (Amit Shah) [1443503 1376397]\n- [char] virtio-rng: fix stuck of hot-unplugging busy device (Amit Shah) [1443503 1376397]\n- [infiniband] ib/mlx5: Resolve soft lock on massive reg MRs (Don Dutile) [1444347 1417285]\n[3.10.0-514.20.1.el7]\n- [powerpc] fadump: Fix the race in crash_fadump() (Steve Best) [1439810 1420077]\n- [kernel] locking/mutex: Explicitly mark task as running after wakeup (Gustavo Duarte) [1439803 1423397]\n- [netdrv] ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths (Ken Cox) [1438421 1383524]\n- [fs] nfsv4.0: always send mode in SETATTR after EXCLUSIVE4 (Benjamin Coddington) [1437967 1415780]\n- [net] fix creation adjacent device symlinks (Adrian Reber) [1436646 1412898]\n- [net] prevent of emerging cross-namespace symlinks (Adrian Reber) [1436646 1412898]\n- [netdrv] macvlan: unregister net device when netdev_upper_dev_link() fails (Adrian Reber) [1436646 1412898]\n- [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1435764 1394172]\n- [infiniband] ib/uverbs: Fix race between uverbs_close and remove_one (Don Dutile) [1435187 1417284]\n- [fs] gfs2: Prevent BUG from occurring when normal Withdraws occur (Robert S Peterson) [1433882 1404005]\n- [fs] jbd2: fix incorrect unlock on j_list_lock (Lukas Czerner) [1433881 1403346]\n- [fs] xfs: don't wrap ID in xfs_dq_get_next_id (Eric Sandeen) [1433415 1418182]\n- [net] tcp/dccp: avoid starving bh on connect (Paolo Abeni) [1433320 1401419]\n- [fs] xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [1432154 1412945]\n- [x86] kvm: vmx: handle PML full VMEXIT that occurs during event delivery (Radim Krcmar) [1431666 1421296]\n- [virt] kvm: vmx: ensure VMCS is current while enabling PML (Radim Krcmar) [1431666 1421296]\n- [net] ip_tunnel: Create percpu gro_cell (Jiri Benc) [1431197 1424076]\n- [x86] kvm: x86: do not save guest-unsupported XSAVE state (Radim Krcmar) [1431150 1401767]\n- [scsi] mpt3sas: Force request partial completion alignment (Tomas Henzl) [1430809 1418286]\n[3.10.0-514.19.1.el7]\n- [fs] gfs2: Wake up io waiters whenever a flush is done (Robert S Peterson) [1437126 1404301]\n- [fs] gfs2: Made logd daemon take into account log demand (Robert S Peterson) [1437126 1404301]\n- [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1437126 1404301]\n- [net] ipv6: addrconf: fix dev refcont leak when DAD failed (Hangbin Liu) [1436588 1416105]\n[3.10.0-514.18.1.el7]\n- [net] ipv6: don't increase size when refragmenting forwarded ipv6 skbs (Florian Westphal) [1434589 1430571]\n- [net] bridge: drop netfilter fake rtable unconditionally (Florian Westphal) [1434589 1430571]\n- [net] ipv6: avoid write to a possibly cloned skb (Florian Westphal) [1434589 1430571]\n- [net] netfilter: bridge: honor frag_max_size when refragmenting (Florian Westphal) [1434589 1430571]\n- [net] bridge: Add br_netif_receive_skb remove netif_receive_skb_sk (Ivan Vecera) [1434589 1352289]\n[3.10.0-514.17.1.el7]\n- [netdrv] i40e: Be much more verbose about what we can and cannot offload (Stefan Assmann) [1433273 1383521]\n- [kernel] watchdog: prevent false hardlockup on overloaded system (Don Zickus) [1433267 1399881]\n- [net] dccp/tcp: fix routing redirect race (Eric Garver) [1433265 1387485]", "edition": 6, "modified": "2017-05-26T00:00:00", "published": "2017-05-26T00:00:00", "id": "ELSA-2017-1308-1", "href": "http://linux.oracle.com/errata/ELSA-2017-1308-1.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:52", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2017-7184", "CVE-2016-7910", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-5986", "CVE-2017-6347"], "description": "kernel-uek\n[4.1.12-61.1.34]\n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25698171] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25698171] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25698171] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719659] {CVE-2017-2583} {CVE-2017-2583}\n- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: reserve code points for the project quota feature (Theodore Ts'o) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719728] {CVE-2016-10208}\n- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25719728] {CVE-2016-10208}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719793] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720805] {CVE-2017-6214}\n- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25720839] {CVE-2017-6347}\n- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25720839] {CVE-2017-6347}\n- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25720839] {CVE-2017-6347}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814641] {CVE-2017-7184}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877509] {CVE-2016-7910}", "edition": 4, "modified": "2017-04-13T00:00:00", "published": "2017-04-13T00:00:00", "id": "ELSA-2017-3539", "href": "http://linux.oracle.com/errata/ELSA-2017-3539.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10208", "CVE-2016-2782", "CVE-2017-7895", "CVE-2017-7184", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-10088", "CVE-2015-6252", "CVE-2015-9731", "CVE-2015-5257", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-5669", "CVE-2017-2647", "CVE-2017-5986", "CVE-2016-10229", "CVE-2017-7187", "CVE-2016-10142", "CVE-2016-9644"], "description": "kernel-uek\n[3.8.13-118.18.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895}\n[3.8.13-118.18.1]\n- fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] \n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549809] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549809] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809] \n- VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug: 25559937] \n- VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] {CVE-2017-2583} {CVE-2017-2583}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] {CVE-2016-10208}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720813] {CVE-2017-6214}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083] \n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797052] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug: 25823962] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] {CVE-2015-5257} {CVE-2015-5257}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187}", "edition": 4, "modified": "2017-05-16T00:00:00", "published": "2017-05-16T00:00:00", "id": "ELSA-2017-3566", "href": "http://linux.oracle.com/errata/ELSA-2017-3566.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2782", "CVE-2017-7895", "CVE-2017-7184", "CVE-2016-7910", "CVE-2016-8633", "CVE-2017-6074", "CVE-2016-8399", "CVE-2015-1420", "CVE-2016-10088", "CVE-2015-6252", "CVE-2015-9731", "CVE-2015-5257", "CVE-2017-2636", "CVE-2017-2583", "CVE-2016-7425", "CVE-2017-6214", "CVE-2016-4485", "CVE-2016-4482", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-2647", "CVE-2017-5986", "CVE-2016-3140", "CVE-2016-10229", "CVE-2013-7446", "CVE-2017-7187", "CVE-2016-10142", "CVE-2015-5707", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-8645", "CVE-2015-6937", "CVE-2015-4700"], "description": "[2.6.39-400.295.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895}\n[2.6.39-400.295.1]\n- ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719676] {CVE-2017-2583} {CVE-2017-2583}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719811] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720815] {CVE-2017-6214}\n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796604] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797014] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797056] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (David Howells) [Orabug: 25823965] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825107] {CVE-2015-5257}\n- RDS: fix race condition when sending a message on unbound socket (Quentin Casasnovas) [Orabug: 25871048] {CVE-2015-6937} {CVE-2015-6937}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udf: Treat symlink component of type 2 as / (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910}\n- RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187}\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636}\n- list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636}\n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345}\n- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074}\n- vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] \n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}", "edition": 4, "modified": "2017-05-16T00:00:00", "published": "2017-05-16T00:00:00", "id": "ELSA-2017-3567", "href": "http://linux.oracle.com/errata/ELSA-2017-3567.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:09:24", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "description": "Package : linux\nVersion : 3.2.86-1\nCVE ID : CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986 \n CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 \n CVE-2017-6353\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\n\n Jim Mattson discovered that the KVM implementation for Intel x86\n processors does not properly handle #BP and #OF exceptions in an\n L2 (nested) virtual machine. A local attacker in an L2 guest VM\n can take advantage of this flaw to cause a denial of service for\n the L1 guest VM.\n\nCVE-2017-2636\n\n Alexander Popov discovered a race condition flaw in the n_hdlc\n line discipline that can lead to a double free. A local\n unprivileged user can take advantage of this flaw for privilege\n escalation. On systems that do not already have the n_hdlc module\n loaded, this can be mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\nCVE-2017-5669\n\n Gareth Evans reported that privileged users can map memory at\n address 0 through the shmat() system call. This could make it\n easier to exploit other kernel security vulnerabilities via a\n set-UID program.\n\nCVE-2017-5986\n\n Alexander Popov reported a race condition in the SCTP\n implementation that can be used by local users to cause a\n denial-of-service (crash). The initial fix for this was incorrect\n and introduced further security issues (CVE-2017-6353). This\n update includes a later fix that avoids those. On systems that do\n not already have the sctp module loaded, this can be mitigated by\n disabling it:\n echo >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\n Dmitry Vyukov reported a bug in the TCP implementation's handling\n of urgent data in the splice() system call. This can be used by a\n remote attacker for denial-of-service (hang) against applications\n that read from TCP sockets with splice().\n\nCVE-2017-6345\n\n Andrey Konovalov reported that the LLC type 2 implementation\n incorrectly assigns socket buffer ownership. This might be usable\n by a local user to cause a denial-of-service (memory corruption or\n crash) or privilege escalation. On systems that do not already have\n the llc2 module loaded, this can be mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\n Dmitry Vyukov reported a race condition in the raw packet (af_packet)\n fanout feature. Local users with the CAP_NET_RAW capability (in any\n user namespace) can use this for denial-of-service and possibly for\n privilege escalation.\n\nCVE-2017-6348\n\n Dmitry Vyukov reported that the general queue implementation in\n the IrDA subsystem does not properly manage multiple locks,\n possibly allowing local users to cause a denial-of-service\n (deadlock) via crafted operations on IrDA devices.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.86-1.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 7, "modified": "2017-03-09T12:06:36", "published": "2017-03-09T12:06:36", "id": "DEBIAN:DLA-849-1:12807", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201703/msg00007.html", "title": "[SECURITY] [DLA 849-1] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T00:58:35", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3804-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 08, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2016-9588 CVE-2017-2636 CVE-2017-5669 CVE-2017-5986 \n CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 \n CVE-2017-6353\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\n\n Jim Mattson discovered that the KVM implementation for Intel x86\n processors does not properly handle #BP and #OF exceptions in an\n L2 (nested) virtual machine. A local attacker in an L2 guest VM\n can take advantage of this flaw to cause a denial of service for\n the L1 guest VM.\n\nCVE-2017-2636\n\n Alexander Popov discovered a race condition flaw in the n_hdlc\n line discipline that can lead to a double free. A local\n unprivileged user can take advantage of this flaw for privilege\n escalation. On systems that do not already have the n_hdlc module\n loaded, this can be mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\nCVE-2017-5669\n\n Gareth Evans reported that privileged users can map memory at\n address 0 through the shmat() system call. This could make it\n easier to exploit other kernel security vulnerabilities via a\n set-UID program.\n\nCVE-2017-5986\n\n Alexander Popov reported a race condition in the SCTP\n implementation that can be used by local users to cause a\n denial-of-service (crash). The initial fix for this was incorrect\n and introduced further security issues (CVE-2017-6353). This\n update includes a later fix that avoids those. On systems that do\n not already have the sctp module loaded, this can be mitigated by\n disabling it:\n echo >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\n Dmitry Vyukov reported a bug in the TCP implementation's handling\n of urgent data in the splice() system call. This can be used by a\n remote attacker for denial-of-service (hang) against applications\n that read from TCP sockets with splice().\n\nCVE-2017-6345\n\n Andrey Konovalov reported that the LLC type 2 implementation\n incorrectly assigns socket buffer ownership. This can be used\n by a local user to cause a denial-of-service (crash). On systems\n that do not already have the llc2 module loaded, this can be\n mitigated by disabling it:\n echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\n Dmitry Vyukov reported a race condition in the raw packet (af_packet)\n fanout feature. Local users with the CAP_NET_RAW capability (in any\n user namespace) can use this for denial-of-service and possibly for\n privilege escalation.\n\nCVE-2017-6348\n\n Dmitry Vyukov reported that the general queue implementation in\n the IrDA subsystem does not properly manage multiple locks,\n possibly allowing local users to cause a denial-of-service\n (deadlock) via crafted operations on IrDA devices.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 18, "modified": "2017-03-08T17:00:25", "published": "2017-03-08T17:00:25", "id": "DEBIAN:DSA-3804-1:E7F94", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00059.html", "title": "[SECURITY] [DSA 3804-1] linux security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "software", "cvelist": ["CVE-2017-5970", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-7374", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-5897"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-7374](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7374>))\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. ([CVE-2017-5897](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5897>))\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. ([CVE-2017-5970](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5970>))\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. ([CVE-2017-5669](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5669>))\n\nAlexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-5986](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5986>))\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. ([CVE-2017-6214](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6214>))\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). ([CVE-2017-6345](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6345>))\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ([CVE-2017-6346](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6346>))\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ([CVE-2017-6347](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6347>))\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). ([CVE-2017-6348](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6348>))\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3151.x versions prior to 3151.16\n * 3263.x versions prior to 3263.24\n * 3312.x versions prior to 3312.24\n * 3363.x versions prior to 3363.20\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3151.x versions to 3151.16 or later\n * Upgrade 3263.x versions to 3263.24 or later\n * Upgrade 3312.x versions to 3312.24 or later\n * Upgrade 3363.x versions to 3363.20 or later\n * All other stemcells should be upgraded to the latest version.\n\n# References\n\n * [USN-3265-2](<http://www.ubuntu.com/usn/usn-3265-2/>)\n * [CVE-2017-7374](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7374>)\n * [CVE-2017-5897](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5897>)\n * [CVE-2017-5970](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5970>)\n * [CVE-2017-5669](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5669>)\n * [CVE-2017-5986](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5986>)\n * [CVE-2017-6214](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6214>)\n * [CVE-2017-6345](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6345>)\n * [CVE-2017-6346](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6346>)\n * [CVE-2017-6347](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6347>)\n * [CVE-2017-6348](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6348>)\n", "edition": 5, "modified": "2017-05-01T00:00:00", "published": "2017-05-01T00:00:00", "id": "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "href": "https://www.cloudfoundry.org/blog/usn-3265-2/", "title": "USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
