Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leak.
CVE-2015-7513
It was discovered that a local user permitted to use the x86 KVM
subsystem could configure the PIT emulation to cause a denial of
service (crash).
CVE-2015-7550
Dmitry Vyukov discovered a race condition in the keyring subsystem
that allows a local user to cause a denial of service (crash).
CVE-2015-8543
It was discovered that a local user permitted to create raw sockets
could cause a denial-of-service by specifying an invalid protocol
number for the socket. The attacker must have the CAP_NET_RAW
capability.
CVE-2015-8550
Felix Wilhelm of ERNW discovered that the Xen PV backend drivers
may read critical data from shared memory multiple times. This
flaw can be used by a guest kernel to cause a denial of service
(crash) on the host, or possibly for privilege escalation.
CVE-2015-8551 / CVE-2015-8552
Konrad Rzeszutek Wilk of Oracle discovered that the Xen PCI
backend driver does not adequately validate the device state when
a guest configures MSIs. This flaw can be used by a guest kernel
to cause a denial of service (crash or disk space exhaustion) on
the host.
CVE-2015-8569
Dmitry Vyukov discovered a flaw in the PPTP sockets implementation
that leads to an information leak to local users.
CVE-2015-8575
David Miller discovered a flaw in the Bluetooth SCO sockets
implementation that leads to an information leak to local users.
CVE-2015-8709
Jann Horn discovered a flaw in the permission checks for use of
the ptrace feature. A local user who has the CAP_SYS_PTRACE
capability within their own user namespace could use this flaw for
privilege escalation if a more privileged process ever enters that
user namespace. This affects at least the LXC system.
In addition, this update fixes some regressions in the previous update:
808293
A regression in the UDP implementation prevented freeradius and
some other applications from receiving data.
808602 / #808953
A regression in the USB XHCI driver prevented use of some devices
in USB 3 SuperSpeed ports.
808973
A fix to the radeon driver interacted with an existing bug to
cause a crash at boot when using some AMD/ATI graphics cards.
This issue only affects wheezy.
For the oldstable distribution (wheezy), these problems have been fixed
in version 3.2.73-2+deb7u2. The oldstable distribution (wheezy) is not
affected by CVE-2015-8709.
For the stable distribution (jessie), these problems have been fixed in
version 3.16.7-ckt20-1+deb8u2. CVE-2015-8543 was already fixed in
version 3.16.7-ckt20-1+deb8u1.
For the unstable distribution (sid), these problems have been fixed in
version 4.3.3-3 or earlier.
We recommend that you upgrade your linux packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
{"id": "DEBIAN:DSA-3434-1:98A31", "bulletinFamily": "unix", "title": "[SECURITY] [DSA 3434-1] linux security update", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3434-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nJanuary 05, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-7513 CVE-2015-7550 CVE-2015-8543 CVE-2015-8550\n CVE-2015-8551 CVE-2015-8552 CVE-2015-8569 CVE-2015-8575\n CVE-2015-8709\nDebian Bug : 808293 808602 808953 808973\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak.\n\nCVE-2015-7513\n\n It was discovered that a local user permitted to use the x86 KVM\n subsystem could configure the PIT emulation to cause a denial of\n service (crash).\n\nCVE-2015-7550\n\n Dmitry Vyukov discovered a race condition in the keyring subsystem\n that allows a local user to cause a denial of service (crash).\n\nCVE-2015-8543\n\n It was discovered that a local user permitted to create raw sockets\n could cause a denial-of-service by specifying an invalid protocol\n number for the socket. The attacker must have the CAP_NET_RAW\n capability.\n\nCVE-2015-8550\n\n Felix Wilhelm of ERNW discovered that the Xen PV backend drivers\n may read critical data from shared memory multiple times. This\n flaw can be used by a guest kernel to cause a denial of service\n (crash) on the host, or possibly for privilege escalation.\n\nCVE-2015-8551 / CVE-2015-8552\n\n Konrad Rzeszutek Wilk of Oracle discovered that the Xen PCI\n backend driver does not adequately validate the device state when\n a guest configures MSIs. This flaw can be used by a guest kernel\n to cause a denial of service (crash or disk space exhaustion) on\n the host.\n\nCVE-2015-8569\n\n Dmitry Vyukov discovered a flaw in the PPTP sockets implementation\n that leads to an information leak to local users.\n\nCVE-2015-8575\n\n David Miller discovered a flaw in the Bluetooth SCO sockets\n implementation that leads to an information leak to local users.\n\nCVE-2015-8709\n\n Jann Horn discovered a flaw in the permission checks for use of\n the ptrace feature. A local user who has the CAP_SYS_PTRACE\n capability within their own user namespace could use this flaw for\n privilege escalation if a more privileged process ever enters that\n user namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update:\n\n#808293\n\n A regression in the UDP implementation prevented freeradius and\n some other applications from receiving data.\n\n#808602 / #808953\n\n A regression in the USB XHCI driver prevented use of some devices\n in USB 3 SuperSpeed ports.\n\n#808973\n\n A fix to the radeon driver interacted with an existing bug to\n cause a crash at boot when using some AMD/ATI graphics cards.\n This issue only affects wheezy.\n\nFor the oldstable distribution (wheezy), these problems have been fixed\nin version 3.2.73-2+deb7u2. The oldstable distribution (wheezy) is not\naffected by CVE-2015-8709.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u2. CVE-2015-8543 was already fixed in\nversion 3.16.7-ckt20-1+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.3.3-3 or earlier.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "published": "2016-01-05T19:19:00", "modified": "2016-01-05T19:19:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00003.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8709"], "type": "debian", "lastseen": "2020-08-12T01:09:36", "edition": 19, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2016-0168-1.NASL", "DEBIAN_DSA-3434.NASL", "UBUNTU_USN-2846-1.NASL", "UBUNTU_USN-2854-1.NASL", "OPENSUSE-2016-116.NASL", "UBUNTU_USN-2850-1.NASL", "UBUNTU_USN-2849-1.NASL", "UBUNTU_USN-2847-1.NASL", "UBUNTU_USN-2851-1.NASL", "UBUNTU_USN-2848-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842624", "OPENVAS:1361412562310703434", "OPENVAS:1361412562310851179", "OPENVAS:1361412562310842625", "OPENVAS:703434", "OPENVAS:1361412562310842650", "OPENVAS:1361412562310842631", "OPENVAS:1361412562310851159", "OPENVAS:1361412562310807102", "OPENVAS:1361412562310842622"]}, {"type": "suse", "idList": ["SUSE-SU-2016:0911-1", "SUSE-SU-2016:0168-1", "SUSE-SU-2016:0585-1", "OPENSUSE-SU-2016:0318-1", "OPENSUSE-SU-2016:0280-1", "SUSE-SU-2016:1102-1"]}, {"type": "cve", "idList": ["CVE-2015-8551", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8709", "CVE-2015-8550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-7550"]}, {"type": "ubuntu", "idList": ["USN-2851-1", "USN-2849-1", "USN-2853-1", "USN-2888-1", "USN-2847-1", "USN-2846-1", "USN-2850-1", "USN-2848-1", "USN-2854-1", "USN-2890-2"]}, {"type": "f5", "idList": ["SOL07560020", "F5:K07560020"]}, {"type": "fedora", "idList": ["FEDORA:0D267606CFB3", "FEDORA:C7C84604E909", "FEDORA:E8A1B605F1FB", "FEDORA:BAFAB6087824"]}, {"type": "debian", "idList": ["DEBIAN:DLA-378-1:26763", "DEBIAN:DSA-3426-2:305C5"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:15914764000DDC203CA1C6352FDFCDC2"]}, {"type": "xen", "idList": ["XSA-155", "XSA-157"]}], "modified": "2020-08-12T01:09:36", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-08-12T01:09:36", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-686-pae_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-686-pae", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-all-i386_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-all-i386", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-all-armel_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-all-armel", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-586_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-586", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-586_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-586", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-orion5x_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-orion5x", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-ixp4xx_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-ixp4xx", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "xen-linux-system-3.16.0-10-amd64_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "xen-linux-system-3.16.0-10-amd64", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-armmp_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-armmp", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-kirkwood_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-kirkwood", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-all-amd64_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-all-amd64", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-armmp_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-armmp", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-ixp4xx_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-ixp4xx", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-kirkwood_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-kirkwood", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-orion5x_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-orion5x", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-common_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-common", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-compiler-gcc-4.8-arm_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-compiler-gcc-4.8-arm", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-686-pae_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-686-pae", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-ixp4xx_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-ixp4xx", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-ixp4xx_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-ixp4xx", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-686-pae_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-686-pae", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-all-amd64_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-all-amd64", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-compiler-gcc-4.9-x86_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-compiler-gcc-4.9-x86", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-586_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-586", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-all_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-all", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-all-i386_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-all-i386", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-586_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-586", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-versatile_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-versatile", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-libc-dev_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-libc-dev", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-686-pae-dbg_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-686-pae-dbg", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-support-3.16.0-10_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-support-3.16.0-10", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-amd64-dbg_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-amd64-dbg", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-orion5x_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-orion5x", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-armmp-lpae_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-armmp-lpae", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-orion5x_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-orion5x", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-doc-3.16_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-doc-3.16", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-amd64_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-amd64", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-armmp_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-armmp", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-armmp-lpae_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-armmp-lpae", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-all-armhf_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-all-armhf", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-all-armel_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-all-armel", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-686-pae_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-686-pae", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-common_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-common", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-kirkwood_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-kirkwood", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-amd64_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-amd64", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-source-3.16_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-source-3.16", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-amd64-dbg_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-amd64-dbg", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-armmp-lpae_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-armmp-lpae", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-versatile_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-versatile", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "7", "arch": "all", "operator": "lt", "packageFilename": "linux_3.2.73-2+deb7u2_all.deb", "packageName": "linux", "packageVersion": "3.2.73-2+deb7u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-versatile_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-versatile", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-amd64_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-amd64", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-all_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-all", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-11-armmp-lpae_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-11-armmp-lpae", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-versatile_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-versatile", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-10-686-pae-dbg_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-10-686-pae-dbg", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-amd64_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-amd64", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "xen-linux-system-3.16.0-11-amd64_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "xen-linux-system-3.16.0-11-amd64", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-armmp_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-armmp", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-manual-3.16_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-manual-3.16", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-image-3.16.0-11-kirkwood_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-image-3.16.0-11-kirkwood", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-headers-3.16.0-10-all-armhf_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-headers-3.16.0-10-all-armhf", "packageVersion": "3.16.7-ckt20-1+deb8u2"}, {"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "linux-support-3.16.0-11_3.16.7-ckt20-1+deb8u2_all.deb", "packageName": "linux-support-3.16.0-11", "packageVersion": "3.16.7-ckt20-1+deb8u2"}], "scheme": null}
{"nessus": [{"lastseen": "2021-01-12T09:49:21", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak.\n\n - CVE-2015-7513\n It was discovered that a local user permitted to use the\n x86 KVM subsystem could configure the PIT emulation to\n cause a denial of service (crash).\n\n - CVE-2015-7550\n Dmitry Vyukov discovered a race condition in the keyring\n subsystem that allows a local user to cause a denial of\n service (crash).\n\n - CVE-2015-8543\n It was discovered that a local user permitted to create\n raw sockets could cause a denial-of-service by\n specifying an invalid protocol number for the socket.\n The attacker must have the CAP_NET_RAW capability.\n\n - CVE-2015-8550\n Felix Wilhelm of ERNW discovered that the Xen PV backend\n drivers may read critical data from shared memory\n multiple times. This flaw can be used by a guest kernel\n to cause a denial of service (crash) on the host, or\n possibly for privilege escalation.\n\n - CVE-2015-8551 / CVE-2015-8552\n Konrad Rzeszutek Wilk of Oracle discovered that the Xen\n PCI backend driver does not adequately validate the\n device state when a guest configures MSIs. This flaw can\n be used by a guest kernel to cause a denial of service\n (crash or disk space exhaustion) on the host.\n\n - CVE-2015-8569\n Dmitry Vyukov discovered a flaw in the PPTP sockets\n implementation that leads to an information leak to\n local users.\n\n - CVE-2015-8575\n David Miller discovered a flaw in the Bluetooth SCO\n sockets implementation that leads to an information leak\n to local users.\n\n - CVE-2015-8709\n Jann Horn discovered a flaw in the permission checks for\n use of the ptrace feature. A local user who has the\n CAP_SYS_PTRACE capability within their own user\n namespace could use this flaw for privilege escalation\n if a more privileged process ever enters that user\n namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update\n:\n\n - #808293\n A regression in the UDP implementation prevented\n freeradius and some other applications from receiving\n data.\n\n - #808602 / #808953\n\n A regression in the USB XHCI driver prevented use of\n some devices in USB 3 SuperSpeed ports.\n\n - #808973\n\n A fix to the radeon driver interacted with an existing\n bug to cause a crash at boot when using some AMD/ATI\n graphics cards. This issue only affects wheezy.", "edition": 25, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-01-06T00:00:00", "title": "Debian DSA-3434-1 : linux - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8709"], "modified": "2016-01-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:linux"], "id": "DEBIAN_DSA-3434.NASL", "href": "https://www.tenable.com/plugins/nessus/87741", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3434. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87741);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7513\", \"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8709\");\n script_xref(name:\"DSA\", value:\"3434\");\n\n script_name(english:\"Debian DSA-3434-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleak.\n\n - CVE-2015-7513\n It was discovered that a local user permitted to use the\n x86 KVM subsystem could configure the PIT emulation to\n cause a denial of service (crash).\n\n - CVE-2015-7550\n Dmitry Vyukov discovered a race condition in the keyring\n subsystem that allows a local user to cause a denial of\n service (crash).\n\n - CVE-2015-8543\n It was discovered that a local user permitted to create\n raw sockets could cause a denial-of-service by\n specifying an invalid protocol number for the socket.\n The attacker must have the CAP_NET_RAW capability.\n\n - CVE-2015-8550\n Felix Wilhelm of ERNW discovered that the Xen PV backend\n drivers may read critical data from shared memory\n multiple times. This flaw can be used by a guest kernel\n to cause a denial of service (crash) on the host, or\n possibly for privilege escalation.\n\n - CVE-2015-8551 / CVE-2015-8552\n Konrad Rzeszutek Wilk of Oracle discovered that the Xen\n PCI backend driver does not adequately validate the\n device state when a guest configures MSIs. This flaw can\n be used by a guest kernel to cause a denial of service\n (crash or disk space exhaustion) on the host.\n\n - CVE-2015-8569\n Dmitry Vyukov discovered a flaw in the PPTP sockets\n implementation that leads to an information leak to\n local users.\n\n - CVE-2015-8575\n David Miller discovered a flaw in the Bluetooth SCO\n sockets implementation that leads to an information leak\n to local users.\n\n - CVE-2015-8709\n Jann Horn discovered a flaw in the permission checks for\n use of the ptrace feature. A local user who has the\n CAP_SYS_PTRACE capability within their own user\n namespace could use this flaw for privilege escalation\n if a more privileged process ever enters that user\n namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update\n:\n\n - #808293\n A regression in the UDP implementation prevented\n freeradius and some other applications from receiving\n data.\n\n - #808602 / #808953\n\n A regression in the USB XHCI driver prevented use of\n some devices in USB 3 SuperSpeed ports.\n\n - #808973\n\n A fix to the radeon driver interacted with an existing\n bug to cause a crash at boot when using some AMD/ATI\n graphics cards. This issue only affects wheezy.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8709\"\n );\n # https://bugs.debian.org/808293\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808293\"\n );\n # https://bugs.debian.org/808602\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808602\"\n );\n # https://bugs.debian.org/808953\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808953\"\n );\n # https://bugs.debian.org/808973\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3434\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 3.2.73-2+deb7u2. The oldstable distribution (wheezy)\nis not affected by CVE-2015-8709.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt20-1+deb8u2. CVE-2015-8543 was already fixed in\nversion 3.16.7-ckt20-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.73-2+deb7u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.7-ckt20-1+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:23:27", "description": "The SUSE Linux Enterprise 12 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7550: A local user could have triggered a race\n between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8539: A negatively instantiated user key could\n have been used by a local user to leverage privileges\n (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: Validate socket address length in\n sco_sock_bind() to prevent information leak\n (bsc#959399).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-01-20T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0168-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-8539", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569"], "modified": "2016-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-devel"], "id": "SUSE_SU-2016-0168-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88006", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0168-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88006);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:0168-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7550: A local user could have triggered a race\n between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8539: A negatively instantiated user key could\n have been used by a local user to leverage privileges\n (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: Validate socket address length in\n sco_sock_bind() to prevent information leak\n (bsc#959399).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=758040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959436\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8539/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8543/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8550/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8575/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160168-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ceb6abc6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-107=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-107=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-107=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-107=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2016-107=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-107=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.51-52.34.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.51-52.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:17", "description": "The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15\nstable release, and also includes security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers\n gain root privileges. (bsc#962075).\n\n - CVE-2015-7550: A local user could have triggered a race\n between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8767: A case can occur when sctp_accept() is\n called by the user during a heartbeat timeout event\n after the 4-way handshake. Since sctp_assoc_migrate()\n changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be\n taken with the listening socket but released with the\n new association socket. The result is a deadlock on any\n future attempts to take the listening socket lock.\n (bsc#961509)\n\n - CVE-2015-8539: A negatively instantiated user key could\n have been used by a local user to leverage privileges\n (bnc#958463).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8575: Validate socket address length in\n sco_sock_bind() to prevent information leak\n (bsc#959399).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd\n (bsc#958439).\n\n - ALSA: hda - Apply click noise workaround for Thinkpads\n generically (bsc#958439).\n\n - ALSA: hda - Fix noise problems on Thinkpad T440s\n (boo#958504).\n\n - ALSA: hda - Flush the pending probe work at remove\n (boo#960710).\n\n - ALSA: hda - Set codec to D3 at reboot/shutdown on\n Thinkpads (bsc#958439).\n\n - Add Cavium Thunderx network enhancements\n\n - Add RHEL to kernel-obs-build\n\n - Backport amd xgbe fixes and features\n\n - Backport arm64 patches from SLE12-SP1-ARM.\n\n - Btrfs: fix the number of transaction units needed to\n remove a block group (bsc#950178).\n\n - Btrfs: use global reserve when deleting unused block\n group after ENOSPC (bsc#950178).\n\n - Documentation: nousb is a module parameter (bnc#954324).\n\n - Driver for IBM System i/p VNIC protocol.\n\n - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for\n recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still\n disabled as it can't be built as a module.\n\n - Fix PCI generic host controller\n\n - Fix kABI breakage for max_dev_sectors addition to\n queue_limits (boo#961263).\n\n - HID: multitouch: Fetch feature reports on demand for\n Win8 devices (boo#954532).\n\n - HID: multitouch: fix input mode switching on some Elan\n panels (boo#954532).\n\n - Implement enable/disable for Display C6 state\n (boo#960021).\n\n - Input: aiptek - fix crash on detecting device without\n endpoints (bnc#956708).\n\n - Linux 4.1.15 (boo#954647 bsc#955422).\n\n - Move kabi patch to patches.kabi directory\n\n - Obsolete compat-wireless, rts5229 and rts_pstor KMPs\n These are found in SLE11-SP3, now replaced with the\n upstream drivers.\n\n - PCI: generic: Pass starting bus number to\n pci_scan_root_bus().\n\n - Revert 'block: remove artifical max_hw_sectors cap'\n (boo#961263).\n\n - Set system time through RTC device\n\n - Update arm64 config files. Enabled DRM_AST in the\n vanilla kernel since it is now enabled in the default\n kernel.\n\n - Update config files: CONFIG_IBMVNIC=m\n\n - block/sd: Fix device-imposed transfer length limits\n (boo#961263).\n\n - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).\n\n - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).\n\n - drm/i915/skl: Add DC6 Trigger sequence (boo#960021).\n\n - drm/i915/skl: Add support to load SKL CSR firmware\n (boo#960021).\n\n - drm/i915/skl: Add the INIT power domain to the MISC I/O\n power well (boo#960021).\n\n - drm/i915/skl: Deinit/init the display at suspend/resume\n (boo#960021).\n\n - drm/i915/skl: Fix DMC API version in firmware file name\n (boo#960021).\n\n - drm/i915/skl: Fix\n WaDisableChickenBitTSGBarrierAckForFFSliceCS\n (boo#960021).\n\n - drm/i915/skl: Fix stepping check for a couple of W/As\n (boo#960021).\n\n - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1\n defines (boo#960021).\n\n - drm/i915/skl: Implement WaDisableVFUnitClockGating\n (boo#960021).\n\n - drm/i915/skl: Implement enable/disable for Display C5\n state (boo#960021).\n\n - drm/i915/skl: Make the Misc I/O power well part of the\n PLLS domain (boo#960021).\n\n - drm/i915/skl: add F0 stepping ID (boo#960021).\n\n - drm/i915/skl: enable\n WaForceContextSaveRestoreNonCoherent (boo#960021).\n\n - drm/i915: Clear crtc atomic flags at beginning of\n transaction (boo#960021).\n\n - drm/i915: Fix CSR MMIO address check (boo#960021).\n\n - drm/i915: Switch to full atomic helpers for plane\n updates/disable, take two (boo#960021).\n\n - drm/i915: set CDCLK if DPLL0 enabled during resuming\n from S3 (boo#960021).\n\n - ethernet/atheros/alx: sanitize buffer sizing and padding\n (boo#952621).\n\n - genksyms: Handle string literals with spaces in\n reference files (bsc#958510).\n\n - group-source-files: mark module.lds as devel file ld:\n cannot open linker script file\n /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No\n such file or directory\n\n - hwrng: core - sleep interruptible in read (bnc#962597).\n\n - ipv6: distinguish frag queues by device for multicast\n and link-local packets (bsc#955422).\n\n - kABI fixes for linux-4.1.15.\n\n - rpm/compute-PATCHVERSION.sh: Skip stale directories in\n the package dir\n\n - rpm/constraints.in: Bump disk space requirements up a\n bit Require 10GB on s390x, 20GB elsewhere.\n\n - rpm/constraints.in: Require 14GB worth of disk space on\n POWER The builds started to fail randomly due to ENOSPC\n errors.\n\n - rpm/kernel-binary.spec.in: Do not explicitly set\n DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is\n a selectable Kconfig option since 2.6.39 and is enabled\n in our configs.\n\n - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp\n (bnc#865259)865259\n\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs\n are installed\n\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for\n newer sign-file\n\n - rpm/kernel-binary.spec.in: No scriptlets in\n kernel-zfcpdump The kernel should not be added to the\n bootloader nor are there any KMPs.\n\n - rpm/kernel-binary.spec.in: Obsolete the -base package\n from SLE11 (bnc#865096)\n\n - rpm/kernel-binary.spec.in: Use parallel make in all\n invocations Also, remove the lengthy comment, since we\n are using a standard rpm macro now.\n\n - thinkpad_acpi: Do not yell on unsupported brightness\n interfaces (boo#957152).\n\n - usb: make 'nousb' a clear module parameter (bnc#954324).\n\n - usbvision fix overflow of interfaces array (bnc#950998).\n\n - x86/microcode/amd: Do not overwrite final patch levels\n (bsc#913996).\n\n - x86/microcode/amd: Extract current patch level read to a\n function (bsc#913996).\n\n - xen/pciback: Do not allow MSI-X ops if\n PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).\n\n - xhci: refuse loading if nousb is used (bnc#954324).", "edition": 20, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-02-03T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-8539", "CVE-2015-8767", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569"], "modified": "2016-02-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"], "id": "OPENSUSE-2016-116.NASL", "href": "https://www.tenable.com/plugins/nessus/88542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-116.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88542);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\", \"CVE-2016-0728\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)\");\n script_summary(english:\"Check for the openSUSE-2016-116 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15\nstable release, and also includes security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers\n gain root privileges. (bsc#962075).\n\n - CVE-2015-7550: A local user could have triggered a race\n between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8767: A case can occur when sctp_accept() is\n called by the user during a heartbeat timeout event\n after the 4-way handshake. Since sctp_assoc_migrate()\n changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be\n taken with the listening socket but released with the\n new association socket. The result is a deadlock on any\n future attempts to take the listening socket lock.\n (bsc#961509)\n\n - CVE-2015-8539: A negatively instantiated user key could\n have been used by a local user to leverage privileges\n (bnc#958463).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2015-8575: Validate socket address length in\n sco_sock_bind() to prevent information leak\n (bsc#959399).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd\n (bsc#958439).\n\n - ALSA: hda - Apply click noise workaround for Thinkpads\n generically (bsc#958439).\n\n - ALSA: hda - Fix noise problems on Thinkpad T440s\n (boo#958504).\n\n - ALSA: hda - Flush the pending probe work at remove\n (boo#960710).\n\n - ALSA: hda - Set codec to D3 at reboot/shutdown on\n Thinkpads (bsc#958439).\n\n - Add Cavium Thunderx network enhancements\n\n - Add RHEL to kernel-obs-build\n\n - Backport amd xgbe fixes and features\n\n - Backport arm64 patches from SLE12-SP1-ARM.\n\n - Btrfs: fix the number of transaction units needed to\n remove a block group (bsc#950178).\n\n - Btrfs: use global reserve when deleting unused block\n group after ENOSPC (bsc#950178).\n\n - Documentation: nousb is a module parameter (bnc#954324).\n\n - Driver for IBM System i/p VNIC protocol.\n\n - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for\n recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still\n disabled as it can't be built as a module.\n\n - Fix PCI generic host controller\n\n - Fix kABI breakage for max_dev_sectors addition to\n queue_limits (boo#961263).\n\n - HID: multitouch: Fetch feature reports on demand for\n Win8 devices (boo#954532).\n\n - HID: multitouch: fix input mode switching on some Elan\n panels (boo#954532).\n\n - Implement enable/disable for Display C6 state\n (boo#960021).\n\n - Input: aiptek - fix crash on detecting device without\n endpoints (bnc#956708).\n\n - Linux 4.1.15 (boo#954647 bsc#955422).\n\n - Move kabi patch to patches.kabi directory\n\n - Obsolete compat-wireless, rts5229 and rts_pstor KMPs\n These are found in SLE11-SP3, now replaced with the\n upstream drivers.\n\n - PCI: generic: Pass starting bus number to\n pci_scan_root_bus().\n\n - Revert 'block: remove artifical max_hw_sectors cap'\n (boo#961263).\n\n - Set system time through RTC device\n\n - Update arm64 config files. Enabled DRM_AST in the\n vanilla kernel since it is now enabled in the default\n kernel.\n\n - Update config files: CONFIG_IBMVNIC=m\n\n - block/sd: Fix device-imposed transfer length limits\n (boo#961263).\n\n - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).\n\n - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).\n\n - drm/i915/skl: Add DC6 Trigger sequence (boo#960021).\n\n - drm/i915/skl: Add support to load SKL CSR firmware\n (boo#960021).\n\n - drm/i915/skl: Add the INIT power domain to the MISC I/O\n power well (boo#960021).\n\n - drm/i915/skl: Deinit/init the display at suspend/resume\n (boo#960021).\n\n - drm/i915/skl: Fix DMC API version in firmware file name\n (boo#960021).\n\n - drm/i915/skl: Fix\n WaDisableChickenBitTSGBarrierAckForFFSliceCS\n (boo#960021).\n\n - drm/i915/skl: Fix stepping check for a couple of W/As\n (boo#960021).\n\n - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1\n defines (boo#960021).\n\n - drm/i915/skl: Implement WaDisableVFUnitClockGating\n (boo#960021).\n\n - drm/i915/skl: Implement enable/disable for Display C5\n state (boo#960021).\n\n - drm/i915/skl: Make the Misc I/O power well part of the\n PLLS domain (boo#960021).\n\n - drm/i915/skl: add F0 stepping ID (boo#960021).\n\n - drm/i915/skl: enable\n WaForceContextSaveRestoreNonCoherent (boo#960021).\n\n - drm/i915: Clear crtc atomic flags at beginning of\n transaction (boo#960021).\n\n - drm/i915: Fix CSR MMIO address check (boo#960021).\n\n - drm/i915: Switch to full atomic helpers for plane\n updates/disable, take two (boo#960021).\n\n - drm/i915: set CDCLK if DPLL0 enabled during resuming\n from S3 (boo#960021).\n\n - ethernet/atheros/alx: sanitize buffer sizing and padding\n (boo#952621).\n\n - genksyms: Handle string literals with spaces in\n reference files (bsc#958510).\n\n - group-source-files: mark module.lds as devel file ld:\n cannot open linker script file\n /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No\n such file or directory\n\n - hwrng: core - sleep interruptible in read (bnc#962597).\n\n - ipv6: distinguish frag queues by device for multicast\n and link-local packets (bsc#955422).\n\n - kABI fixes for linux-4.1.15.\n\n - rpm/compute-PATCHVERSION.sh: Skip stale directories in\n the package dir\n\n - rpm/constraints.in: Bump disk space requirements up a\n bit Require 10GB on s390x, 20GB elsewhere.\n\n - rpm/constraints.in: Require 14GB worth of disk space on\n POWER The builds started to fail randomly due to ENOSPC\n errors.\n\n - rpm/kernel-binary.spec.in: Do not explicitly set\n DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is\n a selectable Kconfig option since 2.6.39 and is enabled\n in our configs.\n\n - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp\n (bnc#865259)865259\n\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs\n are installed\n\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for\n newer sign-file\n\n - rpm/kernel-binary.spec.in: No scriptlets in\n kernel-zfcpdump The kernel should not be added to the\n bootloader nor are there any KMPs.\n\n - rpm/kernel-binary.spec.in: Obsolete the -base package\n from SLE11 (bnc#865096)\n\n - rpm/kernel-binary.spec.in: Use parallel make in all\n invocations Also, remove the lengthy comment, since we\n are using a standard rpm macro now.\n\n - thinkpad_acpi: Do not yell on unsupported brightness\n interfaces (boo#957152).\n\n - usb: make 'nousb' a clear module parameter (bnc#954324).\n\n - usbvision fix overflow of interfaces array (bnc#950998).\n\n - x86/microcode/amd: Do not overwrite final patch levels\n (bsc#913996).\n\n - x86/microcode/amd: Extract current patch level read to a\n function (bsc#913996).\n\n - xen/pciback: Do not allow MSI-X ops if\n PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).\n\n - xhci: refuse loading if nousb is used (bnc#954324).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=865096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=865259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954532\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=962075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=962597\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.15-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.15-8.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.15-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.15-8.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-xen-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.15-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.15-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:29:20", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-12-21T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2853-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552"], "modified": "2015-12-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2853-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87536", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2853-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87536);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2853-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2853-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2853-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2853-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-22-generic\", pkgver:\"4.2.0-22.27~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-22-generic-lpae\", pkgver:\"4.2.0-22.27~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-22-lowlatency\", pkgver:\"4.2.0-22.27~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-01-20T15:29:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-12-21T00:00:00", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2848-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552"], "modified": "2015-12-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2848-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87531", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2848-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87531);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2848-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2848-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2848-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2848-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-74-generic\", pkgver:\"3.13.0-74.118\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-74-generic-lpae\", pkgver:\"3.13.0-74.118\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-74-lowlatency\", pkgver:\"3.13.0-74.118\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-01-20T15:29:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-12-21T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2854-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552"], "modified": "2015-12-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2854-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2854-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87537);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2854-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2854-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2854-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2854-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-42-generic\", pkgver:\"3.19.0-42.48~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-42-generic-lpae\", pkgver:\"3.19.0-42.48~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-42-lowlatency\", pkgver:\"3.19.0-42.48~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-01-20T15:29:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-12-21T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2846-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552"], "modified": "2015-12-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2846-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87529", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2846-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87529);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2846-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2846-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2846-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2846-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-97-generic\", pkgver:\"3.2.0-97.137\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-97-generic-pae\", pkgver:\"3.2.0-97.137\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-97-highbank\", pkgver:\"3.2.0-97.137\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-97-virtual\", pkgver:\"3.2.0-97.137\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-01-20T15:29:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-12-21T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2849-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552"], "modified": "2015-12-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2849-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87532", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2849-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87532);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2849-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2849-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2849-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2849-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-57-generic\", pkgver:\"3.16.0-57.77~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-57-generic-lpae\", pkgver:\"3.16.0-57.77~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-57-lowlatency\", pkgver:\"3.16.0-57.77~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-01-20T15:29:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-12-21T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2847-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552"], "modified": "2015-12-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2847-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87530", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2847-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87530);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2847-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2847-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2847-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2847-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-74-generic\", pkgver:\"3.13.0-74.118~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-74-generic-lpae\", pkgver:\"3.13.0-74.118~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-01-20T15:29:19", "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 8.2, "vector": "AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2015-12-21T00:00:00", "title": "Ubuntu 15.04 : linux vulnerabilities (USN-2850-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552"], "modified": "2015-12-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "cpe:/o:canonical:ubuntu_linux:15.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae"], "id": "UBUNTU_USN-2850-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2850-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87533);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n script_xref(name:\"USN\", value:\"2850-1\");\n\n script_name(english:\"Ubuntu 15.04 : linux vulnerabilities (USN-2850-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Felix Wilhelm discovered a race condition in the Xen paravirtualized\ndrivers which can cause double fetch vulnerabilities. An attacker in\nthe paravirtualized guest could exploit this flaw to cause a denial of\nservice (crash the host) or potentially execute arbitrary code on the\nhost. (CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service (NULL dereference) on the host.\n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not\nperform sanity checks on the device's state. An attacker could exploit\nthis flaw to cause a denial of service by flooding the logging system\nwith WARN() messages causing the initial domain to exhaust disk space.\n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux\nkernel. The namespace owner could potentially exploit this flaw by\nptracing a root owned process entering the user namespace to elevate\nits privileges and potentially gain access outside of the namespace.\n(http://bugs.launchpad.net/bugs/1527374)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2850-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2850-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"15.04\", pkgname:\"linux-image-3.19.0-42-generic\", pkgver:\"3.19.0-42.48\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"linux-image-3.19.0-42-generic-lpae\", pkgver:\"3.19.0-42.48\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"linux-image-3.19.0-42-lowlatency\", pkgver:\"3.19.0-42.48\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:54:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8709"], "description": "Several vulnerabilities have\nbeen discovered in the Linux kernel that may lead to a privilege escalation,\ndenial of service or information leak.\n\nCVE-2015-7513 \nIt was discovered that a local user permitted to use the x86 KVM\nsubsystem could configure the PIT emulation to cause a denial of\nservice (crash).\n\nCVE-2015-7550 \nDmitry Vyukov discovered a race condition in the keyring subsystem\nthat allows a local user to cause a denial of service (crash).\n\nCVE-2015-8543 \nIt was discovered that a local user permitted to create raw sockets\ncould cause a denial-of-service by specifying an invalid protocol\nnumber for the socket. The attacker must have the CAP_NET_RAW\ncapability.\n\nCVE-2015-8550 \nFelix Wilhelm of ERNW discovered that the Xen PV backend drivers\nmay read critical data from shared memory multiple times. This\nflaw can be used by a guest kernel to cause a denial of service\n(crash) on the host, or possibly for privilege escalation.\n\nCVE-2015-8551 /\nCVE-2015-8552 \nKonrad Rzeszutek Wilk of Oracle discovered that the Xen PCI\nbackend driver does not adequately validate the device state when\na guest configures MSIs. This flaw can be used by a guest kernel\nto cause a denial of service (crash or disk space exhaustion) on\nthe host.\n\nCVE-2015-8569 \nDmitry Vyukov discovered a flaw in the PPTP sockets implementation\nthat leads to an information leak to local users.\n\nCVE-2015-8575 \nDavid Miller discovered a flaw in the Bluetooth SCO sockets\nimplementation that leads to an information leak to local users.\n\nCVE-2015-8709 \nJann Horn discovered a flaw in the permission checks for use of\nthe ptrace feature. A local user who has the CAP_SYS_PTRACE\ncapability within their own user namespace could use this flaw for\nprivilege escalation if a more privileged process ever enters that\nuser namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update:\n\n#808293 \nA regression in the UDP implementation prevented freeradius and\nsome other applications from receiving data.\n\n#808602 /\n#808953 \nA regression in the USB XHCI driver prevented use of some devices\nin USB 3 SuperSpeed ports.\n\n#808973 \nA fix to the radeon driver interacted with an existing bug to\ncause a crash at boot when using some AMD/ATI graphics cards.\nThis issue only affects wheezy.", "modified": "2017-07-07T00:00:00", "published": "2016-01-05T00:00:00", "id": "OPENVAS:703434", "href": "http://plugins.openvas.org/nasl.php?oid=703434", "type": "openvas", "title": "Debian Security Advisory DSA 3434-1 (linux - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3434.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3434-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703434);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-7513\", \"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8550\",\n \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\",\n \"CVE-2015-8709\");\n script_name(\"Debian Security Advisory DSA 3434-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-01-05 00:00:00 +0100 (Tue, 05 Jan 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3434.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 3.2.73-2+deb7u2. The oldstable\ndistribution (wheezy) is not affected by CVE-2015-8709 \n.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u2.\nCVE-2015-8543 \n\nwas already fixed in version 3.16.7-ckt20-1+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.3.3-3 or earlier.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have\nbeen discovered in the Linux kernel that may lead to a privilege escalation,\ndenial of service or information leak.\n\nCVE-2015-7513 \nIt was discovered that a local user permitted to use the x86 KVM\nsubsystem could configure the PIT emulation to cause a denial of\nservice (crash).\n\nCVE-2015-7550 \nDmitry Vyukov discovered a race condition in the keyring subsystem\nthat allows a local user to cause a denial of service (crash).\n\nCVE-2015-8543 \nIt was discovered that a local user permitted to create raw sockets\ncould cause a denial-of-service by specifying an invalid protocol\nnumber for the socket. The attacker must have the CAP_NET_RAW\ncapability.\n\nCVE-2015-8550 \nFelix Wilhelm of ERNW discovered that the Xen PV backend drivers\nmay read critical data from shared memory multiple times. This\nflaw can be used by a guest kernel to cause a denial of service\n(crash) on the host, or possibly for privilege escalation.\n\nCVE-2015-8551 /\nCVE-2015-8552 \nKonrad Rzeszutek Wilk of Oracle discovered that the Xen PCI\nbackend driver does not adequately validate the device state when\na guest configures MSIs. This flaw can be used by a guest kernel\nto cause a denial of service (crash or disk space exhaustion) on\nthe host.\n\nCVE-2015-8569 \nDmitry Vyukov discovered a flaw in the PPTP sockets implementation\nthat leads to an information leak to local users.\n\nCVE-2015-8575 \nDavid Miller discovered a flaw in the Bluetooth SCO sockets\nimplementation that leads to an information leak to local users.\n\nCVE-2015-8709 \nJann Horn discovered a flaw in the permission checks for use of\nthe ptrace feature. A local user who has the CAP_SYS_PTRACE\ncapability within their own user namespace could use this flaw for\nprivilege escalation if a more privileged process ever enters that\nuser namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update:\n\n#808293 \nA regression in the UDP implementation prevented freeradius and\nsome other applications from receiving data.\n\n#808602 /\n#808953 \nA regression in the USB XHCI driver prevented use of some devices\nin USB 3 SuperSpeed ports.\n\n#808973 \nA fix to the radeon driver interacted with an existing bug to\ncause a crash at boot when using some AMD/ATI graphics cards.\nThis issue only affects wheezy.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u2\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8709"], "description": "Several vulnerabilities have\nbeen discovered in the Linux kernel that may lead to a privilege escalation,\ndenial of service or information leak.\n\nCVE-2015-7513\nIt was discovered that a local user permitted to use the x86 KVM\nsubsystem could configure the PIT emulation to cause a denial of\nservice (crash).\n\nCVE-2015-7550\nDmitry Vyukov discovered a race condition in the keyring subsystem\nthat allows a local user to cause a denial of service (crash).\n\nCVE-2015-8543\nIt was discovered that a local user permitted to create raw sockets\ncould cause a denial-of-service by specifying an invalid protocol\nnumber for the socket. The attacker must have the CAP_NET_RAW\ncapability.\n\nCVE-2015-8550\nFelix Wilhelm of ERNW discovered that the Xen PV backend drivers\nmay read critical data from shared memory multiple times. This\nflaw can be used by a guest kernel to cause a denial of service\n(crash) on the host, or possibly for privilege escalation.\n\nCVE-2015-8551 /\nCVE-2015-8552\nKonrad Rzeszutek Wilk of Oracle discovered that the Xen PCI\nbackend driver does not adequately validate the device state when\na guest configures MSIs. This flaw can be used by a guest kernel\nto cause a denial of service (crash or disk space exhaustion) on\nthe host.\n\nCVE-2015-8569\nDmitry Vyukov discovered a flaw in the PPTP sockets implementation\nthat leads to an information leak to local users.\n\nCVE-2015-8575\nDavid Miller discovered a flaw in the Bluetooth SCO sockets\nimplementation that leads to an information leak to local users.\n\nCVE-2015-8709\nJann Horn discovered a flaw in the permission checks for use of\nthe ptrace feature. A local user who has the CAP_SYS_PTRACE\ncapability within their own user namespace could use this flaw for\nprivilege escalation if a more privileged process ever enters that\nuser namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update:\n\n#808293\nA regression in the UDP implementation prevented freeradius and\nsome other applications from receiving data.\n\n#808602 /\n#808953\nA regression in the USB XHCI driver prevented use of some devices\nin USB 3 SuperSpeed ports.\n\n#808973\nA fix to the radeon driver interacted with an existing bug to\ncause a crash at boot when using some AMD/ATI graphics cards.\nThis issue only affects wheezy.", "modified": "2019-03-18T00:00:00", "published": "2016-01-05T00:00:00", "id": "OPENVAS:1361412562310703434", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703434", "type": "openvas", "title": "Debian Security Advisory DSA 3434-1 (linux - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3434.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3434-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703434\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-7513\", \"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8550\",\n \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\",\n \"CVE-2015-8709\");\n script_name(\"Debian Security Advisory DSA 3434-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-05 00:00:00 +0100 (Tue, 05 Jan 2016)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3434.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 3.2.73-2+deb7u2. The oldstable\ndistribution (wheezy) is not affected by CVE-2015-8709\n.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt20-1+deb8u2.\nCVE-2015-8543\n\nwas already fixed in version 3.16.7-ckt20-1+deb8u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.3.3-3 or earlier.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have\nbeen discovered in the Linux kernel that may lead to a privilege escalation,\ndenial of service or information leak.\n\nCVE-2015-7513\nIt was discovered that a local user permitted to use the x86 KVM\nsubsystem could configure the PIT emulation to cause a denial of\nservice (crash).\n\nCVE-2015-7550\nDmitry Vyukov discovered a race condition in the keyring subsystem\nthat allows a local user to cause a denial of service (crash).\n\nCVE-2015-8543\nIt was discovered that a local user permitted to create raw sockets\ncould cause a denial-of-service by specifying an invalid protocol\nnumber for the socket. The attacker must have the CAP_NET_RAW\ncapability.\n\nCVE-2015-8550\nFelix Wilhelm of ERNW discovered that the Xen PV backend drivers\nmay read critical data from shared memory multiple times. This\nflaw can be used by a guest kernel to cause a denial of service\n(crash) on the host, or possibly for privilege escalation.\n\nCVE-2015-8551 /\nCVE-2015-8552\nKonrad Rzeszutek Wilk of Oracle discovered that the Xen PCI\nbackend driver does not adequately validate the device state when\na guest configures MSIs. This flaw can be used by a guest kernel\nto cause a denial of service (crash or disk space exhaustion) on\nthe host.\n\nCVE-2015-8569\nDmitry Vyukov discovered a flaw in the PPTP sockets implementation\nthat leads to an information leak to local users.\n\nCVE-2015-8575\nDavid Miller discovered a flaw in the Bluetooth SCO sockets\nimplementation that leads to an information leak to local users.\n\nCVE-2015-8709\nJann Horn discovered a flaw in the permission checks for use of\nthe ptrace feature. A local user who has the CAP_SYS_PTRACE\ncapability within their own user namespace could use this flaw for\nprivilege escalation if a more privileged process ever enters that\nuser namespace. This affects at least the LXC system.\n\nIn addition, this update fixes some regressions in the previous update:\n\n#808293\nA regression in the UDP implementation prevented freeradius and\nsome other applications from receiving data.\n\n#808602 /\n#808953\nA regression in the USB XHCI driver prevented use of some devices\nin USB 3 SuperSpeed ports.\n\n#808973\nA fix to the radeon driver interacted with an existing bug to\ncause a crash at boot when using some AMD/ATI graphics cards.\nThis issue only affects wheezy.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.73-2+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt20-1+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:34:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-8539", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-01-20T00:00:00", "id": "OPENVAS:1361412562310851159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851159", "type": "openvas", "title": "SUSE: Security Advisory for kernel (SUSE-SU-2016:0168-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851159\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-01-20 06:16:51 +0100 (Wed, 20 Jan 2016)\");\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\",\n \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for kernel (SUSE-SU-2016:0168-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 12 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958463).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[Ix] only disable if device has MSI(X) enabled\n (bsc#957990).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n\n The following non-security bugs were fixed:\n\n - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).\n\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n\n - Re-add copy_page_vector_to_user()\n\n - Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).\n\n - Refresh patches.xen/xen3-patch-3.9 (bsc#951155).\n\n - Update\n patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction\n\n - .patch (bnc#935087, bnc#945649, bnc#951615).\n\n - bcache: Add btree_insert_node() (bnc#951638).\n\n - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).\n\n - bcache: Clean up keylist code (bnc#951638).\n\n - bcache: Convert btree_insert_check_key() to btree_insert_node()\n (bnc#951638).\n\n - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).\n\n - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).\n\n - bcache: Explicitly track btree node's parent (bnc#951638).\n\n - bcache: Fix a bug when detaching (b ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:0168-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra-debuginfo\", rpm:\"kernel-default-extra-debuginfo~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.51~52.34.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.12.51~52.34.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:36:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-8539", "CVE-2015-8767", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2016-02-02T00:00:00", "id": "OPENVAS:1361412562310851179", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851179", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:0280-1)", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851179\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-02 17:15:24 +0100 (Tue, 02 Feb 2016)\");\n script_cve_id(\"CVE-2015-7550\", \"CVE-2015-8539\", \"CVE-2015-8543\", \"CVE-2015-8550\",\n \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\",\n \"CVE-2015-8767\", \"CVE-2016-0728\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:0280-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable\n release, and also includes security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers gain root\n privileges. (bsc#962075).\n\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user\n during a heartbeat timeout event after the 4-way handshake. Since\n sctp_assoc_migrate() changes both assoc- base.sk and assoc- ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the\n listening socket but released with the new association socket. The\n result is a deadlock on any future attempts to take the listening socket\n lock. (bsc#961509)\n\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958463).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[x] only disable if device has MSI(X) enabled\n (bsc#957990).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n\n The following non-security bugs were fixed:\n\n - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).\n\n - ALSA: hda - Apply click noise workaround for Thinkpads generically\n (bsc#958439).\n\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n\n - ALSA: hda - Flush the pending probe work at remove (boo#960710).\n\n - ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).\n\n - Add Cavium Thunderx network enha ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0280-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.15~8.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.15~8.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.15~8.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.15~8.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.15~8.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.15~8.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8575", "CVE-2015-8569", "CVE-2015-8709"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-01-13T00:00:00", "id": "OPENVAS:1361412562310807102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807102", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807102\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-13 06:14:00 +0100 (Wed, 13 Jan 2016)\");\n script_cve_id(\"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8709\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175386.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.3.3~300.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8374", "CVE-2015-7990", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310842625", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842625", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-2888-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-2888-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842625\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:26 +0530 (Fri, 05 Feb 2016)\");\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-7513\", \"CVE-2015-7550\", \"CVE-2015-7990\",\n \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-2888-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a use-after-free\n vulnerability existed in the AF_UNIX implementation in the Linux kernel.\n A local attacker could use crafted epoll_ctl calls to cause a denial of\n service (system crash) or expose sensitive information. (CVE-2013-7446)\n\n It was discovered that the KVM implementation in the Linux kernel did not\n properly restore the values of the Programmable Interrupt Timer (PIT). A\n user-assisted attacker in a KVM guest could cause a denial of service in\n the host (system crash). (CVE-2015-7513)\n\n It was discovered that the Linux kernel keyring subsystem contained a race\n between read and revoke operations. A local attacker could use this to\n cause a denial of service (system crash). (CVE-2015-7550)\n\n Sasha Levin discovered that the Reliable Datagram Sockets (RDS)\n implementation in the Linux kernel had a race condition when checking\n whether a socket was bound or not. A local attacker could use this to cause\n a denial of service (system crash). (CVE-2015-7990)\n\n It was discovered that the Btrfs implementation in the Linux kernel\n incorrectly handled compressed inline extants on truncation. A local\n attacker could use this to expose sensitive information. (CVE-2015-8374)\n\n It was discovered that the Linux kernel networking implementation did\n not validate protocol identifiers for certain protocol families, A local\n attacker could use this to cause a denial of service (system crash) or\n possibly gain administrative privileges. (CVE-2015-8543)\n\n Dmitry Vyukov discovered that the pptp implementation in the Linux kernel\n did not verify an address length when setting up a socket. A local attacker\n could use this to craft an application that exposed sensitive information\n from kernel memory. (CVE-2015-8569)\n\n David Miller discovered that the Bluetooth implementation in the Linux\n kernel did not properly validate the socket address length for Synchronous\n Connection-Oriented (SCO) sockets. A local attacker could use this to\n expose sensitive information. (CVE-2015-8575)\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2888-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2888-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-60-generic\", ver:\"3.16.0-60.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-60-generic-lpae\", ver:\"3.16.0-60.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-60-lowlatency\", ver:\"3.16.0-60.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-60-powerpc-e500mc\", ver:\"3.16.0-60.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-60-powerpc-smp\", ver:\"3.16.0-60.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-60-powerpc64-emb\", ver:\"3.16.0-60.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-60-powerpc64-smp\", ver:\"3.16.0-60.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8787", "CVE-2015-7550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8374", "CVE-2015-7990", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310842622", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842622", "type": "openvas", "title": "Ubuntu Update for linux USN-2890-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2890-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842622\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:10 +0530 (Fri, 05 Feb 2016)\");\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-7513\", \"CVE-2015-7550\", \"CVE-2015-7990\",\n \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\",\n \"CVE-2015-8787\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2890-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a use-after-free\n vulnerability existed in the AF_UNIX implementation in the Linux kernel. A\n local attacker could use crafted epoll_ctl calls to cause a denial of service\n (system crash) or expose sensitive information. (CVE-2013-7446)\n\n It was discovered that the KVM implementation in the Linux kernel did not\n properly restore the values of the Programmable Interrupt Timer (PIT). A\n user-assisted attacker in a KVM guest could cause a denial of service in\n the host (system crash). (CVE-2015-7513)\n\n It was discovered that the Linux kernel keyring subsystem contained a race\n between read and revoke operations. A local attacker could use this to\n cause a denial of service (system crash). (CVE-2015-7550)\n\n Sasha Levin discovered that the Reliable Datagram Sockets (RDS)\n implementation in the Linux kernel had a race condition when checking\n whether a socket was bound or not. A local attacker could use this to cause\n a denial of service (system crash). (CVE-2015-7990)\n\n It was discovered that the Btrfs implementation in the Linux kernel\n incorrectly handled compressed inline extants on truncation. A local\n attacker could use this to expose sensitive information. (CVE-2015-8374)\n\n It was discovered that the Linux kernel networking implementation did\n not validate protocol identifiers for certain protocol families, A local\n attacker could use this to cause a denial of service (system crash) or\n possibly gain administrative privileges. (CVE-2015-8543)\n\n Dmitry Vyukov discovered that the pptp implementation in the Linux kernel\n did not verify an address length when setting up a socket. A local attacker\n could use this to craft an application that exposed sensitive information\n from kernel memory. (CVE-2015-8569)\n\n David Miller discovered that the Bluetooth implementation in the Linux\n kernel did not properly validate the socket address length for Synchronous\n Connection-Oriented (SCO) sockets. A local attacker could use this to\n expose sensitive information. (CVE-2015-8575)\n\n It was discovered that the netfilter Network Address Translation (NAT)\n implementation did not ensure that data structures were initialized when\n handling IPv4 addresses. An attacker could use this to cause a denial of\n service (system crash). (CVE-2015-8787)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2890-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2890-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-generic\", ver:\"4.2.0-27.32\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-generic-lpae\", ver:\"4.2.0-27.32\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-lowlatency\", ver:\"4.2.0-27.32\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-powerpc-e500mc\", ver:\"4.2.0-27.32\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-powerpc-smp\", ver:\"4.2.0-27.32\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-powerpc64-emb\", ver:\"4.2.0-27.32\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-powerpc64-smp\", ver:\"4.2.0-27.32\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8787", "CVE-2015-7550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8374", "CVE-2015-7990", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310842624", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842624", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-2890-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-2890-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842624\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:19 +0530 (Fri, 05 Feb 2016)\");\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-7513\", \"CVE-2015-7550\", \"CVE-2015-7990\",\n \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\",\n \"CVE-2015-8787\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-2890-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a use-after-free\n vulnerability existed in the AF_UNIX implementation in the Linux kernel. A\n local attacker could use crafted epoll_ctl calls to cause a denial of service\n (system crash) or expose sensitive information. (CVE-2013-7446)\n\n It was discovered that the KVM implementation in the Linux kernel did not\n properly restore the values of the Programmable Interrupt Timer (PIT). A\n user-assisted attacker in a KVM guest could cause a denial of service in\n the host (system crash). (CVE-2015-7513)\n\n It was discovered that the Linux kernel keyring subsystem contained a race\n between read and revoke operations. A local attacker could use this to\n cause a denial of service (system crash). (CVE-2015-7550)\n\n Sasha Levin discovered that the Reliable Datagram Sockets (RDS)\n implementation in the Linux kernel had a race condition when checking\n whether a socket was bound or not. A local attacker could use this to cause\n a denial of service (system crash). (CVE-2015-7990)\n\n It was discovered that the Btrfs implementation in the Linux kernel\n incorrectly handled compressed inline extants on truncation. A local\n attacker could use this to expose sensitive information. (CVE-2015-8374)\n\n It was discovered that the Linux kernel networking implementation did\n not validate protocol identifiers for certain protocol families, A local\n attacker could use this to cause a denial of service (system crash) or\n possibly gain administrative privileges. (CVE-2015-8543)\n\n Dmitry Vyukov discovered that the pptp implementation in the Linux kernel\n did not verify an address length when setting up a socket. A local attacker\n could use this to craft an application that exposed sensitive information\n from kernel memory. (CVE-2015-8569)\n\n David Miller discovered that the Bluetooth implementation in the Linux\n kernel did not properly validate the socket address length for Synchronous\n Connection-Oriented (SCO) sockets. A local attacker could use this to\n expose sensitive information. (CVE-2015-8575)\n\n It was discovered that the netfilter Network Address Translation (NAT)\n implementation did not ensure that data structures were initialized when\n handling IPv4 addresses. An attacker could use this to cause a denial of\n service (system crash). (CVE-2015-8787)\");\n\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2890-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2890-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-1022-raspi2\", ver:\"4.2.0-1022.29\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8787", "CVE-2015-7550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8374", "CVE-2015-7990", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-02-05T00:00:00", "id": "OPENVAS:1361412562310842631", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842631", "type": "openvas", "title": "Ubuntu Update for linux-lts-wily USN-2890-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-wily USN-2890-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842631\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-05 13:14:21 +0530 (Fri, 05 Feb 2016)\");\n script_cve_id(\"CVE-2013-7446\", \"CVE-2015-7513\", \"CVE-2015-7550\", \"CVE-2015-7990\",\n \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\",\n \"CVE-2015-8787\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-wily USN-2890-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-wily'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that a use-after-free\n vulnerability existed in the AF_UNIX implementation in the Linux kernel. A\n local attacker could use crafted epoll_ctl calls to cause a denial of service\n (system crash) or expose sensitive information. (CVE-2013-7446)\n\n It was discovered that the KVM implementation in the Linux kernel did not\n properly restore the values of the Programmable Interrupt Timer (PIT). A\n user-assisted attacker in a KVM guest could cause a denial of service in\n the host (system crash). (CVE-2015-7513)\n\n It was discovered that the Linux kernel keyring subsystem contained a race\n between read and revoke operations. A local attacker could use this to\n cause a denial of service (system crash). (CVE-2015-7550)\n\n Sasha Levin discovered that the Reliable Datagram Sockets (RDS)\n implementation in the Linux kernel had a race condition when checking\n whether a socket was bound or not. A local attacker could use this to cause\n a denial of service (system crash). (CVE-2015-7990)\n\n It was discovered that the Btrfs implementation in the Linux kernel\n incorrectly handled compressed inline extants on truncation. A local\n attacker could use this to expose sensitive information. (CVE-2015-8374)\n\n It was discovered that the Linux kernel networking implementation did\n not validate protocol identifiers for certain protocol families, A local\n attacker could use this to cause a denial of service (system crash) or\n possibly gain administrative privileges. (CVE-2015-8543)\n\n Dmitry Vyukov discovered that the pptp implementation in the Linux kernel\n did not verify an address length when setting up a socket. A local attacker\n could use this to craft an application that exposed sensitive information\n from kernel memory. (CVE-2015-8569)\n\n David Miller discovered that the Bluetooth implementation in the Linux\n kernel did not properly validate the socket address length for Synchronous\n Connection-Oriented (SCO) sockets. A local attacker could use this to\n expose sensitive information. (CVE-2015-8575)\n\n It was discovered that the netfilter Network Address Translation (NAT)\n implementation did not ensure that data structures were initialized when\n handling IPv4 addresses. An attacker could use this to cause a denial of\n service (system crash). (CVE-2015-8787)\");\n script_tag(name:\"affected\", value:\"linux-lts-wily on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2890-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2890-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-generic\", ver:\"4.2.0-27.32~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-generic-lpae\", ver:\"4.2.0-27.32~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-lowlatency\", ver:\"4.2.0-27.32~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-powerpc-e500mc\", ver:\"4.2.0-27.32~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-powerpc-smp\", ver:\"4.2.0-27.32~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-powerpc64-emb\", ver:\"4.2.0-27.32~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-27-powerpc64-smp\", ver:\"4.2.0-27.32~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-7550", "CVE-2015-8543", "CVE-2016-1576", "CVE-2015-8575", "CVE-2015-8569", "CVE-2016-1575", "CVE-2015-8785"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-02-28T00:00:00", "id": "OPENVAS:1361412562310842667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842667", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-2910-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-2910-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842667\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-28 06:27:14 +0100 (Sun, 28 Feb 2016)\");\n script_cve_id(\"CVE-2016-1576\", \"CVE-2016-1575\", \"CVE-2015-7550\", \"CVE-2015-8543\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8785\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-2910-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-2910-1 fixed vulnerabilities in the\n Ubuntu 15.04 Linux kernel backported to Ubuntu 14.04 LTS. An incorrect\n locking fix caused a regression that broke graphics displays for Ubuntu\n 14.04 LTS guests running the Ubuntu 15.04 backport kernel within VMWare\n virtual machines. This update fixes the problem.\n\n We apologize for the inconvenience.\n\n Original advisory details:\n\n halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,\n incorrectly propagated file attributes, including setuid. A local\n unprivileged attacker could use this to gain privileges. (CVE-2016-1576)\n\n halfdog discovered that OverlayFS in the Linux kernel incorrectly\n propagated security sensitive extended attributes, such as POSIX ACLs. A\n local unprivileged attacker could use this to gain privileges.\n (CVE-2016-1575)\n\n It was discovered that the Linux kernel keyring subsystem contained a race\n between read and revoke operations. A local attacker could use this to\n cause a denial of service (system crash). (CVE-2015-7550)\n\n It was discovered that the Linux kernel networking implementation did\n not validate protocol identifiers for certain protocol families, A local\n attacker could use this to cause a denial of service (system crash) or\n possibly gain administrative privileges. (CVE-2015-8543)\n\n Dmitry Vyukov discovered that the pptp implementation in the Linux kernel\n did not verify an address length when setting up a socket. A local attacker\n could use this to craft an application that exposed sensitive information\n from kernel memory. (CVE-2015-8569)\n\n David Miller discovered that the Bluetooth implementation in the Linux\n kernel did not properly validate the socket address length for Synchronous\n Connection-Oriented (SCO) sockets. A local attacker could use this to\n expose sensitive information. (CVE-2015-8575)\n\n It was discovered that the Linux kernel's Filesystem in Userspace (FUSE)\n implementation did not handle initial zero length segments properly. A\n local attacker could use this to cause a denial of service (unkillable\n task). (CVE-2015-8785)\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2910-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2910-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-51-generic\", ver:\"3.19.0-51.58~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-51-generic-lpae\", ver:\"3.19.0-51.58~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-51-lowlatency\", ver:\"3.19.0-51.58~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-51-powerpc-e500mc\", ver:\"3.19.0-51.58~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-51-powerpc-smp\", ver:\"3.19.0-51.58~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-51-powerpc64-emb\", ver:\"3.19.0-51.58~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-51-powerpc64-smp\", ver:\"3.19.0-51.58~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:50:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-8539", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569"], "description": "The SUSE Linux Enterprise 12 kernel was updated to receive various\n security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n\n The following non-security bugs were fixed:\n - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - Re-add copy_page_vector_to_user()\n - Refresh patches.xen/xen3-patch-3.12.46-47 (bsc#959705).\n - Refresh patches.xen/xen3-patch-3.9 (bsc#951155).\n - Update\n patches.suse/btrfs-8361-Btrfs-keep-dropped-roots-in-cache-until-transaction\n -.patch (bnc#935087, bnc#945649, bnc#951615).\n - bcache: Add btree_insert_node() (bnc#951638).\n - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).\n - bcache: Clean up keylist code (bnc#951638).\n - bcache: Convert btree_insert_check_key() to btree_insert_node()\n (bnc#951638).\n - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).\n - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).\n - bcache: Explicitly track btree node's parent (bnc#951638).\n - bcache: Fix a bug when detaching (bsc#951638).\n - bcache: Fix a lockdep splat in an error path (bnc#951638).\n - bcache: Fix a shutdown bug (bsc#951638).\n - bcache: Fix more early shutdown bugs (bsc#951638).\n - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).\n - bcache: Insert multiple keys at a time (bnc#951638).\n - bcache: Refactor journalling flow control (bnc#951638).\n - bcache: Refactor request_write() (bnc#951638).\n - bcache: Use blkdev_issue_discard() (bnc#951638).\n - bcache: backing device set to clean after finishing detach (bsc#951638).\n - bcache: kill closure locking usage (bnc#951638).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - block: Always check queue limits for cloned requests (bsc#902606).\n - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).\n - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more\n (bsc#958647).\n - btrfs: Fix out-of-space bug (bsc#958647).\n - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).\n - btrfs: Set relative data on clear btrfs_block_group_cache->pinned\n (bsc#958647).\n - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).\n - btrfs: backref: Add special time_seq == (u64)-1 case for\n btrfs_find_all_roots() (bnc#935087, bnc#945649).\n - btrfs: backref: Do not merge refs which are not for same block\n (bnc#935087, bnc#945649).\n - btrfs: cleanup: remove no-used alloc_chunk in\n btrfs_check_data_free_space() (bsc#958647).\n - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,\n bnc#945649).\n - btrfs: delayed-ref: Use list to replace the ref_root in ref_head\n (bnc#935087, bnc#945649).\n - btrfs: extent-tree: Use ref_node to replace unneeded parameters in\n __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).\n - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).\n - btrfs: fix condition of commit transaction (bsc#958647).\n - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087,\n bnc#945649).\n - btrfs: fix order by which delayed references are run (bnc#949440).\n - btrfs: fix qgroup sanity tests (bnc#951615).\n - btrfs: fix race waiting for qgroup rescan worker (bnc#960300).\n - btrfs: fix regression running delayed references when using qgroups\n (bnc#951615).\n - btrfs: fix regression when running delayed references (bnc#951615).\n - btrfs: fix sleeping inside atomic context in qgroup rescan worker\n (bnc#960300).\n - btrfs: fix the number of transaction units needed to remove a block\n group (bsc#958647).\n - btrfs: keep dropped roots in cache until transaction commit (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new function to record old_roots (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new qgroup calculation function\n btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).\n - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan\n (bnc#960300).\n - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Make snapshot accounting work with new extent-oriented\n qgroup (bnc#935087, bnc#945649).\n - btrfs: qgroup: Record possible quota-related extent for qgroup\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: account shared subtree during snapshot delete\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).\n - btrfs: qgroup: exit the rescan worker during umount (bnc#960300).\n - btrfs: qgroup: fix quota disable during rescan (bnc#960300).\n - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087,\n bnc#945649).\n - btrfs: remove transaction from send (bnc#935087, bnc#945649).\n - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).\n - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,\n bnc#945649).\n - btrfs: use global reserve when deleting unused block group after ENOSPC\n (bsc#958647).\n - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).\n - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets\n (bsc#957395).\n - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).\n - drm: Allocate new master object when client becomes master (bsc#956876,\n bsc#956801).\n - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - ipv6: fix tunnel error handling (bsc#952579).\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - mm/mempolicy.c: convert the shared_policy lock to a rwlock (bnc#959436).\n - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).\n - pm, hinernate: use put_page in release_swap_writer (bnc#943959).\n - sched, isolcpu: make cpu_isolated_map visible outside scheduler\n (bsc#957395).\n - udp: properly support MSG_PEEK with truncated buffers (bsc#951199\n bsc#959364).\n - xhci: Workaround to get Intel xHCI reset working more reliably\n (bnc#957546).\n\n", "edition": 1, "modified": "2016-01-19T14:12:54", "published": "2016-01-19T14:12:54", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00018.html", "id": "SUSE-SU-2016:0168-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:33", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-7550", "CVE-2015-8550", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-8539", "CVE-2015-8767", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569"], "edition": 1, "description": "The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable\n release, and also includes security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers gain root\n privileges. (bsc#962075).\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user\n during a heartbeat timeout event after the 4-way handshake. Since\n sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the\n listening socket but released with the new association socket. The\n result is a deadlock on any future attempts to take the listening socket\n lock. (bsc#961509)\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958463).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).\n - ALSA: hda - Apply click noise workaround for Thinkpads generically\n (bsc#958439).\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - ALSA: hda - Flush the pending probe work at remove (boo#960710).\n - ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).\n - Add Cavium Thunderx network enhancements\n - Add RHEL to kernel-obs-build\n - Backport amd xgbe fixes and features\n - Backport arm64 patches from SLE12-SP1-ARM.\n - Btrfs: fix the number of transaction units needed to remove a block\n group (bsc#950178).\n - Btrfs: use global reserve when deleting unused block group after ENOSPC\n (bsc#950178).\n - Documentation: nousb is a module parameter (bnc#954324).\n - Driver for IBM System i/p VNIC protocol.\n - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent\n tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can't\n be built as a module.\n - Fix PCI generic host controller\n - Fix kABI breakage for max_dev_sectors addition to queue_limits\n (boo#961263).\n - HID: multitouch: Fetch feature reports on demand for Win8 devices\n (boo#954532).\n - HID: multitouch: fix input mode switching on some Elan panels\n (boo#954532).\n - Implement enable/disable for Display C6 state (boo#960021).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - Linux 4.1.15 (boo#954647 bsc#955422).\n - Move kabi patch to patches.kabi directory\n - Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in\n SLE11-SP3, now replaced with the upstream drivers.\n - PCI: generic: Pass starting bus number to pci_scan_root_bus().\n - Revert "block: remove artifical max_hw_sectors cap" (boo#961263).\n - Set system time through RTC device\n - Update arm64 config files. Enabled DRM_AST in the vanilla kernel since\n it is now enabled in the default kernel.\n - Update config files: CONFIG_IBMVNIC=m\n - block/sd: Fix device-imposed transfer length limits (boo#961263).\n - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).\n - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).\n - drm/i915/skl: Add DC6 Trigger sequence (boo#960021).\n - drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).\n - drm/i915/skl: Add the INIT power domain to the MISC I/O power well\n (boo#960021).\n - drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).\n - drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).\n - drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS\n (boo#960021).\n - drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).\n - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).\n - drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).\n - drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).\n - drm/i915/skl: Make the Misc I/O power well part of the PLLS domain\n (boo#960021).\n - drm/i915/skl: add F0 stepping ID (boo#960021).\n - drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).\n - drm/i915: Clear crtc atomic flags at beginning of transaction\n (boo#960021).\n - drm/i915: Fix CSR MMIO address check (boo#960021).\n - drm/i915: Switch to full atomic helpers for plane updates/disable, take\n two (boo#960021).\n - drm/i915: set CDCLK if DPLL0 enabled during resuming from S3\n (boo#960021).\n - ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - group-source-files: mark module.lds as devel file ld: cannot open linker\n script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such\n file or directory\n - hwrng: core - sleep interruptible in read (bnc#962597).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - kABI fixes for linux-4.1.15.\n - rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir\n - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB\n on s390x, 20GB elsewhere.\n - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds\n started to fail randomly due to ENOSPC errors.\n - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH\n CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since\n 2.6.39 and is enabled in our configs.\n - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file\n - rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel\n should not be added to the bootloader nor are there any KMPs.\n - rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11\n (bnc#865096)\n - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also,\n remove the lengthy comment, since we are using a standard rpm macro now.\n - thinkpad_acpi: Do not yell on unsupported brightness interfaces\n (boo#957152).\n - usb: make "nousb" a clear module parameter (bnc#954324).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).\n - x86/microcode/amd: Extract current patch level read to a function\n (bsc#913996).\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set\n (bsc#957990 XSA-157).\n - xhci: refuse loading if nousb is used (bnc#954324).\n\n", "modified": "2016-01-29T14:11:40", "published": "2016-01-29T14:11:40", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00049.html", "id": "OPENSUSE-SU-2016:0280-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2014-9529", "CVE-2015-8215", "CVE-2015-7550", "CVE-2014-8989", "CVE-2015-5307", "CVE-2015-8550", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-7990", "CVE-2015-8767", "CVE-2015-7799", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-7885", "CVE-2015-6937", "CVE-2015-8104"], "description": "The openSUSE 13.2 kernel was updated to receive various security and\n bugfixes.\n\n Following security bugs were fixed:\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers gain root\n privileges. (bsc#962075).\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2014-8989: The Linux kernel did not properly restrict dropping\n of supplemental group memberships in certain namespace scenarios, which\n allowed local users to bypass intended file permissions by leveraging a\n POSIX ACL containing an entry for the group category that is more\n restrictive than the entry for the other category, aka a "negative\n groups" issue, related to kernel/groups.c, kernel/uid16.c, and\n kernel/user_namespace.c (bnc#906545).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandles IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel through 4.2.3 did not ensure that certain slot numbers are\n valid, which allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl\n call (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #DB (aka Debug)\n exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #AC (aka Alignment\n Check) exceptions, related to svm.c and vmx.c (bnc#953527).\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key (bnc#912202).\n - CVE-2015-7990: Race condition in the rds_sendmsg function in\n net/rds/sendmsg.c in the Linux kernel allowed local users to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by using a socket that was not\n properly bound. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-6937 (bnc#952384 953052).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified\n other impact by using a socket that was not properly bound (bnc#945825).\n - CVE-2015-7885: The dgnc_mgmt_ioctl function in\n drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did\n not initialize a certain structure member, which allowed local users to\n obtain sensitive information from kernel memory via a crafted\n application (bnc#951627).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user\n during a heartbeat timeout event after the 4-way handshake. Since\n sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the\n listening socket but released with the new association socket. The\n result is a deadlock on any future attempts to take the listening socket\n lock. (bsc#961509)\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934).\n - KVM: x86: update masterclock values on TSC writes (bsc#961739).\n - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2\n client (bsc#960839).\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another\n task (bsc#921949).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cdrom: Random writing support for BD-RE media (bnc#959568).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - ipv6: fix tunnel error handling (bsc#952579).\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n - uas: Add response iu handling (bnc#954138).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set\n (bsc#957990 XSA-157).\n\n", "edition": 1, "modified": "2016-02-03T15:11:57", "published": "2016-02-03T15:11:57", "id": "OPENSUSE-SU-2016:0318-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00005.html", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:29:26", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8215", "CVE-2016-2069", "CVE-2015-7550", "CVE-2016-0723", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-8539", "CVE-2015-8660", "CVE-2015-8767", "CVE-2015-7799", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-0272", "CVE-2015-5707", "CVE-2015-8785"], "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.53 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request (bnc#940338).\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in\n the Linux kernel did not properly use a semaphore, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a crafted\n application that leverages a race condition between keyctl_revoke and\n keyctl_read calls (bnc#958951).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that was (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272 (bnc#955354).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Optimizations introduced by the compiler could have lead\n to double fetch vulnerabilities, potentially possibly leading to\n arbitrary code execution in backend (bsc#957988).\n - CVE-2015-8551: Xen PCI backend driver did not perform proper sanity\n checks on the device's state, allowing for DoS (bsc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the\n Linux kernel did not verify an address length, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted application (bnc#959399).\n - CVE-2015-8660: The ovl_setattr function in fs/overlayfs/inode.c in the\n Linux kernel attempted to merge distinct setattr operations, which\n allowed local users to bypass intended access restrictions and modify\n the attributes of arbitrary overlay files via a crafted application\n (bnc#960281).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-2069: A race in invalidating paging structures that were not in\n use locally could have lead to disclosoure of information or arbitrary\n code exectution (bnc#963767).\n\n The following non-security bugs were fixed:\n - ACPI: Introduce apic_id in struct processor to save parsed APIC id\n (bsc#959463).\n - ACPI: Make it possible to get local x2apic id via _MAT (bsc#959463).\n - ACPI: use apic_id and remove duplicated _MAT evaluation (bsc#959463).\n - ACPICA: Correctly cleanup after a ACPI table load failure (bnc#937261).\n - Add sd_mod to initrd modules. For some reason PowerVM backend can't work\n without sd_mod\n - Do not modify perf bias performance setting by default at boot\n (bnc#812259, bsc#959629).\n - Documentation: Document kernel.panic_on_io_nmi sysctl (bsc#940946,\n bsc#937444).\n - Driver for IBM System i/p VNIC protocol\n - Drop blktap patches from SLE12, since the driver is unsupported\n - Improve fairness when locking the per-superblock s_anon list\n (bsc#957525, bsc#941363).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - NFSD: Do not start lockd when only NFSv4 is running\n - NFSv4: Recovery of recalled read delegations is broken (bsc#956514).\n - Replace with 176bed1d vmstat: explicitly schedule per-cpu work on the\n CPU we need it to run on\n - Revert "ipv6: add complete rcu protection around np->opt" (bnc#961257).\n - Revert 874bbfe60 workqueue: make sure delayed work run in local cpu 1.\n Without 22b886dd, 874bbfe60 leads to timer corruption. 2. With 22b886dd\n applied, victim of 1 reports performance regression (1,2\n <a rel=\"nofollow\" href=\"https://lkml.org/lkml/2016/2/4/618\">https://lkml.org/lkml/2016/2/4/618</a>) 3. Leads to scheduling work to\n offlined CPU (bnc#959463). SLERT: 4. NO_HZ_FULL regressession, unbound\n delayed work timer is no longer deflected to a housekeeper CPU.\n - be2net: fix some log messages (bnc#855062, bnc#867583).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - block: Always check queue limits for cloned requests (bsc#902606).\n - block: Always check queue limits for cloned requests (bsc#902606).\n - bnx2x: Add new device ids under the Qlogic vendor (bnc#964821).\n - btrfs: Add qgroup tracing (bnc#935087, bnc#945649).\n - btrfs: Update btrfs qgroup status item when rescan is done (bnc#960300).\n - btrfs: backref: Add special time_seq == (u64)-1 case for\n btrfs_find_all_roots() (bnc#935087, bnc#945649).\n - btrfs: backref: Do not merge refs which are not for same block\n (bnc#935087, bnc#945649).\n - btrfs: delayed-ref: Cleanup the unneeded functions (bnc#935087,\n bnc#945649).\n - btrfs: delayed-ref: Use list to replace the ref_root in ref_head\n (bnc#935087, bnc#945649).\n - btrfs: extent-tree: Use ref_node to replace unneeded parameters in\n __inc_extent_ref() and __free_extent() (bnc#935087, bnc#945649).\n - btrfs: fix comp_oper to get right order (bnc#935087, bnc#945649).\n - btrfs: fix deadlock between direct IO write and defrag/readpages\n (bnc#965344).\n - btrfs: fix leak in qgroup_subtree_accounting() error path (bnc#935087,\n bnc#945649).\n - btrfs: fix order by which delayed references are run (bnc#949440).\n - btrfs: fix qgroup sanity tests (bnc#951615).\n - btrfs: fix race waiting for qgroup rescan worker (bnc#960300).\n - btrfs: fix regression running delayed references when using qgroups\n (bnc#951615).\n - btrfs: fix regression when running delayed references (bnc#951615).\n - btrfs: fix sleeping inside atomic context in qgroup rescan worker\n (bnc#960300).\n - btrfs: keep dropped roots in cache until transaction commit (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_counters() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add function qgroup_update_refcnt() (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new function to record old_roots (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Add new qgroup calculation function\n btrfs_qgroup_account_extents() (bnc#935087, bnc#945649).\n - btrfs: qgroup: Add the ability to skip given qgroup for old/new_roots\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup open-coded old/new_refcnt update and read\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Cleanup the old ref_node-oriented mechanism (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Do not copy extent buffer to do qgroup rescan\n (bnc#960300).\n - btrfs: qgroup: Fix a regression in qgroup reserved space (bnc#935087,\n bnc#945649).\n - btrfs: qgroup: Make snapshot accounting work with new extent-oriented\n qgroup (bnc#935087, bnc#945649).\n - btrfs: qgroup: Record possible quota-related extent for qgroup\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch rescan to new mechanism (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch self test to extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: Switch to new extent-oriented qgroup mechanism\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: account shared subtree during snapshot delete\n (bnc#935087, bnc#945649).\n - btrfs: qgroup: clear STATUS_FLAG_ON in disabling quota (bnc#960300).\n - btrfs: qgroup: exit the rescan worker during umount (bnc#960300).\n - btrfs: qgroup: fix quota disable during rescan (bnc#960300).\n - btrfs: qgroup: move WARN_ON() to the correct location (bnc#935087,\n bnc#945649).\n - btrfs: remove transaction from send (bnc#935087, bnc#945649).\n - btrfs: skip locking when searching commit root (bnc#963825).\n - btrfs: ulist: Add ulist_del() function (bnc#935087, bnc#945649).\n - btrfs: use btrfs_get_fs_root in resolve_indirect_ref (bnc#935087,\n bnc#945649).\n - crypto: nx - use common code for both NX decompress success cases\n (bsc#942476).\n - crypto: nx-842 - Mask XERS0 bit in return value (bsc#960221).\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).\n - drivers/firmware/memmap.c: do not allocate firmware_map_entry of same\n memory range (bsc#959463).\n - drivers/firmware/memmap.c: do not create memmap sysfs of same\n firmware_map_entry (bsc#959463).\n - drivers/firmware/memmap.c: pass the correct argument to\n firmware_map_find_entry_bootmem() (bsc#959463).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - fuse: break infinite loop in fuse_fill_write_pages() (bsc#963765).\n - group-source-files: mark module.lds as devel file ld: cannot open linker\n script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such\n file or directory\n - ipv6: fix tunnel error handling (bsc#952579).\n - jbd2: Fix unreclaimed pages after truncate in data=journal mode\n (bsc#961516).\n - kABI: reintroduce blk_rq_check_limits.\n - kabi: protect struct acpi_processor signature (bsc#959463).\n - kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup\n (bsc#940946, bsc#937444).\n - kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val) (bsc#940946,\n bsc#937444).\n - kernel: Provide READ_ONCE and ASSIGN_ONCE (bsc#940946, bsc#937444).\n - kernel: inadvertent free of the vector register save area (bnc#961202).\n - kexec: Fix race between panic() and crash_kexec() (bsc#940946,\n bsc#937444).\n - kgr: Remove the confusing search for fentry\n - kgr: Safe way to avoid an infinite redirection\n - kgr: do not print error for !abort_if_missing symbols (bnc#943989).\n - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572).\n - kgr: log when modifying kernel\n - kgr: mark some more missed kthreads (bnc#962336).\n - kgr: usb/storage: do not emit thread awakened (bnc#899908).\n - kvm: Add arch specific mmu notifier for page invalidation (bsc#959463).\n - kvm: Make init_rmode_identity_map() return 0 on success (bsc#959463).\n - kvm: Remove ept_identity_pagetable from struct kvm_arch (bsc#959463).\n - kvm: Rename make_all_cpus_request() to kvm_make_all_cpus_request() and\n make it non-static (bsc#959463).\n - kvm: Use APIC_DEFAULT_PHYS_BASE macro as the apic access page address\n (bsc#959463).\n - kvm: vmx: Implement set_apic_access_page_addr (bsc#959463).\n - kvm: x86: Add request bit to reload APIC access page address\n (bsc#959463).\n - kvm: x86: Unpin and remove kvm_arch->apic_access_page (bsc#959463).\n - libiscsi: Fix host busy blocking during connection teardown.\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - md/bitmap: do not pass -1 to bitmap_storage_alloc (bsc#955118).\n - md/bitmap: remove confusing code from filemap_get_page.\n - md/bitmap: remove rcu annotation from pointer arithmetic.\n - mem-hotplug: reset node managed pages when hot-adding a new pgdat\n (bsc#959463).\n - mem-hotplug: reset node present pages when hot-adding a new pgdat\n (bsc#959463).\n - memory-hotplug: clear pgdat which is allocated by bootmem in\n try_offline_node() (bsc#959463).\n - mm/memory_hotplug.c: check for missing sections in\n test_pages_in_a_zone() (VM Functionality, bnc#961588).\n - mm/mempolicy.c: convert the shared_policy lock to a rwlock (VM\n Performance, bnc#959436).\n - module: keep percpu symbols in module's symtab (bsc#962788).\n - nmi: provide the option to issue an NMI back trace to every cpu but\n current (bsc#940946, bsc#937444).\n - nmi: provide the option to issue an NMI back trace to every cpu but\n current (bsc#940946, bsc#937444).\n - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).\n - panic, x86: Allow CPUs to save registers even if looping in NMI context\n (bsc#940946, bsc#937444).\n - panic, x86: Fix re-entrance problem due to panic on NMI (bsc#940946,\n bsc#937444).\n - pci: Check for valid tags when calculating the VPD size (bsc#959146).\n - qeth: initialize net_device with carrier off (bnc#964230).\n - rpm/constraints.in: Bump disk space requirements up a bit Require 10GB\n on s390x, 20GB elsewhere.\n - rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed\n - rpm/kernel-binary.spec.in: Fix kernel-vanilla-devel dependency\n (bsc#959090)\n - rpm/kernel-binary.spec.in: Fix paths in kernel-vanilla-devel\n (bsc#959090).\n - rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file\n - rpm/kernel-binary.spec.in: Use bzip compression to speed up build\n (bsc#962356)\n - rpm/kernel-source.spec.in: Install kernel-macros for\n kernel-source-vanilla (bsc#959090)\n - rpm/kernel-spec-macros: Do not modify the release string in PTFs\n (bsc#963449)\n - rpm/package-descriptions: Add kernel-zfcpdump and drop -desktop\n - s390/cio: ensure consistent measurement state (bnc#964230).\n - s390/cio: fix measurement characteristics memleak (bnc#964230).\n - s390/cio: update measurement characteristics (bnc#964230).\n - s390/dasd: fix failfast for disconnected devices (bnc#961202).\n - s390/vtime: correct scaled cputime for SMT (bnc#964230).\n - s390/vtime: correct scaled cputime of partially idle CPUs (bnc#964230).\n - s390/vtime: limit MT scaling value updates (bnc#964230).\n - sched,numa: cap pte scanning overhead to 3% of run time (Automatic NUMA\n Balancing).\n - sched/fair: Care divide error in update_task_scan_period() (bsc#959463).\n - sched/fair: Disable tg load_avg/runnable_avg update for root_task_group\n (bnc#960227).\n - sched/fair: Move cache hot load_avg/runnable_avg into separate cacheline\n (bnc#960227).\n - sched/numa: Cap PTE scanning overhead to 3% of run time (Automatic NUMA\n Balancing).\n - sched: Fix race between task_group and sched_task_group (Automatic NUMA\n Balancing).\n - scsi: restart list search after unlock in scsi_remove_target\n (bsc#944749, bsc#959257).\n - supported.conf: Add more QEMU and VMware drivers to -base (bsc#965840).\n - supported.conf: Add netfilter modules to base (bsc#950292)\n - supported.conf: Add nls_iso8859-1 and nls_cp437 to -base (bsc#950292)\n - supported.conf: Add vfat to -base to be able to mount the ESP\n (bsc#950292).\n - supported.conf: Add virtio_{blk,net,scsi} to kernel-default-base\n (bsc#950292)\n - supported.conf: Also add virtio_pci to kernel-default-base (bsc#950292).\n - supported.conf: drop +external from ghash-clmulni-intel It was agreed\n that it does not make sense to maintain "external" for this specific\n module. Furthermore it causes problems in rather ordinary VMware\n environments. (bsc#961971)\n - udp: properly support MSG_PEEK with truncated buffers (bsc#951199\n bsc#959364).\n - x86, xsave: Support eager-only xsave features, add MPX support\n (bsc#938577).\n - x86/apic: Introduce apic_extnmi command line parameter (bsc#940946,\n bsc#937444).\n - x86/fpu/xstate: Do not assume the first zero xfeatures zero bit means\n the end (bsc#938577).\n - x86/fpu: Fix double-increment in setup_xstate_features() (bsc#938577).\n - x86/fpu: Remove xsave_init() bootmem allocations (bsc#938577).\n - x86/nmi: Save regs in crash dump on external NMI (bsc#940946,\n bsc#937444).\n - x86/nmi: Save regs in crash dump on external NMI (bsc#940946,\n bsc#937444).\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set\n (bsc#957990 XSA-157).\n - xfs: add a few more verifier tests (bsc#947953).\n - xfs: fix double free in xlog_recover_commit_trans (bsc#947953).\n - xfs: recovery of XLOG_UNMOUNT_TRANS leaks memory (bsc#947953).\n\n", "edition": 1, "modified": "2016-02-25T21:11:27", "published": "2016-02-25T21:11:27", "id": "SUSE-SU-2016:0585-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00057.html", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:25", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2384", "CVE-2015-8551", "CVE-2016-2543", "CVE-2016-2069", "CVE-2015-7550", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-2547", "CVE-2015-8812", "CVE-2016-2544", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-7515", "CVE-2015-8539", "CVE-2016-2545", "CVE-2015-8767", "CVE-2016-2546", "CVE-2016-2549", "CVE-2015-8575", "CVE-2015-8552", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-8785"], "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n Following feature was added to kernel-xen:\n - A improved XEN blkfront module was added, which allows more I/O\n bandwidth. (FATE#320200) It is called xen-blkfront in PV, and\n xen-vbd-upstream in HVM mode.\n\n The following security bugs were fixed:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver\n could be used by physical local attackers to crash the kernel\n (bnc#956708).\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in\n the Linux kernel did not properly use a semaphore, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a crafted\n application that leverages a race condition between keyctl_revoke and\n keyctl_read calls (bnc#958951).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service\n or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the\n Linux kernel did not verify an address length, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted application (bnc#959190 bnc#959399).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel\n driver when the network was considered to be congested. This could be\n used by local attackers to cause machine crashes or potentially code\n execution (bsc#966437).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak\n to information leaks (bnc#963767).\n - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the\n umidi object which could lead to crashes (bsc#966693).\n - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA\n that could lead to crashes. (bsc#967972).\n - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547,\n CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer\n handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011,\n bsc#968012, bsc#968013).\n\n The following non-security bugs were fixed:\n - alsa: hda - Add one more node in the EAPD supporting candidate list\n (bsc#963561).\n - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).\n - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT\n (bsc#966137).\n - alsa: hda - disable dynamic clock gating on Broxton before reset\n (bsc#966137).\n - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver\n implementation (bsc#957986, bsc#956084, bsc#961658).\n - Fix handling of re-write-before-commit for mmapped NFS pages\n (bsc#964201).\n - nfsv4: Recovery of recalled read delegations is broken (bsc#956514).\n - nvme: default to 4k device page size (bsc#967042).\n - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too\n (bsc#951815).\n - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch\n (bsc#959705).\n - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also\n address bsc#966094).\n - sunrpc: restore fair scheduling to priority queues (bsc#955308).\n - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT\n when the device is removed (bnc#956375).\n - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and\n TIOCGICOUNT (bnc#956375).\n - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375).\n - usb: ftdi_sio: fix tiocmget indentation (bnc#956375).\n - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375).\n - usb: ftdi_sio: remove unnecessary memset (bnc#956375).\n - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375).\n - usb: pl2303: clean up line-status handling (bnc#959649).\n - usb: pl2303: only wake up MSR queue on changes (bnc#959649).\n - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649).\n - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375).\n - Update\n patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch\n (bnc#940017, bnc#949298, bnc#947128).\n - xen: Update Xen config files (enable upstream block frontend).\n - ec2: Update kabi files and start tracking ec2\n - xen: consolidate and simplify struct xenbus_driver instantiation\n (bsc#961658 fate#320200).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - block: Always check queue limits for cloned requests (bsc#933782).\n - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658\n fate#320200).\n - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818).\n - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369).\n - bnx2x: fix DMA API usage (bsc#953369).\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).\n - driver: xen-blkfront: move talk_to_blkback to a more suitable place\n (bsc#961658 fate#320200).\n - drivers: xen-blkfront: only talk_to_blkback() when in\n XenbusStateInitialising (bsc#961658 fate#320200).\n - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276).\n - drm/i915: Evict CS TLBs between batches (bsc#758040).\n - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - ext3: NULL dereference in ext3_evict_inode() (bsc#942082).\n - ext3: fix data=journal fast mount/umount hang (bsc#942082).\n - firmware: Create directories for external firmware (bsc#959312).\n - firmware: Simplify directory creation (bsc#959312).\n - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375).\n - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925).\n - jbd: Fix unreclaimed pages after truncate in data=journal mode\n (bsc#961516).\n - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no\n external, 3rd party modules use the symbol and the\n bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver.\n (bsc#953369)\n - kbuild: create directory for dir/file.o (bsc#959312).\n - llist/xen-blkfront: implement safe version of llist_for_each_entry\n (bsc#961658 fate#320200).\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307).\n - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).\n - pci: Update VPD size with correct length (bsc#958906).\n - pl2303: fix TIOCMIWAIT (bnc#959649).\n - pl2303: introduce private disconnect method (bnc#959649).\n - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514).\n - s390/cio: collect format 1 channel-path description data (bnc#958000,\n LTC#136434).\n - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434).\n - s390/cio: fix measurement characteristics memleak (bnc#958000,\n LTC#136434).\n - s390/cio: update measurement characteristics (bnc#958000, LTC#136434).\n - s390/dasd: fix failfast for disconnected devices (bnc#958000,\n LTC#135138).\n - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000,\n LTC#136143).\n - s390/sclp: Move declarations for sclp_sdias into separate header file\n (bnc#958000, LTC#136143).\n - scsi_dh_rdac: always retry MODE SELECT on command lock violation\n (bsc#956949).\n - supported.conf: Add xen-blkfront.\n - tg3: 5715 does not link up when autoneg off (bsc#904035).\n - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375).\n - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912).\n - vmxnet3: fix netpoll race condition (bsc#958912).\n - xen, blkfront: factor out flush-related checks from do_blkif_request()\n (bsc#961658 fate#320200).\n - xen-blkfront: Handle discard requests (bsc#961658 fate#320200).\n - xen-blkfront: If no barrier or flush is supported, use invalid operation\n (bsc#961658 fate#320200).\n - xen-blkfront: Introduce a 'max' module parameter to alter the amount of\n indirect segments (bsc#961658 fate#320200).\n - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658\n fate#320200).\n - xen-blkfront: allow building in our Xen environment (bsc#961658\n fate#320200).\n - xen-blkfront: check for null drvdata in blkback_changed\n (XenbusStateClosing) (bsc#961658 fate#320200).\n - xen-blkfront: do not add indirect pages to list when !feature_persistent\n (bsc#961658 fate#320200).\n - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658\n fate#320200).\n - xen-blkfront: fix a deadlock while handling discard response (bsc#961658\n fate#320200).\n - xen-blkfront: fix accounting of reqs when migrating (bsc#961658\n fate#320200).\n - xen-blkfront: free allocated page (bsc#961658 fate#320200).\n - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658\n fate#320200).\n - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200).\n - xen-blkfront: improve aproximation of required grants per request\n (bsc#961658 fate#320200).\n - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658\n fate#320200).\n - xen-blkfront: plug device number leak in xlblk_init() error path\n (bsc#961658 fate#320200).\n - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200).\n - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200).\n - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658\n fate#320200).\n - xen-blkfront: restore the non-persistent data path (bsc#961658\n fate#320200).\n - xen-blkfront: revoke foreign access for grants not mapped by the backend\n (bsc#961658 fate#320200).\n - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658\n fate#320200).\n - xen-blkfront: switch from llist to list (bsc#961658 fate#320200).\n - xen-blkfront: use a different scatterlist for each request (bsc#961658\n fate#320200).\n - xen-block: implement indirect descriptors (bsc#961658 fate#320200).\n - xen/blk[front|back]: Enhance discard support with secure erasing support\n (bsc#961658 fate#320200).\n - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard\n together (bsc#961658 fate#320200).\n - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658\n fate#320200).\n - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200).\n - xen/blkfront: Fix crash if backend does not follow the right states\n (bsc#961658 fate#320200).\n - xen/blkfront: do not put bdev right after getting it (bsc#961658\n fate#320200).\n - xen/blkfront: improve protection against issuing unsupported REQ_FUA\n (bsc#961658 fate#320200).\n - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200).\n - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658\n fate#320200).\n - xen/x86/mm: Add barriers and document switch_mm()-vs-flush\n synchronization (bnc#963767).\n - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183).\n - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479).\n\n", "edition": 1, "modified": "2016-03-30T15:08:18", "published": "2016-03-30T15:08:18", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html", "id": "SUSE-SU-2016:0911-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:35:13", "bulletinFamily": "unix", "cvelist": ["CVE-2016-2384", "CVE-2015-8551", "CVE-2016-2543", "CVE-2016-2069", "CVE-2015-7550", "CVE-2016-2548", "CVE-2016-0723", "CVE-2016-2547", "CVE-2015-8812", "CVE-2016-2544", "CVE-2015-8550", "CVE-2015-8543", "CVE-2015-7515", "CVE-2015-8539", "CVE-2016-2545", "CVE-2015-8767", "CVE-2016-2546", "CVE-2016-2549", "CVE-2015-8575", "CVE-2015-8552", "CVE-2013-7446", "CVE-2015-8569", "CVE-2015-8785"], "description": "The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various\n security and bugfixes.\n\n Following feature was added to kernel-xen:\n - A improved XEN blkfront module was added, which allows more I/O\n bandwidth. (FATE#320200) It is called xen-blkfront in PV, and\n xen-vbd-upstream in HVM mode.\n\n The following security bugs were fixed:\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n - CVE-2015-7515: An out of bounds memory access in the aiptek USB driver\n could be used by physical local attackers to crash the kernel\n (bnc#956708).\n - CVE-2015-7550: The keyctl_read_key function in security/keys/keyctl.c in\n the Linux kernel did not properly use a semaphore, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a crafted\n application that leverages a race condition between keyctl_revoke and\n keyctl_read calls (bnc#958951).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service\n or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8575: The sco_sock_bind function in net/bluetooth/sco.c in the\n Linux kernel did not verify an address length, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted application (bnc#959190 bnc#959399).\n - CVE-2015-8767: net/sctp/sm_sideeffect.c in the Linux kernel did not\n properly manage the relationship between a lock and a socket, which\n allowed local users to cause a denial of service (deadlock) via a\n crafted sctp_accept call (bnc#961509).\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in\n the Linux kernel allowed local users to cause a denial of service\n (infinite loop) via a writev system call that triggers a zero length for\n the first segment of an iov (bnc#963765).\n - CVE-2015-8812: A use-after-free flaw was found in the CXGB3 kernel\n driver when the network was considered to be congested. This could be\n used by local attackers to cause machine crashes or potentially code\n execution (bsc#966437).\n - CVE-2016-0723: Race condition in the tty_ioctl function in\n drivers/tty/tty_io.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (use-after-free and system crash) by making a TIOCGETD ioctl call during\n processing of a TIOCSETD ioctl call (bnc#961500).\n - CVE-2016-2069: Race conditions in TLB syncing was fixed which could leak\n to information leaks (bnc#963767).\n - CVE-2016-2384: Removed a double free in the ALSA usb-audio driver in the\n umidi object which could lead to crashes (bsc#966693).\n - CVE-2016-2543: Added a missing NULL check at remove_events ioctl in ALSA\n that could lead to crashes. (bsc#967972).\n - CVE-2016-2544, CVE-2016-2545, CVE-2016-2546, CVE-2016-2547,\n CVE-2016-2548, CVE-2016-2549: Various race conditions in ALSAs timer\n handling were fixed. (bsc#967975, bsc#967974, bsc#967973, bsc#968011,\n bsc#968012, bsc#968013).\n\n The following non-security bugs were fixed:\n - Add /etc/modprobe.d/50-xen.conf selecting Xen frontend driver\n implementation (bsc#957986, bsc#956084, bsc#961658).\n - alsa: hda - Add one more node in the EAPD supporting candidate list\n (bsc#963561).\n - alsa: hda - Apply clock gate workaround to Skylake, too (bsc#966137).\n - alsa: hda - disable dynamic clock gating on Broxton before reset\n (bsc#966137).\n - alsa: hda - Fix playback noise with 24/32 bit sample size on BXT\n (bsc#966137).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - block: Always check queue limits for cloned requests (bsc#933782).\n - block: xen-blkfront: Fix possible NULL ptr dereference (bsc#961658\n fate#320200).\n - bnx2x: Add new device ids under the Qlogic vendor (bsc#964818).\n - bnx2x: Alloc 4k fragment for each rx ring buffer element (bsc#953369).\n - bnx2x: fix DMA API usage (bsc#953369).\n - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#962965).\n - drivers: xen-blkfront: only talk_to_blkback() when in\n XenbusStateInitialising (bsc#961658 fate#320200).\n - driver: xen-blkfront: move talk_to_blkback to a more suitable place\n (bsc#961658 fate#320200).\n - drm/i915: Change semantics of hw_contexts_disabled (bsc#963276).\n - drm/i915: Evict CS TLBs between batches (bsc#758040).\n - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).\n - e1000e: Do not read ICR in Other interrupt (bsc#924919).\n - e1000e: Do not write lsc to ics in msi-x mode (bsc#924919).\n - e1000e: Fix msi-x interrupt automask (bsc#924919).\n - e1000e: Remove unreachable code (bsc#924919).\n - ec2: Update kabi files and start tracking ec2\n - ext3: fix data=journal fast mount/umount hang (bsc#942082).\n - ext3: NULL dereference in ext3_evict_inode() (bsc#942082).\n - firmware: Create directories for external firmware (bsc#959312).\n - firmware: Simplify directory creation (bsc#959312).\n - Fix handling of re-write-before-commit for mmapped NFS pages\n (bsc#964201).\n - ftdi_sio: private backport of TIOCMIWAIT (bnc#956375).\n - iommu/vt-d: Do not change dma domain on dma-mask change (bsc#955925).\n - jbd: Fix unreclaimed pages after truncate in data=journal mode\n (bsc#961516).\n - kabi/severities: Add exception for bnx2x_schedule_sp_rtnl() There is no\n external, 3rd party modules use the symbol and the\n bnx2x_schedule_sp_rtnl symbol is only used in the bnx2x driver.\n (bsc#953369)\n - kbuild: create directory for dir/file.o (bsc#959312).\n - llist/xen-blkfront: implement safe version of llist_for_each_entry\n (bsc#961658 fate#320200).\n - lpfc: Fix null ndlp dereference in target_reset_handler (bsc#951392).\n - memcg: do not hang on OOM when killed by userspace OOM access to memory\n reserves (bnc#969571).\n - mm-memcg-print-statistics-from-live-counters-fix (bnc#969307).\n - nfsv4: Recovery of recalled read delegations is broken (bsc#956514).\n - nvme: Clear BIO_SEG_VALID flag in nvme_bio_split() (bsc#954992).\n - nvme: default to 4k device page size (bsc#967042).\n - pci: leave MEM and IO decoding disabled during 64-bit BAR sizing, too\n (bsc#951815).\n - pci: Update VPD size with correct length (bsc#958906).\n - pl2303: fix TIOCMIWAIT (bnc#959649).\n - pl2303: introduce private disconnect method (bnc#959649).\n - qeth: initialize net_device with carrier off (bnc#958000, LTC#136514).\n - Refresh patches.xen/xen3-08-x86-ldt-make-modify_ldt-synchronous.patch\n (bsc#959705).\n - Refresh patches.xen/xen-vscsi-large-requests (refine fix and also\n address bsc#966094).\n - rt: v3.0-rt relevant @stable-rt patches from v3.2-rt rt111 update\n - s390/cio: collect format 1 channel-path description data (bnc#958000,\n LTC#136434).\n - s390/cio: ensure consistent measurement state (bnc#958000, LTC#136434).\n - s390/cio: fix measurement characteristics memleak (bnc#958000,\n LTC#136434).\n - s390/cio: update measurement characteristics (bnc#958000, LTC#136434).\n - s390/dasd: fix failfast for disconnected devices (bnc#958000,\n LTC#135138).\n - s390/sclp: Determine HSA size dynamically for zfcpdump (bnc#958000,\n LTC#136143).\n - s390/sclp: Move declarations for sclp_sdias into separate header file\n (bnc#958000, LTC#136143).\n - scsi_dh_rdac: always retry MODE SELECT on command lock violation\n (bsc#956949).\n - sunrpc: restore fair scheduling to priority queues (bsc#955308).\n - supported.conf: Add xen-blkfront.\n - tg3: 5715 does not link up when autoneg off (bsc#904035).\n - Update\n patches.fixes/mm-exclude-reserved-pages-from-dirtyable-memory-fix.patch\n (bnc#940017, bnc#949298, bnc#947128).\n - usb: ftdi_sio: fix race condition in TIOCMIWAIT, and abort of TIOCMIWAIT\n when the device is removed (bnc#956375).\n - usb: ftdi_sio: fix status line change handling for TIOCMIWAIT and\n TIOCGICOUNT (bnc#956375).\n - usb: ftdi_sio: fix tiocmget and tiocmset return values (bnc#956375).\n - usb: ftdi_sio: fix tiocmget indentation (bnc#956375).\n - usb: ftdi_sio: optimise chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: refactor modem-control status retrieval (bnc#956375).\n - usb: ftdi_sio: remove unnecessary memset (bnc#956375).\n - usb: ftdi_sio: use ftdi_get_modem_status in chars_in_buffer (bnc#956375).\n - usb: ftdi_sio: use generic chars_in_buffer (bnc#956375).\n - usb: pl2303: clean up line-status handling (bnc#959649).\n - usb: pl2303: only wake up MSR queue on changes (bnc#959649).\n - usb: pl2303: remove bogus delta_msr_wait wake up (bnc#959649).\n - usb: serial: export usb_serial_generic_chars_in_buffer (bnc#956375).\n - usb: serial: ftdi_sio: Add missing chars_in_buffer function (bnc#956375).\n - vmxnet3: fix building without CONFIG_PCI_MSI (bsc#958912).\n - vmxnet3: fix netpoll race condition (bsc#958912).\n - xen/blkback: Persistent grant maps for xen blk drivers (bsc#961658\n fate#320200).\n - xen/blkback: persistent-grants fixes (bsc#961658 fate#320200).\n - xen-blkfront: allow building in our Xen environment (bsc#961658\n fate#320200).\n - xen/blk[front|back]: Enhance discard support with secure erasing support\n (bsc#961658 fate#320200).\n - xen/blk[front|back]: Squash blkif_request_rw and blkif_request_discard\n together (bsc#961658 fate#320200).\n - xen-blkfront: check for null drvdata in blkback_changed\n (XenbusStateClosing) (bsc#961658 fate#320200).\n - xen-blkfront: do not add indirect pages to list when !feature_persistent\n (bsc#961658 fate#320200).\n - xen/blkfront: do not put bdev right after getting it (bsc#961658\n fate#320200).\n - xen-blkfront: drop the use of llist_for_each_entry_safe (bsc#961658\n fate#320200).\n - xen, blkfront: factor out flush-related checks from do_blkif_request()\n (bsc#961658 fate#320200).\n - xen-blkfront: fix accounting of reqs when migrating (bsc#961658\n fate#320200).\n - xen-blkfront: fix a deadlock while handling discard response (bsc#961658\n fate#320200).\n - xen/blkfront: Fix crash if backend does not follow the right states\n (bsc#961658 fate#320200).\n - xen-blkfront: free allocated page (bsc#961658 fate#320200).\n - xen-blkfront: handle backend CLOSED without CLOSING (bsc#961658\n fate#320200).\n - xen-blkfront: handle bvecs with partial data (bsc#961658 fate#320200).\n - xen-blkfront: Handle discard requests (bsc#961658 fate#320200).\n - xen-blkfront: If no barrier or flush is supported, use invalid operation\n (bsc#961658 fate#320200).\n - xen-blkfront: improve aproximation of required grants per request\n (bsc#961658 fate#320200).\n - xen/blkfront: improve protection against issuing unsupported REQ_FUA\n (bsc#961658 fate#320200).\n - xen-blkfront: Introduce a 'max' module parameter to alter the amount of\n indirect segments (bsc#961658 fate#320200).\n - xen-blkfront: make blkif_io_lock spinlock per-device (bsc#961658\n fate#320200).\n - xen-blkfront: plug device number leak in xlblk_init() error path\n (bsc#961658 fate#320200).\n - xen-blkfront: pre-allocate pages for requests (bsc#961658 fate#320200).\n - xen-blkfront: remove frame list from blk_shadow (bsc#961658 fate#320200).\n - xen/blkfront: remove redundant flush_op (bsc#961658 fate#320200).\n - xen-blkfront: remove type check from blkfront_setup_discard (bsc#961658\n fate#320200).\n - xen-blkfront: restore the non-persistent data path (bsc#961658\n fate#320200).\n - xen-blkfront: revoke foreign access for grants not mapped by the backend\n (bsc#961658 fate#320200).\n - xen-blkfront: set blk_queue_max_hw_sectors correctly (bsc#961658\n fate#320200).\n - xen-blkfront: Silence pfn maybe-uninitialized warning (bsc#961658\n fate#320200).\n - xen-blkfront: switch from llist to list (bsc#961658 fate#320200).\n - xen-blkfront: use a different scatterlist for each request (bsc#961658\n fate#320200).\n - xen-block: implement indirect descriptors (bsc#961658 fate#320200).\n - xen: consolidate and simplify struct xenbus_driver instantiation\n (bsc#961658 fate#320200).\n - xen/panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - xen/panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - xen/pvhvm: If xen_platform_pci=0 is set do not blow up (v4) (bsc#961658\n fate#320200).\n - xen: Update Xen config files (enable upstream block frontend).\n - xen/x86/mm: Add barriers and document switch_mm()-vs-flush\n synchronization (bnc#963767).\n - xen: x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - xen: x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xfs: Skip dirty pages in ->releasepage (bnc#912738, bnc#915183).\n - zfcp: fix fc_host port_type with NPIV (bnc#958000, LTC#132479).\n\n", "edition": 1, "modified": "2016-04-19T19:07:56", "published": "2016-04-19T19:07:56", "id": "SUSE-SU-2016:1102-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cve": [{"lastseen": "2021-02-02T06:21:31", "description": "The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.", "edition": 6, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.3, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-12-28T11:59:00", "title": "CVE-2015-8569", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8569"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.3.2"], "id": "CVE-2015-8569", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8569", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.3.2:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:29", "description": "arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.\n<a href=\"https://cwe.mitre.org/data/definitions/369.html\">CWE-369: Divide By Zero</a>", "edition": 6, "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-02-08T03:59:00", "title": "CVE-2015-7513", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7513"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.4"], "id": "CVE-2015-7513", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7513", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.4:rc8:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:30", "description": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka \"Linux pciback missing sanity checks.\"", "edition": 4, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-04-13T15:59:00", "title": "CVE-2015-8552", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8552"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:xen:xen:4.1.6", "cpe:/o:xen:xen:4.1.1", "cpe:/o:debian:debian_linux:6.0", "cpe:/o:xen:xen:3.4.4", "cpe:/o:xen:xen:4.0.3", "cpe:/o:xen:xen:4.3.0", "cpe:/o:xen:xen:4.0.4", "cpe:/o:xen:xen:3.4.0", "cpe:/o:xen:xen:3.1.4", "cpe:/o:xen:xen:4.2.4", "cpe:/o:xen:xen:4.1.5", "cpe:/o:xen:xen:4.2.0", "cpe:/o:xen:xen:4.1.4", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:11", "cpe:/o:xen:xen:4.3.2", "cpe:/o:xen:xen:3.2.0", "cpe:/o:xen:xen:4.0.1", "cpe:/o:xen:xen:4.2.3", "cpe:/o:xen:xen:3.2.3", "cpe:/o:xen:xen:4.2.1", "cpe:/o:xen:xen:4.0.2", "cpe:/o:xen:xen:4.1.0", "cpe:/o:xen:xen:4.1.6.1", "cpe:/o:xen:xen:4.2.2", "cpe:/o:xen:xen:3.3.0", "cpe:/o:xen:xen:4.3.4", "cpe:/o:xen:xen:4.2.5", "cpe:/o:xen:xen:4.1.3", "cpe:/o:xen:xen:4.0.0", "cpe:/o:xen:xen:3.4.1", "cpe:/o:xen:xen:4.3.1", "cpe:/o:xen:xen:3.3.1", "cpe:/o:xen:xen:3.3.2", "cpe:/o:xen:xen:4.3.3", "cpe:/o:xen:xen:4.1.2", "cpe:/o:xen:xen:3.1.3", "cpe:/o:xen:xen:3.4.3", "cpe:/o:xen:xen:3.2.2", "cpe:/o:xen:xen:3.4.2", "cpe:/o:novell:suse_linux_enterprise_debuginfo:11", "cpe:/o:xen:xen:3.2.1", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:12"], "id": "CVE-2015-8552", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8552", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:30", "description": "The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka \"Linux pciback missing sanity checks.\"", "edition": 7, "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.0, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.0}, "published": "2016-04-13T15:59:00", "title": "CVE-2015-8551", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8551"], "modified": "2020-08-26T13:53:00", "cpe": ["cpe:/o:suse:linux_enterprise_desktop:12", "cpe:/o:opensuse:opensuse:13.1", "cpe:/o:linux:linux_kernel:4.3.6", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:suse:linux_enterprise_real_time_extension:12", "cpe:/o:suse:linux_enterprise_software_development_kit:11", "cpe:/o:suse:linux_enterprise_software_development_kit:12", "cpe:/o:suse:linux_enterprise_workstation_extension:12", "cpe:/o:suse:linux_enterprise_server:12", "cpe:/o:suse:linux_enterprise_real_time_extension:11", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:suse:linux_enterprise_server:11", "cpe:/o:suse:linux_enterprise_desktop:11"], "id": "CVE-2015-8551", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8551", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*", "cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp4:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:29", "description": "The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-02-08T03:59:00", "title": "CVE-2015-7550", "type": "cve", "cwe": ["CWE-362", "NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7550"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.3.3"], "id": "CVE-2015-7550", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7550", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.3.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:30", "description": "Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.", "edition": 4, "cvss3": {"exploitabilityScore": 1.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-04-14T14:59:00", "title": "CVE-2015-8550", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8550"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:xen:xen:-", "cpe:/o:novell:suse_linux_enterprise_real_time_extension:12"], "id": "CVE-2015-8550", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8550", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}, "cpe23": ["cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:31", "description": "** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states \"there is no kernel bug here.\"", "edition": 6, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-02-08T03:59:00", "title": "CVE-2015-8709", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8709"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.4.1"], "id": "CVE-2015-8709", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8709", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.4.1:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:31", "description": "The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.", "edition": 6, "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2016-02-08T03:59:00", "title": "CVE-2015-8575", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8575"], "modified": "2017-11-04T01:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.3.3"], "id": "CVE-2015-8575", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8575", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.3.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:30", "description": "The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.\n<a href=\"http://cwe.mitre.org/data/definitions/476.html\">CWE-476: NULL Pointer Dereference</a>", "edition": 6, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-12-28T11:59:00", "title": "CVE-2015-8543", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8543"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:linux:linux_kernel:4.3.2"], "id": "CVE-2015-8543", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8543", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.3.2:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:21:36", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552", "CVE-2015-8709"], "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized \ndrivers which can cause double fetch vulnerabilities. An attacker in the \nparavirtualized guest could exploit this flaw to cause a denial of service \n(crash the host) or potentially execute arbitrary code on the host. \n(CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service (NULL dereference) on the host. \n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service by flooding the logging system with \nWARN() messages causing the initial domain to exhaust disk space. \n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux \nkernel. The namespace owner could potentially exploit this flaw by ptracing \na root owned process entering the user namespace to elevate its privileges \nand potentially gain access outside of the namespace. \n(<http://bugs.launchpad.net/bugs/1527374>, CVE-2015-8709)", "edition": 5, "modified": "2015-12-19T00:00:00", "published": "2015-12-19T00:00:00", "id": "USN-2851-1", "href": "https://ubuntu.com/security/notices/USN-2851-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:27:30", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552", "CVE-2015-8709"], "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized \ndrivers which can cause double fetch vulnerabilities. An attacker in the \nparavirtualized guest could exploit this flaw to cause a denial of service \n(crash the host) or potentially execute arbitrary code on the host. \n(CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service (NULL dereference) on the host. \n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service by flooding the logging system with \nWARN() messages causing the initial domain to exhaust disk space. \n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux \nkernel. The namespace owner could potentially exploit this flaw by ptracing \na root owned process entering the user namespace to elevate its privileges \nand potentially gain access outside of the namespace. \n(<http://bugs.launchpad.net/bugs/1527374>, CVE-2015-8709)", "edition": 5, "modified": "2015-12-19T00:00:00", "published": "2015-12-19T00:00:00", "id": "USN-2850-1", "href": "https://ubuntu.com/security/notices/USN-2850-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:41:21", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552", "CVE-2015-8709"], "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized \ndrivers which can cause double fetch vulnerabilities. An attacker in the \nparavirtualized guest could exploit this flaw to cause a denial of service \n(crash the host) or potentially execute arbitrary code on the host. \n(CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service (NULL dereference) on the host. \n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service by flooding the logging system with \nWARN() messages causing the initial domain to exhaust disk space. \n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux \nkernel. The namespace owner could potentially exploit this flaw by ptracing \na root owned process entering the user namespace to elevate its privileges \nand potentially gain access outside of the namespace. \n(<http://bugs.launchpad.net/bugs/1527374>, CVE-2015-8709)", "edition": 5, "modified": "2015-12-20T00:00:00", "published": "2015-12-20T00:00:00", "id": "USN-2854-1", "href": "https://ubuntu.com/security/notices/USN-2854-1", "title": "Linux kernel (Vivid HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:13", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552", "CVE-2015-8709"], "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized \ndrivers which can cause double fetch vulnerabilities. An attacker in the \nparavirtualized guest could exploit this flaw to cause a denial of service \n(crash the host) or potentially execute arbitrary code on the host. \n(CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service (NULL dereference) on the host. \n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service by flooding the logging system with \nWARN() messages causing the initial domain to exhaust disk space. \n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux \nkernel. The namespace owner could potentially exploit this flaw by ptracing \na root owned process entering the user namespace to elevate its privileges \nand potentially gain access outside of the namespace. \n(<http://bugs.launchpad.net/bugs/1527374>, CVE-2015-8709)", "edition": 5, "modified": "2015-12-19T00:00:00", "published": "2015-12-19T00:00:00", "id": "USN-2847-1", "href": "https://ubuntu.com/security/notices/USN-2847-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552", "CVE-2015-8709"], "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized \ndrivers which can cause double fetch vulnerabilities. An attacker in the \nparavirtualized guest could exploit this flaw to cause a denial of service \n(crash the host) or potentially execute arbitrary code on the host. \n(CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service (NULL dereference) on the host. \n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service by flooding the logging system with \nWARN() messages causing the initial domain to exhaust disk space. \n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux \nkernel. The namespace owner could potentially exploit this flaw by ptracing \na root owned process entering the user namespace to elevate its privileges \nand potentially gain access outside of the namespace. \n(<http://bugs.launchpad.net/bugs/1527374>, CVE-2015-8709)", "edition": 5, "modified": "2015-12-19T00:00:00", "published": "2015-12-19T00:00:00", "id": "USN-2849-1", "href": "https://ubuntu.com/security/notices/USN-2849-1", "title": "Linux kernel (Utopic HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:43:05", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552", "CVE-2015-8709"], "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized \ndrivers which can cause double fetch vulnerabilities. An attacker in the \nparavirtualized guest could exploit this flaw to cause a denial of service \n(crash the host) or potentially execute arbitrary code on the host. \n(CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service (NULL dereference) on the host. \n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service by flooding the logging system with \nWARN() messages causing the initial domain to exhaust disk space. \n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux \nkernel. The namespace owner could potentially exploit this flaw by ptracing \na root owned process entering the user namespace to elevate its privileges \nand potentially gain access outside of the namespace. \n(<http://bugs.launchpad.net/bugs/1527374>, CVE-2015-8709)", "edition": 5, "modified": "2015-12-20T00:00:00", "published": "2015-12-20T00:00:00", "id": "USN-2853-1", "href": "https://ubuntu.com/security/notices/USN-2853-1", "title": "Linux kernel (Wily HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:40:12", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552", "CVE-2015-8709"], "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized \ndrivers which can cause double fetch vulnerabilities. An attacker in the \nparavirtualized guest could exploit this flaw to cause a denial of service \n(crash the host) or potentially execute arbitrary code on the host. \n(CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service (NULL dereference) on the host. \n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service by flooding the logging system with \nWARN() messages causing the initial domain to exhaust disk space. \n(CVE-2015-8552)\n\nJann Horn discovered a ptrace issue with user namespaces in the Linux \nkernel. The namespace owner could potentially exploit this flaw by ptracing \na root owned process entering the user namespace to elevate its privileges \nand potentially gain access outside of the namespace. \n(<http://bugs.launchpad.net/bugs/1527374>, CVE-2015-8709)", "edition": 5, "modified": "2015-12-19T00:00:00", "published": "2015-12-19T00:00:00", "id": "USN-2848-1", "href": "https://ubuntu.com/security/notices/USN-2848-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:45:11", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8551", "CVE-2015-8550", "CVE-2015-8552"], "description": "Felix Wilhelm discovered a race condition in the Xen paravirtualized \ndrivers which can cause double fetch vulnerabilities. An attacker in the \nparavirtualized guest could exploit this flaw to cause a denial of service \n(crash the host) or potentially execute arbitrary code on the host. \n(CVE-2015-8550)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service (NULL dereference) on the host. \n(CVE-2015-8551)\n\nKonrad Rzeszutek Wilk discovered the Xen PCI backend driver does not \nperform sanity checks on the device's state. An attacker could exploit this \nflaw to cause a denial of service by flooding the logging system with \nWARN() messages causing the initial domain to exhaust disk space. \n(CVE-2015-8552)", "edition": 5, "modified": "2015-12-19T00:00:00", "published": "2015-12-19T00:00:00", "id": "USN-2846-1", "href": "https://ubuntu.com/security/notices/USN-2846-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.7, "vector": "AV:L/AC:L/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2020-07-18T01:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8374", "CVE-2015-7990", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569"], "description": "It was discovered that a use-after-free vulnerability existed in the \nAF_UNIX implementation in the Linux kernel. A local attacker could use \ncrafted epoll_ctl calls to cause a denial of service (system crash) or \nexpose sensitive information. (CVE-2013-7446)\n\nIt was discovered that the KVM implementation in the Linux kernel did not \nproperly restore the values of the Programmable Interrupt Timer (PIT). A \nuser-assisted attacker in a KVM guest could cause a denial of service in \nthe host (system crash). (CVE-2015-7513)\n\nIt was discovered that the Linux kernel keyring subsystem contained a race \nbetween read and revoke operations. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2015-7550)\n\nSasha Levin discovered that the Reliable Datagram Sockets (RDS) \nimplementation in the Linux kernel had a race condition when checking \nwhether a socket was bound or not. A local attacker could use this to cause \na denial of service (system crash). (CVE-2015-7990)\n\nIt was discovered that the Btrfs implementation in the Linux kernel \nincorrectly handled compressed inline extants on truncation. A local \nattacker could use this to expose sensitive information. (CVE-2015-8374)\n\n\u90ed\u6c38\u521a discovered that the Linux kernel networking implementation did \nnot validate protocol identifiers for certain protocol families, A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. (CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux kernel \ndid not verify an address length when setting up a socket. A local attacker \ncould use this to craft an application that exposed sensitive information \nfrom kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux \nkernel did not properly validate the socket address length for Synchronous \nConnection-Oriented (SCO) sockets. A local attacker could use this to \nexpose sensitive information. (CVE-2015-8575)", "edition": 6, "modified": "2016-02-02T00:00:00", "published": "2016-02-02T00:00:00", "id": "USN-2888-1", "href": "https://ubuntu.com/security/notices/USN-2888-1", "title": "Linux kernel (Utopic HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:46:49", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8787", "CVE-2015-7550", "CVE-2015-7513", "CVE-2015-8543", "CVE-2015-8374", "CVE-2015-7990", "CVE-2015-8575", "CVE-2013-7446", "CVE-2015-8569"], "description": "It was discovered that a use-after-free vulnerability existed in the \nAF_UNIX implementation in the Linux kernel. A local attacker could use \ncrafted epoll_ctl calls to cause a denial of service (system crash) or \nexpose sensitive information. (CVE-2013-7446)\n\nIt was discovered that the KVM implementation in the Linux kernel did not \nproperly restore the values of the Programmable Interrupt Timer (PIT). A \nuser-assisted attacker in a KVM guest could cause a denial of service in \nthe host (system crash). (CVE-2015-7513)\n\nIt was discovered that the Linux kernel keyring subsystem contained a race \nbetween read and revoke operations. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2015-7550)\n\nSasha Levin discovered that the Reliable Datagram Sockets (RDS) \nimplementation in the Linux kernel had a race condition when checking \nwhether a socket was bound or not. A local attacker could use this to cause \na denial of service (system crash). (CVE-2015-7990)\n\nIt was discovered that the Btrfs implementation in the Linux kernel \nincorrectly handled compressed inline extants on truncation. A local \nattacker could use this to expose sensitive information. (CVE-2015-8374)\n\n\u90ed\u6c38\u521a discovered that the Linux kernel networking implementation did \nnot validate protocol identifiers for certain protocol families, A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. (CVE-2015-8543)\n\nDmitry Vyukov discovered that the pptp implementation in the Linux kernel \ndid not verify an address length when setting up a socket. A local attacker \ncould use this to craft an application that exposed sensitive information \nfrom kernel memory. (CVE-2015-8569)\n\nDavid Miller discovered that the Bluetooth implementation in the Linux \nkernel did not properly validate the socket address length for Synchronous \nConnection-Oriented (SCO) sockets. A local attacker could use this to \nexpose sensitive information. (CVE-2015-8575)\n\nIt was discovered that the netfilter Network Address Translation (NAT) \nimplementation did not ensure that data structures were initialized when \nhandling IPv4 addresses. An attacker could use this to cause a denial of \nservice (system crash). (CVE-2015-8787)", "edition": 5, "modified": "2016-02-02T00:00:00", "published": "2016-02-02T00:00:00", "id": "USN-2890-1", "href": "https://ubuntu.com/security/notices/USN-2890-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:22", "bulletinFamily": "software", "cvelist": ["CVE-2015-7884", "CVE-2015-8543", "CVE-2015-8660", "CVE-2015-8569", "CVE-2015-7885"], "edition": 1, "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 \n11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| Not vulnerable| None \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-04-06T16:51:00", "published": "2016-01-29T10:40:00", "href": "https://support.f5.com/csp/article/K07560020", "id": "F5:K07560020", "type": "f5", "title": "Linux kernel vulnerabilities CVE-2015-7884, CVE-2015-7885, CVE-2015-8543, CVE-2015-8569, and CVE-2015-8660", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-26T17:23:20", "bulletinFamily": "software", "cvelist": ["CVE-2015-7884", "CVE-2015-8543", "CVE-2015-8660", "CVE-2015-8569", "CVE-2015-7885"], "edition": 1, "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-01-28T00:00:00", "published": "2016-01-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/07/sol07560020.html", "id": "SOL07560020", "title": "SOL07560020 - Linux kernel vulnerabilities CVE-2015-7884, CVE-2015-7885, CVE-2015-8543, CVE-2015-8569, and CVE-2015-8660", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8709"], "description": "The kernel meta package ", "modified": "2016-01-12T08:03:52", "published": "2016-01-12T08:03:52", "id": "FEDORA:E8A1B605F1FB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.3.3-300.fc23", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4312", "CVE-2015-7513", "CVE-2015-7566", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8709", "CVE-2015-8767", "CVE-2015-8787", "CVE-2016-0723", "CVE-2016-0728"], "description": "The kernel meta package ", "modified": "2016-02-01T06:34:15", "published": "2016-02-01T06:34:15", "id": "FEDORA:0D267606CFB3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.3.4-200.fc22", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7446", "CVE-2015-7550", "CVE-2015-8543"], "description": "The kernel meta package ", "modified": "2015-12-22T07:24:44", "published": "2015-12-22T07:24:44", "id": "FEDORA:C7C84604E909", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.2.8-200.fc22", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-7446", "CVE-2015-7550", "CVE-2015-8543"], "description": "The kernel meta package ", "modified": "2015-12-22T22:09:32", "published": "2015-12-22T22:09:32", "id": "FEDORA:BAFAB6087824", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.2.8-300.fc23", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:21:51", "bulletinFamily": "unix", "cvelist": ["CVE-2015-7550", "CVE-2015-8543", "CVE-2015-8575"], "description": "Package\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0: linux-2.6\nVersion\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0: 2.6.32-48squeeze18\nCVE ID\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0: CVE-2015-7550 CVE-2015-8543 CVE-2015-8575\nDebian Bug\u00a0\u00a0\u00a0\u00a0\u00a0: #808293\n\nThis update fixes the CVEs described below.\n\nCVE-2015-7550\n\n\u00a0\u00a0\u00a0\u00a0Dmitry Vyukov discovered a race condition in the keyring subsystem\n\u00a0\u00a0\u00a0\u00a0that allows a local user to cause a denial of service (crash).\n\nCVE-2015-8543\n\n\u00a0\u00a0\u00a0\u00a0It was discovered that a local user permitted to create raw sockets\n\u00a0\u00a0\u00a0\u00a0could cause a denial-of-service by specifying an invalid protocol\n\u00a0\u00a0\u00a0\u00a0number for the socket. The attacker must have the CAP_NET_RAW\n\u00a0\u00a0\u00a0\u00a0capability.\n\nCVE-2015-8575\n\n\u00a0\u00a0\u00a0\u00a0David Miller discovered a flaw in the Bluetooth SCO sockets\n\u00a0\u00a0\u00a0\u00a0implementation that leads to an information leak to local users.\n\nIn addition, this update fixes a regression in the previous update:\n\n#808293\n\n\u00a0\u00a0\u00a0\u00a0A regression in the UDP implementation prevented freeradius and\n\u00a0\u00a0\u00a0\u00a0some other applications from receiving data.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 2.6.32-48squeeze18.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 3.2.73-2+deb7u2.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt20-1+deb8u2 or earlier.\n\n-- \nBen Hutchings - Debian developer, member of Linux kernel and LTS teams\n\n\n", "edition": 9, "modified": "2016-01-05T18:07:37", "published": "2016-01-05T18:07:37", "id": "DEBIAN:DLA-378-1:26763", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201601/msg00004.html", "title": "[SECURITY] [DLA 378-1] linux-2.6 security update", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:52", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8543"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3426-2 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nMarch 03, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ctdb\nDebian Bug : 813406\n\nThe update for linux issued as DSA-3426-1 and DSA-3434-1 to address\nCVE-2015-8543 uncovered a bug in ctdb, a clustered database to store\ntemporary data, leading to broken clusters. Updated packages are now\navailable to address this problem.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1.12+git20120201-5.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 2.5.4+debian0-4+deb8u1.\n\nWe recommend that you upgrade your ctdb packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2016-03-03T16:15:59", "published": "2016-03-03T16:15:59", "id": "DEBIAN:DSA-3426-2:305C5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2016/msg00074.html", "title": "[SECURITY] [DSA 3426-2] ctdb regression update", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:39", "bulletinFamily": "software", "cvelist": ["CVE-2015-7550", "CVE-2015-8543", "CVE-2016-1576", "CVE-2015-8575", "CVE-2015-8569", "CVE-2016-1575", "CVE-2015-8785"], "description": "USN-2910-1 Linux kernel vulnerability\n\n# \n\nHigh\n\n# Vendor\n\nUbuntu\n\n# Versions Affected\n\n * Ubuntu 14.04 \n\n# Description\n\nhalfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. ([CVE-2016-1576](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1576>))\n\nhalfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. ([CVE-2016-1575](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1575>))\n\nIt was discovered that the Linux kernel keyring subsystem contained a race between read and revoke operations. A local attacker could use this to cause a denial of service (system crash). ([CVE-2015-7550](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7550>))\n\n\u90ed\u6c38\u521a discovered that the Linux kernel networking implementation did not validate protocol identifiers for certain protocol families, A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. ([CVE-2015-8543](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8543>))\n\nDmitry Vyukov discovered that the pptp implementation in the Linux kernel did not verify an address length when setting up a socket. A local attacker could use this to craft an application that exposed sensitive information from kernel memory. ([CVE-2015-8569](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8569>))\n\nDavid Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information. ([CVE-2015-8575](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8575>))\n\nIt was discovered that the Linux kernel\u2019s Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). ([CVE-2015-8785](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8785>))\n\nThe Cloud Foundry project released a BOSH stemcell version 3146.9 that has the patched version of the Linux kernel.\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * All versions of Cloud Foundry BOSH stemcells prior to 3146.5 are vulnerable. \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with BOSH stemcells 3146.9. \n\n# Credit\n\nhalfdog, \u90ed\u6c38\u521a, Dmitry Vyukov, David Miller\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2910-1>\n * <https://bosh.io/stemcells>\n * <https://github.com/cloudfoundry/cf-release>\n", "edition": 5, "modified": "2016-02-26T00:00:00", "published": "2016-02-26T00:00:00", "id": "CFOUNDRY:15914764000DDC203CA1C6352FDFCDC2", "href": "https://www.cloudfoundry.org/blog/usn-2910-1/", "title": "USN-2910-1 Linux kernel vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "xen": [{"lastseen": "2016-09-04T11:24:08", "bulletinFamily": "software", "cvelist": ["CVE-2015-8551", "CVE-2015-8552"], "description": "#### ISSUE DESCRIPTION\nXen PCI backend driver does not perform proper sanity checks on the device's state.\nWhich in turn allows the generic MSI code (called by Xen PCI backend) to be called incorrectly leading to hitting BUG conditions or causing NULL pointer exceptions in the MSI code. (CVE-2015-8551)\nTo exploit this the guest can craft specific sequence of XEN_PCI_OP_* operations which will trigger this.\nFurthermore the frontend can also craft an continous stream of XEN_PCI_OP_enable_msi which will trigger an continous stream of WARN() messages triggered by the MSI code leading to the logging in the initial domain to exhaust disk space. (CVE-2015-8552)\nLastly there is also missing check to verify whether the device has memory decoding enabled set at the start of the day leading the initial domain "accesses to the respective MMIO or I/O port ranges would\n- on PCI Express devices - [which can] lead to Unsupported Request responses. The treatment of such errors is platform specific." (from XSA-120). Note that if XSA-120 'addendum' patch (re CVE-2015-8553) has been applied this particular sub-issue is not exploitable.\n#### IMPACT\nMalicious guest administrators can cause denial of service. If driver domains are not in use, the impact is a host crash.\nOnly x86 systems are vulnerable. ARM systems are not vulnerable.\n#### VULNERABLE SYSTEMS\nThis bug affects systems using Linux as the driver domain, including non-disaggregated systems using Linux as dom0.\nLinux versions v3.1 and onwards are vulnerable due to supporting PCI pass-through backend driver.\nPV and HVM guests which have been granted access to physical PCI devices (`PCI passthrough') can take advantage of this vulnerability.\nFurthermore, the vulnerability is only applicable when the passed-through PCI devices are MSI-capable or MSI-X. (Most modern devices are).\n", "edition": 1, "modified": "2015-12-17T12:38:00", "published": "2015-12-17T12:00:00", "id": "XSA-157", "href": "http://xenbits.xen.org/xsa/advisory-157.html", "title": "Linux pciback missing sanity checks leading to crash", "type": "xen", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:24:08", "bulletinFamily": "software", "cvelist": ["CVE-2015-8550"], "edition": 1, "description": "#### ISSUE DESCRIPTION\nThe compiler can emit optimizations in the PV backend drivers which can lead to double fetch vulnerabilities. Specifically the shared memory between the frontend and backend can be fetched twice (during which time the frontend can alter the contents) possibly leading to arbitrary code execution in backend.\n#### IMPACT\nMalicious guest administrators can cause denial of service. If driver domains are not in use, the impact can be a host crash, or privilege escalation.\n#### VULNERABLE SYSTEMS\nSystems running PV or HVM guests are vulnerable.\nARM and x86 systems are vulnerable.\nAll OSes providing PV backends are susceptible, this includes Linux and NetBSD. By default the Linux distributions compile kernels with optimizations.\n", "modified": "2015-12-17T13:36:00", "published": "2015-12-17T12:00:00", "id": "XSA-155", "href": "http://xenbits.xen.org/xsa/advisory-155.html", "type": "xen", "title": "paravirtualized drivers incautious about shared memory contents", "cvss": {"score": 5.7, "vector": "AV:LOCAL/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}]}