fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.
{"redhatcve": [{"lastseen": "2021-06-24T23:45:11", "description": "fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.\n", "cvss3": {}, "published": "2016-12-15T20:21:52", "type": "redhatcve", "title": "CVE-2016-4581", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2016-4581"], "modified": "2020-08-21T18:49:23", "id": "RH:CVE-2016-4581", "href": "https://access.redhat.com/security/cve/cve-2016-4581", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-06-28T14:41:29", "description": "fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a\nmount propagation tree in a certain case involving a slave mount, which\nallows local users to cause a denial of service (NULL pointer dereference\nand OOPS) via a crafted series of mount system calls.\n\n#### Bugs\n\n * <https://launchpad.net/bugs/1581869>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-05-23T00:00:00", "type": "ubuntucve", "title": "CVE-2016-4581", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4581"], "modified": "2016-05-23T00:00:00", "id": "UB:CVE-2016-4581", "href": "https://ubuntu.com/security/CVE-2016-4581", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2023-06-03T14:34:59", "description": "fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-05-23T10:59:00", "type": "cve", "title": "CVE-2016-4581", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4581"], "modified": "2023-02-12T23:22:00", "cpe": ["cpe:/o:linux:linux_kernel:4.5.3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:oracle:linux:6"], "id": "CVE-2016-4581", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4581", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:34", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-a159c484e4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-4486", "CVE-2016-4485", "CVE-2016-4482"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808319", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-a159c484e4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808319\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:39:56 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4482\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-a159c484e4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a159c484e4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EXUBEDCHC3X4UZZSJYZWASEA6EDDRWGA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.4.9~200.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-ef973efab7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-4557", "CVE-2016-4486", "CVE-2016-4569", "CVE-2016-4558", "CVE-2016-4485"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-ef973efab7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808414\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:40:38 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-4569\", \"CVE-2016-4558\", \"CVE-2016-4557\", \"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-ef973efab7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-ef973efab7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPCQ5RJB72AYCRLNP3WS5GEP5BU3HS3C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.4~300.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T22:55:38", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2016-10-26T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2016-703)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4557", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4565"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120692", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120692", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120692\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2016-10-26 15:38:09 +0300 (Wed, 26 Oct 2016)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2016-703)\");\n script_tag(name:\"insight\", value:\"Multiple flaws were found in the Linux kernel. Please see the references for more information.\");\n script_tag(name:\"solution\", value:\"Run yum update kernel to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2016-703.html\");\n script_cve_id(\"CVE-2016-4557\", \"CVE-2016-3961\", \"CVE-2016-4581\", \"CVE-2016-4486\", \"CVE-2016-4485\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-0758\", \"CVE-2015-8839\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-devel\", rpm:\"kernel-tools-devel~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~4.4.10~22.54.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3005-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842794", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842794", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3005-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842794\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:17 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3005-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3005-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3005-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic-lpae\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-lowlatency\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-e500mc\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-smp\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-emb\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-smp\", ver:\"4.4.0-24.43~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-08T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-06f1572324", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4913", "CVE-2016-4581", "CVE-2016-4557", "CVE-2016-4486", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-4440", "CVE-2016-3713"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310808336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-06f1572324\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808336\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:47:54 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4913\", \"CVE-2016-4440\", \"CVE-2016-4569\", \"CVE-2016-4558\", \"CVE-2016-4557\", \"CVE-2016-4581\", \"CVE-2016-4485\", \"CVE-2016-4486\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-06f1572324\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-06f1572324\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LO4QW3EVM74ZTHMT4PLBBCB2IU6322L2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.5~201.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3007-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842786", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3007-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842786\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:29 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3007-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3007-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3007-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1012-raspi2\", ver:\"4.4.0-1012.16\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2989-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842779", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2989-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842779\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-02 05:21:18 +0200 (Thu, 02 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2187\",\n \t\t\"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\",\n\t\t\"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2989-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros\n L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O.\n A remote attacker could use this to obtain potentially sensitive information from\n kernel memory. (CVE-2016-2117)\n\n Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\n over wifi device drivers in the Linux kernel. A remote attacker could use\n this to cause a denial of service (system crash) or obtain potentially\n sensitive information from kernel memory. (CVE-2015-4004)\n\n Andy Lutomirski discovered a race condition in the Linux kernel's\n translation lookaside buffer (TLB) handling of flush events. A local\n attacker could use this to cause a denial of service or possibly leak\n sensitive information. (CVE-2016-2069)\n\n Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\n device driver did not properly validate endpoint descriptors. An attacker\n with physical access could use this to cause a denial of service (system\n crash). (CVE-2016-2187)\n\n Hector Marco and Ismael Ripoll discovered that the Linux kernel would\n improperly disable Address Space Layout Randomization (ASLR) for x86\n processes running in 32 bit mode if stack-consumption resource limits were\n disabled. A local attacker could use this to make it easier to exploit an\n existing vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\n Andrey Konovalov discovered that the CDC Network Control Model USB driver\n in the Linux kernel did not cancel work events queued if a later error\n occurred, resulting in a use-after-free. An attacker with physical access\n could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\n It was discovered that an out-of-bounds write could occur when handling\n incoming packets in the USB/IP implementation in the Linux kernel. A remote\n attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code. (CVE-2016-3955)\n\n Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\n Support implementations in the Linux kernel. A local attacker could use\n this to obtain potentially sensitive information from kernel memory.\n (CVE-2016-4485)\n\n Kangjie Lu discovered an information leak in the routing netlink socket\n interface (rtnetlink) implementation in the Linux kernel. A local attacker\n could use this to obtain potentially sensitive information from kernel\n memory. (CVE-2016-4486)\n\n It was discovered that in some situations the Linux kernel did not handle\n propagated mounts correctly. A local unprivileged attacker could use this\n to cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2989-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2989-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-generic\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-generic-lpae\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-lowlatency\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-e500\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-e500mc\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-smp\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc64-emb\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc64-smp\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3006-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2015-8839", "CVE-2016-4486", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-4558", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842790", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842790", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3006-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842790\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:26:12 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-8839\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3006-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file\nsystem. A local user could exploit this flaw to cause a denial of service\n(disk corruption) by writing to a page that is associated with a different\nusers file after unsynchronized hole punching and page-fault handling.\n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters on\nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to\ninfinite. A local unprivileged attacker could use to create a use-after-\nfree situation, causing a denial of service (system crash) or possibly gain\nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3006-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3006-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-generic-lpae\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-lowlatency\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-e500mc\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc-smp\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-emb\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-24-powerpc64-smp\", ver:\"4.4.0-24.43\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2998-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842797", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2998-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842797\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:28:01 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2998-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kerne ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2998-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2998-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic\", ver:\"3.13.0-88.135~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic-lpae\", ver:\"3.13.0-88.135~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-wily USN-3002-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-wily USN-3002-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842788\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:57 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-wily USN-3002-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-wily'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncou ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-wily on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3002-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3002-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic-lpae\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-lowlatency\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-e500mc\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-smp\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-emb\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-smp\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3004-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3004-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842787\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:42 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3004-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3004-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3004-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-1031-raspi2\", ver:\"4.2.0-1031.41\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3003-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3003-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842791\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:26:24 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3003-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3003-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3003-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic-lpae\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-lowlatency\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-e500mc\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-smp\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-emb\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-smp\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-3001-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-3001-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842796\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:47 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-3001-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\nco ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3001-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3001-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-generic\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-generic-lpae\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-lowlatency\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc-e500mc\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc-smp\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc64-emb\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc64-smp\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-3000-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-3689", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-3136", "CVE-2016-3140", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-3000-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842793\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:00 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-3000-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nMCT USB RS232 Converter device driver in the Linux kernel did not properly\nvalidate USB device descriptors. An attacker with physical access could use\nthis to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nCypress M8 USB device driver in the Linux kernel did not properly validate\nUSB device descriptors. An attacker with physical access could use this to\ncause a denial of service (system crash). (CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nLinux kernel's USB driver for Digi AccelePort serial converters did not\nproperly validate USB device descriptors. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger\nControl Unit devices did not properly validate the device's interfaces. An\nattacker with physical access could use this to cause a denial of service\n(system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CD ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3000-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3000-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-generic\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-generic-lpae\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-lowlatency\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc-e500mc\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc-smp\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc64-emb\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc64-smp\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:1641-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-4557", "CVE-2016-4951", "CVE-2016-4486", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4482", "CVE-2016-4578", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-3134"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851349", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851349", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851349\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-22 05:29:14 +0200 (Wed, 22 Jun 2016)\");\n script_cve_id(\"CVE-2013-7446\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\",\n \"CVE-2016-3134\", \"CVE-2016-3672\", \"CVE-2016-3955\", \"CVE-2016-4482\",\n \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4565\",\n \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\",\n \"CVE-2016-4805\", \"CVE-2016-4951\", \"CVE-2016-5244\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:1641-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does\n not allow it. This could have lead to local privilege escalation when\n ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allows local users to\n cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface. (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash,\n or spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in\n the Linux kernel did not verify socket existence, which allowed local\n users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a dumpit\n operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in function\n rds_inc_info_copy of file net/rds/recv.c was fixed that might have\n leaked kernel stack data. (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to\n obtain sensitive information from kernel stack memory via an X.25 Call\n Request. (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers\n in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the\n Linux kernel allowed local users to bypass intended AF_UNIX socket\n permissions or cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1641-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.26~21.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.26~21.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:36:44", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1534)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-5870", "CVE-2016-10723", "CVE-2016-10088", "CVE-2014-3688", "CVE-2017-1000252", "CVE-2013-7267", "CVE-2015-1421", "CVE-2016-0758", "CVE-2014-2851", "CVE-2017-18241", "CVE-2016-9576", "CVE-2017-9211", "CVE-2018-14619", "CVE-2015-1333", "CVE-2016-6786", "CVE-2017-16534", "CVE-2017-17807", "CVE-2017-14954", "CVE-2014-0077", "CVE-2018-11508"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191534", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191534", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1534\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-7267\", \"CVE-2014-0077\", \"CVE-2014-2851\", \"CVE-2014-3688\", \"CVE-2015-1333\", \"CVE-2015-1421\", \"CVE-2016-0758\", \"CVE-2016-10088\", \"CVE-2016-10723\", \"CVE-2016-4581\", \"CVE-2016-5870\", \"CVE-2016-6786\", \"CVE-2017-1000252\", \"CVE-2017-14954\", \"CVE-2017-16534\", \"CVE-2017-17807\", \"CVE-2017-18241\", \"CVE-2017-9211\", \"CVE-2018-11508\", \"CVE-2018-14619\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:07:32 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1534)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1534\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1534\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1534 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7267)\n\nfs/f2fs/segment.c in the Linux kernel allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.(CVE-2017-18241)\n\nfs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581)\n\ndrivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.(CVE-2014-0077)\n\nIt was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-10088)\n\n** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that 'the underlying problem is non-trivial to handle.'(CVE-2016-10723)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.(CVE-2016-0758)\n\nA flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled the association's output queue. A remote attacker c ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-11T15:45:07", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1494)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6787", "CVE-2016-7097", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-4913", "CVE-2016-4581", "CVE-2016-5696", "CVE-2016-6136", "CVE-2016-4569", "CVE-2016-6828", "CVE-2016-5829", "CVE-2016-6198", "CVE-2016-4997", "CVE-2016-6197", "CVE-2016-7039", "CVE-2016-5195", "CVE-2016-6786", "CVE-2016-4578", "CVE-2016-6327", "CVE-2016-4805", "CVE-2016-4580", "CVE-2016-4998", "CVE-2016-7042"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562311220191494", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191494", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1494\");\n script_version(\"2020-06-09T14:44:58+0000\");\n script_cve_id(\"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5195\", \"CVE-2016-5696\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6197\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-6828\", \"CVE-2016-7039\", \"CVE-2016-7042\", \"CVE-2016-7097\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 14:44:58 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1494)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1494\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1494\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1494 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in Linux kernel. There is an information leak in file 'sound/core/timer.c' of the latest mainline Linux kernel, the stack object thread has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak.(CVE-2016-4569)\n\nA vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object r1 has a total size of 32 bytes. Its field event and val both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized.(CVE-2016-4578)\n\nThe x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)\n\nfs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581)\n\nUse after free vulnerability was found in percpu using previously allocated memory in bpf. First __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed.(CVE-2016-4794)\n\nUse-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.(CVE-2016-4805)\n\nA vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb __copy_to_user() from a buffer allocated by __get_free_page().(CVE-2016-4913)\n\nA flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This fl ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2016:2574-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-3070", "CVE-2016-2069", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-2847", "CVE-2016-3156", "CVE-2015-8746", "CVE-2016-6136", "CVE-2015-8812", "CVE-2016-4569", "CVE-2015-8543", "CVE-2015-8374", "CVE-2016-3699", "CVE-2016-5829", "CVE-2016-6198", "CVE-2015-8956", "CVE-2013-4312", "CVE-2016-4578", "CVE-2016-5412", "CVE-2016-6327", "CVE-2016-3841", "CVE-2015-8844", "CVE-2016-2117", "CVE-2015-8845"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871708", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2016:2574-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871708\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:42:52 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\",\n \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\",\n \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\",\n \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\",\n \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\",\n \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\",\n \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2016:2574-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\n the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of service\n(use-after-free and system crash) via a crafted sendmsg system call.\n(CVE-2016-3841, Important)\n\n * Several Moderate and Low impact security issues were found in the Linux\nkernel. Space precludes documenting each of these issues in this advisory.\nRefer to the CVE links in the References section for a description of each\nof these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543,\nCVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069,\nCVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327,\nCVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384,\nCVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053 Tetsuo Handa for reporting CVE-2016-2847 the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117 and Linn Crosetto\n(HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by\nVenkatesh Pottem (Red Hat Engineering) the CVE-2015-8844 and CVE-2015-8845\nissues were discovered by Miroslav Vadkerti (Red Hat Engineering) the\nCVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat) the\nCVE-2016-6198 issue was discovered by CAI Qian (Red Hat) and the\nCVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2574-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:21", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice or information leaks.\n\nCVE-2015-7515,\nCVE-2016-2184,\nCVE-2016-2185,\nCVE-2016-2186,\nCVE-2016-2187,\nCVE-2016-3136,\nCVE-2016-3137,\nCVE-2016-3138,\nCVE-2016-3140\nRalf Spenneberg of OpenSource Security reported that various USB\ndrivers do not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-0821Solar Designer noted that the list poisoning\nfeature, intended\nto mitigate the effects of bugs in list manipulation in the\nkernel, used poison values within the range of virtual addresses\nthat can be allocated by user processes.\n\nCVE-2016-1237\nDavid Sinquin discovered that nfsd does not check permissions when\nsetting ACLs, allowing users to grant themselves permissions to a\nfile by setting the ACL.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3607-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2016-3070", "CVE-2016-4913", "CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-4569", "CVE-2016-0821", "CVE-2016-2184", "CVE-2016-5243", "CVE-2016-3951", "CVE-2016-3955", "CVE-2015-7515", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-1237", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-3157", "CVE-2016-4470", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-4998", "CVE-2016-3134"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703607", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703607", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3607.nasl 14279 2019-03-18 14:48:34Z cfischer $\n# Auto-generated from advisory DSA 3607-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703607\");\n script_version(\"$Revision: 14279 $\");\n script_cve_id(\"CVE-2015-7515\", \"CVE-2016-0821\", \"CVE-2016-1237\", \"CVE-2016-1583\",\n \"CVE-2016-2117\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-3070\", \"CVE-2016-3134\",\n \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3140\",\n \"CVE-2016-3156\", \"CVE-2016-3157\", \"CVE-2016-3672\", \"CVE-2016-3951\",\n \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4470\", \"CVE-2016-4482\",\n \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\",\n \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5243\",\n \"CVE-2016-5244\");\n script_name(\"Debian Security Advisory DSA 3607-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:48:34 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 00:00:00 +0200 (Tue, 28 Jun 2016)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3607.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 3.16.7-ckt25-2+deb8u2.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice or information leaks.\n\nCVE-2015-7515,\nCVE-2016-2184,\nCVE-2016-2185,\nCVE-2016-2186,\nCVE-2016-2187,\nCVE-2016-3136,\nCVE-2016-3137,\nCVE-2016-3138,\nCVE-2016-3140\nRalf Spenneberg of OpenSource Security reported that various USB\ndrivers do not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-0821Solar Designer noted that the list poisoning\nfeature, intended\nto mitigate the effects of bugs in list manipulation in the\nkernel, used poison values within the range of virtual addresses\nthat can be allocated by user processes.\n\nCVE-2016-1237\nDavid Sinquin discovered that nfsd does not check permissions when\nsetting ACLs, allowing users to grant themselves permissions to a\nfile by setting the ACL.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:55:05", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice or information leaks.\n\nCVE-2015-7515,\nCVE-2016-2184,\nCVE-2016-2185,\nCVE-2016-2186,\nCVE-2016-2187,\nCVE-2016-3136,\nCVE-2016-3137,\nCVE-2016-3138,\nCVE-2016-3140 \nRalf Spenneberg of OpenSource Security reported that various USB\ndrivers do not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-0821Solar Designer noted that the list poisoning \nfeature, intended\nto mitigate the effects of bugs in list manipulation in the\nkernel, used poison values within the range of virtual addresses\nthat can be allocated by user processes.\n\nCVE-2016-1237 \nDavid Sinquin discovered that nfsd does not check permissions when\nsetting ACLs, allowing users to grant themselves permissions to a\nfile by setting the ACL.\n\nCVE-2016-1583 \nJann Horn of Google Project Zero reported that the eCryptfs\nfilesystem could be used together with the proc filesystem to\ncause a kernel stack overflow. If the ecryptfs-utils package is\ninstalled, local users could exploit this, via the\nmount.ecryptfs_private program, for denial of service (crash) or\npossibly for privilege escalation.\n\nCVE-2016-2117 \nJustin Yackoski of Cryptonite discovered that the Atheros L2\nethernet driver incorrectly enables scatter/gather I/O. A remote\nattacker could take advantage of this flaw to obtain potentially\nsensitive information from kernel memory.\n\nCVE-2016-2143 \nMarcin Koscielnicki discovered that the fork implementation in the\nLinux kernel on s390 platforms mishandles the case of four\npage-table levels, which allows local users to cause a denial of\nservice (system crash).\n\nCVE-2016-3070 \nJan Stancek of Red Hat discovered a local denial of service\nvulnerability in AIO handling.\n\nCVE-2016-3134 \nThe Google Project Zero team found that the netfilter subsystem does\nnot sufficiently validate filter table entries. A user with the\nCAP_NET_ADMIN capability could use this for denial of service\n(crash) or possibly for privilege escalation. Debian disables\nunprivileged user namespaces by default, if locally enabled with the\nkernel.unprivileged_userns_clone sysctl, this allows privilege\nescalation.\n\nCVE-2016-3156 \nSolar Designer discovered that the IPv4 implementation in the Linux\nkernel did not perform the destruction of inet device objects\nproperly. An attacker in a guest OS could use this to cause a denial\nof service (networking outage) in the host OS.\n\nCVE-2016-3157 /\nXSA-171\n\nAndy Lutomirski discovered that the x86_64 (amd64) task switching\nimplementation did not correctly update the I/O permission level\nwhen running as a Xen paravirtual (PV) guest. In some\nconfigurations this would allow local users to cause a denial of\nservice (crash) or to escalate their privileges within the guest.\n\nCVE-2016-3672 \nHector Marco and Ismael Ripoll noted that it was possible to disable\nAddress Space Layout Randomisation (ASLR) for x86_32 (i386) programs\nby removing the stack resource limit. This made it easier for local\nusers to exploit security flaws in programs that have the setuid or\nsetgid flag set.\n\nCVE-2016-3951 \nIt was discovered that the cdc_ncm driver would free memory\nprematurely if certain errors occurred during its initialisation.\nThis allowed a physically present user with a specially designed\nUSB device to cause a denial of service (crash) or possibly to\nescalate their privileges.\n\nCVE-2016-3955 \nIgnat Korchagin reported that the usbip subsystem did not check\nthe length of data received for a USB buffer. This allowed denial\nof service (crash) or privilege escalation on a system configured\nas a usbip client, by the usbip server or by an attacker able to\nimpersonate it over the network. A system configured as a usbip\nserver might be similarly vulnerable to physically present users.\n\nCVE-2016-3961 /\nXSA-174\n\nVitaly Kuznetsov of Red Hat discovered that Linux allowed the use of\nhugetlbfs on x86 (i386 and amd64) systems even when running as a Xen\nparavirtualised (PV) guest, although Xen does not support huge\npages. This allowed users with access to /dev/hugepages to cause a\ndenial of service (crash) in the guest.\n\nCVE-2016-4470 \nDavid Howells of Red Hat discovered that a local user can trigger a\nflaw in the Linux kernel", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3607-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2016-3070", "CVE-2016-4913", "CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-4569", "CVE-2016-0821", "CVE-2016-2184", "CVE-2016-5243", "CVE-2016-3951", "CVE-2016-3955", "CVE-2015-7515", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-1237", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-3157", "CVE-2016-4470", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-4998", "CVE-2016-3134"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703607", "href": "http://plugins.openvas.org/nasl.php?oid=703607", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3607.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3607-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703607);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2015-7515\", \"CVE-2016-0821\", \"CVE-2016-1237\", \"CVE-2016-1583\",\n \"CVE-2016-2117\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-3070\", \"CVE-2016-3134\",\n \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3140\",\n \"CVE-2016-3156\", \"CVE-2016-3157\", \"CVE-2016-3672\", \"CVE-2016-3951\",\n \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4470\", \"CVE-2016-4482\",\n \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\",\n \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5243\",\n \"CVE-2016-5244\");\n script_name(\"Debian Security Advisory DSA 3607-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-06-28 00:00:00 +0200 (Tue, 28 Jun 2016)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3607.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 3.16.7-ckt25-2+deb8u2.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice or information leaks.\n\nCVE-2015-7515,\nCVE-2016-2184,\nCVE-2016-2185,\nCVE-2016-2186,\nCVE-2016-2187,\nCVE-2016-3136,\nCVE-2016-3137,\nCVE-2016-3138,\nCVE-2016-3140 \nRalf Spenneberg of OpenSource Security reported that various USB\ndrivers do not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB\ndevice to cause a denial of service (crash).\n\nCVE-2016-0821Solar Designer noted that the list poisoning \nfeature, intended\nto mitigate the effects of bugs in list manipulation in the\nkernel, used poison values within the range of virtual addresses\nthat can be allocated by user processes.\n\nCVE-2016-1237 \nDavid Sinquin discovered that nfsd does not check permissions when\nsetting ACLs, allowing users to grant themselves permissions to a\nfile by setting the ACL.\n\nCVE-2016-1583 \nJann Horn of Google Project Zero reported that the eCryptfs\nfilesystem could be used together with the proc filesystem to\ncause a kernel stack overflow. If the ecryptfs-utils package is\ninstalled, local users could exploit this, via the\nmount.ecryptfs_private program, for denial of service (crash) or\npossibly for privilege escalation.\n\nCVE-2016-2117 \nJustin Yackoski of Cryptonite discovered that the Atheros L2\nethernet driver incorrectly enables scatter/gather I/O. A remote\nattacker could take advantage of this flaw to obtain potentially\nsensitive information from kernel memory.\n\nCVE-2016-2143 \nMarcin Koscielnicki discovered that the fork implementation in the\nLinux kernel on s390 platforms mishandles the case of four\npage-table levels, which allows local users to cause a denial of\nservice (system crash).\n\nCVE-2016-3070 \nJan Stancek of Red Hat discovered a local denial of service\nvulnerability in AIO handling.\n\nCVE-2016-3134 \nThe Google Project Zero team found that the netfilter subsystem does\nnot sufficiently validate filter table entries. A user with the\nCAP_NET_ADMIN capability could use this for denial of service\n(crash) or possibly for privilege escalation. Debian disables\nunprivileged user namespaces by default, if locally enabled with the\nkernel.unprivileged_userns_clone sysctl, this allows privilege\nescalation.\n\nCVE-2016-3156 \nSolar Designer discovered that the IPv4 implementation in the Linux\nkernel did not perform the destruction of inet device objects\nproperly. An attacker in a guest OS could use this to cause a denial\nof service (networking outage) in the host OS.\n\nCVE-2016-3157 /\nXSA-171\n\nAndy Lutomirski discovered that the x86_64 (amd64) task switching\nimplementation did not correctly update the I/O permission level\nwhen running as a Xen paravirtual (PV) guest. In some\nconfigurations this would allow local users to cause a denial of\nservice (crash) or to escalate their privileges within the guest.\n\nCVE-2016-3672 \nHector Marco and Ismael Ripoll noted that it was possible to disable\nAddress Space Layout Randomisation (ASLR) for x86_32 (i386) programs\nby removing the stack resource limit. This made it easier for local\nusers to exploit security flaws in programs that have the setuid or\nsetgid flag set.\n\nCVE-2016-3951 \nIt was discovered that the cdc_ncm driver would free memory\nprematurely if certain errors occurred during its initialisation.\nThis allowed a physically present user with a specially designed\nUSB device to cause a denial of service (crash) or possibly to\nescalate their privileges.\n\nCVE-2016-3955 \nIgnat Korchagin reported that the usbip subsystem did not check\nthe length of data received for a USB buffer. This allowed denial\nof service (crash) or privilege escalation on a system configured\nas a usbip client, by the usbip server or by an attacker able to\nimpersonate it over the network. A system configured as a usbip\nserver might be similarly vulnerable to physically present users.\n\nCVE-2016-3961 /\nXSA-174\n\nVitaly Kuznetsov of Red Hat discovered that Linux allowed the use of\nhugetlbfs on x86 (i386 and amd64) systems even when running as a Xen\nparavirtualised (PV) guest, although Xen does not support huge\npages. This allowed users with access to /dev/hugepages to cause a\ndenial of service (crash) in the guest.\n\nCVE-2016-4470 \nDavid Howells of Red Hat discovered that a local user can trigger a\nflaw in the Linux kernel's handling of key lookups in the keychain\nsubsystem, leading to a denial of service (crash) or possibly to\nprivilege escalation.\n\nCVE-2016-4482,\nCVE-2016-4485,\nCVE-2016-4486,\nCVE-2016-4569,\nCVE-2016-4578,\nCVE-2016-4580,\nCVE-2016-5243,\nCVE-2016-5244 \nKangjie Lu reported that the USB devio, llc, rtnetlink, ALSA\ntimer, x25, tipc, and rds facilities leaked information from the\nkernel stack.\n\nCVE-2016-4565 \nJann Horn of Google Project Zero reported that various components\nin the InfiniBand stack implemented unusual semantics for the\nwrite() operation. On a system with InfiniBand drivers loaded,\nlocal users could use this for denial of service or privilege\nescalation.\n\nCVE-2016-4581 \nTycho Andersen discovered that in some situations the Linux kernel\ndid not handle propagated mounts correctly. A local user can take\nadvantage of this flaw to cause a denial of service (system crash).\n\nCVE-2016-4805 \nBaozeng Ding discovered a use-after-free in the generic PPP layer in\nthe Linux kernel. A local user can take advantage of this flaw to\ncause a denial of service (system crash), or potentially escalate\ntheir privileges.\n\nCVE-2016-4913 \nAl Viro found that the ISO9660 filesystem implementation did not\ncorrectly count the length of certain invalid name entries.\nReading a directory containing such name entries would leak\ninformation from kernel memory. Users permitted to mount disks or\ndisk images could use this to obtain sensitive information.\n\nCVE-2016-4997 /\nCVE-2016-4998 \nJesse Hertz and Tim Newsham discovered that missing input sanitising\nin Netfilter socket handling may result in denial of service. Debian\ndisables unprivileged user namespaces by default, if locally enabled\nwith the kernel.unprivileged_userns_clone sysctl, this also allows\nprivilege escalation.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt25-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-03-14T18:56:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2144-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-2782", "CVE-2016-5244", "CVE-2016-2543", "CVE-2015-3288", "CVE-2016-4913", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-3689", "CVE-2016-2847", "CVE-2016-2548", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-2186", "CVE-2014-9904", "CVE-2016-2187", "CVE-2015-6526", "CVE-2016-2547", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-0758", "CVE-2015-8812", "CVE-2016-2544", "CVE-2016-4569", "CVE-2016-2184", "CVE-2015-8830", "CVE-2012-6701", "CVE-2016-3951", "CVE-2016-3137", "CVE-2016-5829", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-2545", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2546", "CVE-2015-7566", "CVE-2016-2549", "CVE-2016-4578", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-4805", "CVE-2013-7446", "CVE-2016-4470", "CVE-2015-8709", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2015-8785", "CVE-2016-3134", "CVE-2016-2188"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851386", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851386", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851386\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-25 05:40:38 +0200 (Thu, 25 Aug 2016)\");\n script_cve_id(\"CVE-2012-6701\", \"CVE-2013-7446\", \"CVE-2014-9904\", \"CVE-2015-3288\",\n \"CVE-2015-6526\", \"CVE-2015-7566\", \"CVE-2015-8709\", \"CVE-2015-8785\",\n \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0758\",\n \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2188\", \"CVE-2016-2384\",\n \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\",\n \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\",\n \"CVE-2016-2847\", \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\",\n \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\",\n \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-4470\",\n \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\",\n \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\",\n \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-5244\",\n \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2144-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.2 kernel was updated to fix various bugs and security\n issues.\n\n The following security bugs were fixed:\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does\n not allow it. This could have lead to local privilege escalation when\n ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c\n in the Linux kernel mishandles NM (aka alternate name) entries\n containing \\0 characters, which allowed local users to obtain sensitive\n information from kernel memory or possibly have unspecified other impact\n via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call Request\n (bnc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers\n in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971919 971944).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401\n bsc#978445).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548\n bsc#980363).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2144-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch\", rpm:\"bbswitch~0.8~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-debugsource\", rpm:\"bbswitch-debugsource~0.8~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-default\", rpm:\"bbswitch-kmp-default~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-default-debuginfo\", rpm:\"bbswitch-kmp-default-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-desktop\", rpm:\"bbswitch-kmp-desktop~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-desktop-debuginfo\", rpm:\"bbswitch-kmp-desktop-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-xen\", rpm:\"bbswitch-kmp-xen~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-xen-debuginfo\", rpm:\"bbswitch-kmp-xen-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.8~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.23~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20140629~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-\", rpm:\"vhba-kmp-default~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo-\", rpm:\"vhba-kmp-default-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-\", rpm:\"vhba-kmp-desktop~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo-\", rpm:\"vhba-kmp-desktop-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-\", rpm:\"vhba-kmp-xen~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo-\", rpm:\"vhba-kmp-xen-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.6~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.4.4_02_k3.16.7_42~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.4.4_02~46.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.16.7~42.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-desktop-icons\", rpm:\"virtualbox-guest-desktop-icons~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~5.0.20~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-pae\", rpm:\"bbswitch-kmp-pae~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bbswitch-kmp-pae-debuginfo\", rpm:\"bbswitch-kmp-pae-debuginfo~0.8_k3.16.7_42~3.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.16.7_42~14.20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.8_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.16.7_42~18.21.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.23_k3.16.7_42~20.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.16.7_42~260.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-\", rpm:\"vhba-kmp-pae~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo-\", rpm:\"vhba-kmp-pae-debuginfo~20140629_k3.16.7_42~2.20.2\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~5.0.20_k3.16.7_42~48.5\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.6_k3.16.7_42~22.3\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.16.7~42.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-05-16T14:56:10", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: kernel-4.4.9-200.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2016-05-16T14:56:10", "id": "FEDORA:16FBC6173444", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EXUBEDCHC3X4UZZSJYZWASEA6EDDRWGA/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-05-14T23:33:19", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.5.4-300.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581"], "modified": "2016-05-14T23:33:19", "id": "FEDORA:3BDA3607A1A6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HPCQ5RJB72AYCRLNP3WS5GEP5BU3HS3C/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-02T15:04:03", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.5.5-201.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0758", "CVE-2016-3713", "CVE-2016-4440", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581", "CVE-2016-4913"], "modified": "2016-06-02T15:04:03", "id": "FEDORA:0A72361F0A0B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LO4QW3EVM74ZTHMT4PLBBCB2IU6322L2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:25:21", "description": "The 4.4.9 update contains an number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 22 : kernel (2016-a159c484e4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2016-A159C484E4.NASL", "href": "https://www.tenable.com/plugins/nessus/92133", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a159c484e4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92133);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"FEDORA\", value:\"2016-a159c484e4\");\n\n script_name(english:\"Fedora 22 : kernel (2016-a159c484e4)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.4.9 update contains an number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a159c484e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-a159c484e4\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"kernel-4.4.9-200.fc22\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:00", "description": "The 4.5.4 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2016-ef973efab7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-EF973EFAB7.NASL", "href": "https://www.tenable.com/plugins/nessus/92195", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ef973efab7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92195);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\");\n script_xref(name:\"FEDORA\", value:\"2016-ef973efab7\");\n\n script_name(english:\"Fedora 24 : kernel (2016-ef973efab7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.5.4 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ef973efab7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-ef973efab7\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.5.4-300.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:10", "description": "The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. (CVE-2016-3961 / XSA-174)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758)\n\nMultiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nThe following flaws were also fixed in this version :\n\nCVE-2016-4557 : Use after free vulnerability via double fdput\n\nCVE-2016-4581 : Slave being first propagated copy causes oops in propagate_mnt\n\nCVE-2016-4486 : Information leak in rtnetlink\n\nCVE-2016-4485 : Information leak in llc module\n\nCVE-2016-4558 : bpf: refcnt overflow\n\nCVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko\n\nCVE-2016-0758 : tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()\n\nCVE-2015-8839 : ext4 filesystem page fault race condition with fallocate call.", "cvss3": {}, "published": "2016-05-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2016-703)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2016-0758", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-703.NASL", "href": "https://www.tenable.com/plugins/nessus/91241", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-703.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91241);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-0758\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"ALAS\", value:\"2016-703\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2016-703)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux kernel did not properly suppress hugetlbfs support in x86 PV\nguests, which could allow local PV guest users to cause a denial of\nservice (guest OS crash) by attempting to access a hugetlbfs mapped\narea. (CVE-2016-3961 / XSA-174)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder\nprocessed certain certificate files with tags of indefinite length. A\nlocal, unprivileged user could use a specially crafted X.509\ncertificate DER file to crash the system or, potentially, escalate\ntheir privileges on the system. (CVE-2016-0758)\n\nMultiple race conditions in the ext4 filesystem implementation in the\nLinux kernel before 4.5 allow local users to cause a denial of service\n(disk corruption) by writing to a page that is associated with a\ndifferent user's file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nThe following flaws were also fixed in this version :\n\nCVE-2016-4557 : Use after free vulnerability via double fdput\n\nCVE-2016-4581 : Slave being first propagated copy causes oops in\npropagate_mnt\n\nCVE-2016-4486 : Information leak in rtnetlink\n\nCVE-2016-4485 : Information leak in llc module\n\nCVE-2016-4558 : bpf: refcnt overflow\n\nCVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel\nmemory using rdma_ucm.ko\n\nCVE-2016-0758 : tags with indefinite length can corrupt pointers in\nasn1_find_indefinite_length()\n\nCVE-2015-8839 : ext4 filesystem page fault race condition with\nfallocate call.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-703.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.10-22.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.10-22.54.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:38", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3005-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3005-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91567", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3005-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91567);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3005-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3005-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3005-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-generic,\nlinux-image-4.4-generic-lpae and / or linux-image-4.4-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3005-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-generic\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-generic-lpae\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-24-lowlatency\", pkgver:\"4.4.0-24.43~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:54", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3007-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3007-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91569", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3007-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91569);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3007-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3007-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3007-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.4-raspi2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3007-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1012-raspi2\", pkgver:\"4.4.0-1012.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:07:55", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file system. A local user could exploit this flaw to cause a denial of service (disk corruption) by writing to a page that is associated with a different users file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) implementation in the Linux kernel could overflow reference counters on systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to infinite. A local unprivileged attacker could use to create a use-after- free situation, causing a denial of service (system crash) or possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux vulnerabilities (USN-3006-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3006-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3006-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91568);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3006-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux vulnerabilities (USN-3006-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4\nfile system. A local user could exploit this flaw to cause a denial of\nservice (disk corruption) by writing to a page that is associated with\na different users file after unsynchronized hole punching and\npage-fault handling. (CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF)\nimplementation in the Linux kernel could overflow reference counters\non systems with more than 32GB of physical ram and with RLIMIT_MEMLOCK\nset to infinite. A local unprivileged attacker could use to create a\nuse-after- free situation, causing a denial of service (system crash)\nor possibly gain administrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3006-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.4-generic,\nlinux-image-4.4-generic-lpae and / or linux-image-4.4-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8839\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4558\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3006-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-generic\", pkgver:\"4.4.0-24.43\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-generic-lpae\", pkgver:\"4.4.0-24.43\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-24-lowlatency\", pkgver:\"4.4.0-24.43\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:56", "description": "The 4.5.5 stable update contains a number of important fixes across the tree.\n\n----\n\nThe 4.5.4 stable update contains a number of important fixes across the tree.\n\n----\n\nThe 4.5.3 stable rebase contains enhanced hardware support, additional features, and a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel (2016-06f1572324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-0758", "CVE-2016-3713", "CVE-2016-4440", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4569", "CVE-2016-4581", "CVE-2016-4913"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-06F1572324.NASL", "href": "https://www.tenable.com/plugins/nessus/92055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-06f1572324.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92055);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4440\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\", \"CVE-2016-4913\");\n script_xref(name:\"FEDORA\", value:\"2016-06f1572324\");\n\n script_name(english:\"Fedora 23 : kernel (2016-06f1572324)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.5.5 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.5.4 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.5.3 stable rebase contains enhanced hardware support, additional\nfeatures, and a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-06f1572324\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-0758\", \"CVE-2016-3713\", \"CVE-2016-4440\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4558\", \"CVE-2016-4569\", \"CVE-2016-4581\", \"CVE-2016-4913\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-06f1572324\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.5.5-201.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:56:54", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2989-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2989-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91425);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"2989-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2989-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2989-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-generic\", pkgver:\"3.13.0-87.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-generic-lpae\", pkgver:\"3.13.0-87.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-lowlatency\", pkgver:\"3.13.0-87.133\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:59:53", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2998-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2998-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91560);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"2998-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2998-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2998-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-88-generic\", pkgver:\"3.13.0-88.135~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-88-generic-lpae\", pkgver:\"3.13.0-88.135~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:59:54", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3004-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-3004-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3004-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91566);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3004-1\");\n\n script_name(english:\"Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3004-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3004-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected linux-image-4.2-raspi2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3004-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-1031-raspi2\", pkgver:\"4.2.0-1031.41\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:59:53", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-3003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3003-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91565);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3003-1\");\n\n script_name(english:\"Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3003-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3003-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-generic\", pkgver:\"4.2.0-38.45\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-generic-lpae\", pkgver:\"4.2.0-38.45\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-lowlatency\", pkgver:\"4.2.0-38.45\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:58:48", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3002-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3002-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3002-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91564);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3002-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3002-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3002-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3002-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-generic\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-generic-lpae\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-lowlatency\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T14:59:53", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3001-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3001-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91563", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3001-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91563);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3001-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3001-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3001-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3001-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-generic\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-generic-lpae\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-lowlatency\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-16T15:00:19", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash).\n(CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3000-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-3689", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3000-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3000-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91562);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3000-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3000-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the MCT USB RS232 Converter device driver in the Linux kernel did\nnot properly validate USB device descriptors. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the Cypress M8 USB device driver in the Linux kernel did not\nproperly validate USB device descriptors. An attacker with physical\naccess could use this to cause a denial of service (system crash).\n(CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the Linux kernel's USB driver for Digi AccelePort serial\nconverters did not properly validate USB device descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger\nControl Unit devices did not properly validate the device's\ninterfaces. An attacker with physical access could use this to cause a\ndenial of service (system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3000-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3000-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-generic\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-generic-lpae\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-lowlatency\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:48", "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.\n (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel did not verify socket existence, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in function rds_inc_info_copy of file net/rds/recv.c was fixed that might have leaked kernel stack data.\n (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.\n (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).\n\n - CVE-2016-4482: A kernel information leak in the usbfs devio connectinfo was fixed, which could expose kernel stack memory to userspace. (bnc#978401).\n\n - CVE-2016-4485: A kernel information leak in llc was fixed (bsc#978821).\n\n - CVE-2016-4486: A kernel information leak in rtnetlink was fixed, where 4 uninitialized bytes could leak to userspace (bsc#978822).\n\n - CVE-2016-4557: A use-after-free via double-fdput in replace_map_fd_with_map_ptr() was fixed, which could allow privilege escalation (bsc#979018).\n\n - CVE-2016-4565: When the 'rdma_ucm' infiniband module is loaded, local attackers could escalate their privileges (bsc#979548).\n\n - CVE-2016-4569: A kernel information leak in the ALSA timer via events via snd_timer_user_tinterrupt that could leak information to userspace was fixed (bsc#979213).\n\n - CVE-2016-4578: A kernel information leak in the ALSA timer via events that could leak information to userspace was fixed (bsc#979879).\n\n - CVE-2016-4581: If the first propogated mount copy was being a slave it could oops the kernel (bsc#979913)\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add dock support for ThinkPad X260 (boo#979278).\n\n - ALSA: hda - Apply fix for white noise on Asus N550JV, too (boo#979278).\n\n - ALSA: hda - Asus N750JV external subwoofer fixup (boo#979278).\n\n - ALSA: hda - Fix broken reconfig (boo#979278).\n\n - ALSA: hda - Fix headphone mic input on a few Dell ALC293 machines (boo#979278).\n\n - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551 (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus N750JV headphone (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus UX501VW headset (boo#979278).\n\n - ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m (boo#979278).\n\n - ALSA: hda/realtek - New codecs support for ALC234/ALC274/ALC294 (boo#979278).\n\n - ALSA: hda/realtek - New codec support of ALC225 (boo#979278).\n\n - ALSA: hda/realtek - Support headset mode for ALC225 (boo#979278).\n\n - ALSA: pcxhr: Fix missing mutex unlock (boo#979278).\n\n - ALSA: usb-audio: Quirk for yet another Phoenix Audio devices (v2) (boo#979278).\n\n - bluetooth: fix power_on vs close race (bsc#966849).\n\n - bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).\n\n - btrfs: do not use src fd for printk (bsc#980348).\n\n - btrfs: fix crash/invalid memory access on fsync when using overlayfs (bsc#977198)\n\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - fs: add file_dentry() (bsc#977198).\n\n - IB/IPoIB: Do not set skb truesize since using one linearskb (bsc#980657).\n\n - input: i8042 - lower log level for 'no controller' message (bsc#945345).\n\n - kabi: Add kabi/severities entries to ignore sound/hda/*, x509_*, efivar_validate, file_open_root and dax_fault\n\n - kabi: Add some fixups (module, pci_dev, drm, fuse and thermal)\n\n - kabi: file_dentry changes (bsc#977198).\n\n - kABI fixes for 4.1.22\n\n - mm/page_alloc.c: calculate 'available' memory in a separate function (bsc#982239).\n\n - net: disable fragment reassembly if high_thresh is zero (bsc#970506).\n\n - of: iommu: Silence misleading warning.\n\n - pstore_register() error handling was wrong -- it tried to release lock before it's acquired, causing spinlock / preemption imbalance. - usb: quirk to stop runtime PM for Intel 7260 (bnc#984460).\n\n - Revert 'usb: hub: do not clear BOS field during reset device' (boo#979728).\n\n - usb: core: hub: hub_port_init lock controller instead of bus (bnc#978073).\n\n - usb: preserve kABI in address0 locking (bnc#978073).\n\n - usb: usbip: fix potential out-of-bounds write (bnc#975945).\n\n - USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982712).\n\n - virtio_balloon: do not change memory amount visible via /proc/meminfo (bsc#982238).\n\n - virtio_balloon: export 'available' memory to balloon statistics (bsc#982239).", "cvss3": {}, "published": "2016-06-22T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7446", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-3134", "CVE-2016-3672", "CVE-2016-3955", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4951", "CVE-2016-5244"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-753.NASL", "href": "https://www.tenable.com/plugins/nessus/91736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-753.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91736);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-7446\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3134\", \"CVE-2016-3672\", \"CVE-2016-3955\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4557\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\", \"CVE-2016-4951\", \"CVE-2016-5244\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)\");\n script_summary(english:\"Check for the openSUSE-2016-753 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel was updated to 4.1.26 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower\n file system does not allow it. This could have lead to\n local privilege escalation when ecryptfs-utils was\n installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relies on the write system\n call, which allows local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface.\n (bsc#979548)\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (bsc#980371).\n\n - CVE-2016-4951: The tipc_nl_publ_dump function in\n net/tipc/socket.c in the Linux kernel did not verify\n socket existence, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n dumpit operation. (bsc#981058).\n\n - CVE-2016-5244: An information leak vulnerability in\n function rds_inc_info_copy of file net/rds/recv.c was\n fixed that might have leaked kernel stack data.\n (bsc#983213).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not\n properly initialize a certain data structure, which\n allowed attackers to obtain sensitive information from\n kernel stack memory via an X.25 Call Request.\n (bsc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have\n corrupted pointers in asn1_find_indefinite_length\n (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-4482: A kernel information leak in the usbfs\n devio connectinfo was fixed, which could expose kernel\n stack memory to userspace. (bnc#978401).\n\n - CVE-2016-4485: A kernel information leak in llc was\n fixed (bsc#978821).\n\n - CVE-2016-4486: A kernel information leak in rtnetlink\n was fixed, where 4 uninitialized bytes could leak to\n userspace (bsc#978822).\n\n - CVE-2016-4557: A use-after-free via double-fdput in\n replace_map_fd_with_map_ptr() was fixed, which could\n allow privilege escalation (bsc#979018).\n\n - CVE-2016-4565: When the 'rdma_ucm' infiniband module is\n loaded, local attackers could escalate their privileges\n (bsc#979548).\n\n - CVE-2016-4569: A kernel information leak in the ALSA\n timer via events via snd_timer_user_tinterrupt that\n could leak information to userspace was fixed\n (bsc#979213).\n\n - CVE-2016-4578: A kernel information leak in the ALSA\n timer via events that could leak information to\n userspace was fixed (bsc#979879).\n\n - CVE-2016-4581: If the first propogated mount copy was\n being a slave it could oops the kernel (bsc#979913)\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Add dock support for ThinkPad X260\n (boo#979278).\n\n - ALSA: hda - Apply fix for white noise on Asus N550JV,\n too (boo#979278).\n\n - ALSA: hda - Asus N750JV external subwoofer fixup\n (boo#979278).\n\n - ALSA: hda - Fix broken reconfig (boo#979278).\n\n - ALSA: hda - Fix headphone mic input on a few Dell ALC293\n machines (boo#979278).\n\n - ALSA: hda - Fix subwoofer pin on ASUS N751 and N551\n (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus N750JV headphone\n (boo#979278).\n\n - ALSA: hda - Fix white noise on Asus UX501VW headset\n (boo#979278).\n\n - ALSA: hda/realtek - Add ALC3234 headset mode for\n Optiplex 9020m (boo#979278).\n\n - ALSA: hda/realtek - New codecs support for\n ALC234/ALC274/ALC294 (boo#979278).\n\n - ALSA: hda/realtek - New codec support of ALC225\n (boo#979278).\n\n - ALSA: hda/realtek - Support headset mode for ALC225\n (boo#979278).\n\n - ALSA: pcxhr: Fix missing mutex unlock (boo#979278).\n\n - ALSA: usb-audio: Quirk for yet another Phoenix Audio\n devices (v2) (boo#979278).\n\n - bluetooth: fix power_on vs close race (bsc#966849).\n\n - bluetooth: vhci: fix open_timeout vs. hdev race\n (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: Fix race at creating hci device\n (bsc#971799,bsc#966849).\n\n - bluetooth: vhci: purge unhandled skbs\n (bsc#971799,bsc#966849).\n\n - btrfs: do not use src fd for printk (bsc#980348).\n\n - btrfs: fix crash/invalid memory access on fsync when\n using overlayfs (bsc#977198)\n\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - fs: add file_dentry() (bsc#977198).\n\n - IB/IPoIB: Do not set skb truesize since using one\n linearskb (bsc#980657).\n\n - input: i8042 - lower log level for 'no controller'\n message (bsc#945345).\n\n - kabi: Add kabi/severities entries to ignore sound/hda/*,\n x509_*, efivar_validate, file_open_root and dax_fault\n\n - kabi: Add some fixups (module, pci_dev, drm, fuse and\n thermal)\n\n - kabi: file_dentry changes (bsc#977198).\n\n - kABI fixes for 4.1.22\n\n - mm/page_alloc.c: calculate 'available' memory in a\n separate function (bsc#982239).\n\n - net: disable fragment reassembly if high_thresh is zero\n (bsc#970506).\n\n - of: iommu: Silence misleading warning.\n\n - pstore_register() error handling was wrong -- it tried\n to release lock before it's acquired, causing spinlock /\n preemption imbalance. - usb: quirk to stop runtime PM\n for Intel 7260 (bnc#984460).\n\n - Revert 'usb: hub: do not clear BOS field during reset\n device' (boo#979728).\n\n - usb: core: hub: hub_port_init lock controller instead of\n bus (bnc#978073).\n\n - usb: preserve kABI in address0 locking (bnc#978073).\n\n - usb: usbip: fix potential out-of-bounds write\n (bnc#975945).\n\n - USB: xhci: Add broken streams quirk for Frescologic\n device id 1009 (bnc#982712).\n\n - virtio_balloon: do not change memory amount visible via\n /proc/meminfo (bsc#982238).\n\n - virtio_balloon: export 'available' memory to balloon\n statistics (bsc#982239).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984460\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux BPF doubleput UAF Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.26-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.26-21.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.26-21.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.26-21.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-09-01T00:39:14", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7267i1/4%0\n\n - fs/f2fs/segment.c in the Linux kernel allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.(CVE-2017-18241i1/4%0\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581i1/4%0\n\n - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.(CVE-2014-0077i1/4%0\n\n - It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-10088i1/4%0\n\n - ** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that 'the underlying problem is non-trivial to handle.'(CVE-2016-10723i1/4%0\n\n - A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.(CVE-2016-0758i1/4%0\n\n - A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service.(CVE-2014-3688i1/4%0\n\n - A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.(CVE-2014-2851i1/4%0\n\n - The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.(CVE-2018-11508i1/4%0\n\n - The cdc_parse_cdc_header() function in 'drivers/usb/core/message.c' in the Linux kernel, before 4.13.6, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-16534i1/4%0\n\n - A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The 'null skcipher' was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.(CVE-2018-14619i1/4%0\n\n - The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.(CVE-2017-9211i1/4%0\n\n - kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111.(CVE-2016-6786i1/4%0\n\n - The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it.(CVE-2017-17807i1/4%0\n\n - A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.(CVE-2015-1421i1/4%0\n\n - The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases. This can allow local users to obtain sensitive information and bypass the KASLR protection mechanism via a crafted system call.(CVE-2017-14954i1/4%0\n\n - It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system.(CVE-2015-1333i1/4%0\n\n - The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact by triggering failure of an accept system call for an AF_MSM_IPC socket.(CVE-2016-5870i1/4%0\n\n - A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (i1/4z1024) index value.(CVE-2017-1000252i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7267", "CVE-2014-0077", "CVE-2014-2851", "CVE-2014-3688", "CVE-2015-1333", "CVE-2015-1421", "CVE-2016-0758", "CVE-2016-10088", "CVE-2016-10723", "CVE-2016-4581", "CVE-2016-5870", "CVE-2016-6786", "CVE-2017-1000252", "CVE-2017-14954", "CVE-2017-16534", "CVE-2017-17807", "CVE-2017-18241", "CVE-2017-9211", "CVE-2018-11508", "CVE-2018-14619"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1534.NASL", "href": "https://www.tenable.com/plugins/nessus/124987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124987);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2013-7267\",\n \"CVE-2014-0077\",\n \"CVE-2014-2851\",\n \"CVE-2014-3688\",\n \"CVE-2015-1333\",\n \"CVE-2015-1421\",\n \"CVE-2016-0758\",\n \"CVE-2016-10088\",\n \"CVE-2016-10723\",\n \"CVE-2016-4581\",\n \"CVE-2016-5870\",\n \"CVE-2016-6786\",\n \"CVE-2017-1000252\",\n \"CVE-2017-14954\",\n \"CVE-2017-16534\",\n \"CVE-2017-17807\",\n \"CVE-2017-18241\",\n \"CVE-2017-9211\",\n \"CVE-2018-11508\",\n \"CVE-2018-14619\"\n );\n script_bugtraq_id(\n 64739,\n 66678,\n 66779,\n 70768,\n 72356\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The atalk_recvmsg function in net/appletalk/ddp.c in\n the Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data\n structure has been initialized, which allows local\n users to obtain sensitive information from kernel\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call.(CVE-2013-7267i1/4%0\n\n - fs/f2fs/segment.c in the Linux kernel allows local\n users to cause a denial of service (NULL pointer\n dereference and panic) by using a noflush_merge option\n that triggers a NULL value for a flush_cmd_control data\n structure.(CVE-2017-18241i1/4%0\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not\n properly traverse a mount propagation tree in a certain\n case involving a slave mount, which allows local users\n to cause a denial of service (NULL pointer dereference\n and OOPS) via a crafted series of mount system\n calls.(CVE-2016-4581i1/4%0\n\n - drivers/vhost/net.c in the Linux kernel before 3.13.10,\n when mergeable buffers are disabled, does not properly\n validate packet lengths, which allows guest OS users to\n cause a denial of service (memory corruption and host\n OS crash) or possibly gain privileges on the host OS\n via crafted packets, related to the handle_rx and\n get_rx_bufs functions.(CVE-2014-0077i1/4%0\n\n - It was found that the fix for CVE-2016-9576 was\n incomplete: the Linux kernel's sg implementation did\n not properly restrict write operations in situations\n where the KERNEL_DS option is set. A local attacker to\n read or write to arbitrary kernel memory locations or\n cause a denial of service (use-after-free) by\n leveraging write access to a /dev/sg\n device.(CVE-2016-10088i1/4%0\n\n - ** DISPUTED ** An issue was discovered in the Linux\n kernel through 4.17.2. Since the page allocator does\n not yield CPU resources to the owner of the oom_lock\n mutex, a local unprivileged user can trivially lock up\n the system forever by wasting CPU resources from the\n page allocator (e.g., via concurrent page fault events)\n when the global OOM killer is invoked. NOTE: the\n software maintainer has not accepted certain proposed\n patches, in part because of a viewpoint that 'the\n underlying problem is non-trivial to\n handle.'(CVE-2016-10723i1/4%0\n\n - A flaw was found in the way the Linux kernel's ASN.1\n DER decoder processed certain certificate files with\n tags of indefinite length. A local, unprivileged user\n could use a specially crafted X.509 certificate DER\n file to crash the system or, potentially, escalate\n their privileges on the system.(CVE-2016-0758i1/4%0\n\n - A flaw was found in the way the Linux kernel's Stream\n Control Transmission Protocol (SCTP) implementation\n handled the association's output queue. A remote\n attacker could send specially crafted packets that\n would cause the system to use an excessive amount of\n memory, leading to a denial of\n service.(CVE-2014-3688i1/4%0\n\n - A use-after-free flaw was found in the way the\n ping_init_sock() function of the Linux kernel handled\n the group_info reference counter. A local, unprivileged\n user could use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2014-2851i1/4%0\n\n - The compat_get_timex function in kernel/compat.c in the\n Linux kernel before 4.16.9 allows local users to obtain\n sensitive information from kernel memory via\n adjtimex.(CVE-2018-11508i1/4%0\n\n - The cdc_parse_cdc_header() function in\n 'drivers/usb/core/message.c' in the Linux kernel,\n before 4.13.6, allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.(CVE-2017-16534i1/4%0\n\n - A flaw was found in the crypto subsystem of the Linux\n kernel before version kernel-4.15-rc4. The 'null\n skcipher' was being dropped when each af_alg_ctx was\n freed instead of when the aead_tfm was freed. This can\n cause the null skcipher to be freed while it is still\n in use leading to a local user being able to crash the\n system or possibly escalate\n privileges.(CVE-2018-14619i1/4%0\n\n - The crypto_skcipher_init_tfm function in\n crypto/skcipher.c in the Linux kernel through 4.11.2\n relies on a setkey function that lacks a key-size\n check, which allows local users to cause a denial of\n service (NULL pointer dereference) via a crafted\n application.(CVE-2017-9211i1/4%0\n\n - kernel/events/core.c in the performance subsystem in\n the Linux kernel before 4.0 mismanages locks during\n certain migrations, which allows local users to gain\n privileges via a crafted application, aka Android\n internal bug 30955111.(CVE-2016-6786i1/4%0\n\n - The KEYS subsystem in the Linux kernel omitted an\n access-control check when writing a key to the current\n task's default keyring, allowing a local user to bypass\n security checks to the keyring. This compromises the\n validity of the keyring for those who rely on\n it.(CVE-2017-17807i1/4%0\n\n - A use-after-free flaw was found in the way the Linux\n kernel's SCTP implementation handled authentication key\n reference counting during INIT collisions. A remote\n attacker could use this flaw to crash the system or,\n potentially, escalate their privileges on the\n system.(CVE-2015-1421i1/4%0\n\n - The waitid implementation in kernel/exit.c in the Linux\n kernel through 4.13.4 accesses rusage data structures\n in unintended cases. This can allow local users to\n obtain sensitive information and bypass the KASLR\n protection mechanism via a crafted system\n call.(CVE-2017-14954i1/4%0\n\n - It was found that the Linux kernel's keyring\n implementation would leak memory when adding a key to a\n keyring via the add_key() function. A local attacker\n could use this flaw to exhaust all available memory on\n the system.(CVE-2015-1333i1/4%0\n\n - The msm_ipc_router_close function in\n net/ipc_router/ipc_router_socket.c in the ipc_router\n component for the Linux kernel 3.x, as used in Qualcomm\n Innovation Center (QuIC) Android contributions for MSM\n devices and other products, allow attackers to cause a\n denial of service (NULL pointer dereference) or\n possibly have unspecified other impact by triggering\n failure of an accept system call for an AF_MSM_IPC\n socket.(CVE-2016-5870i1/4%0\n\n - A reachable assertion failure flaw was found in the\n Linux kernel built with KVM virtualisation(CONFIG_KVM)\n support with Virtual Function I/O feature (CONFIG_VFIO)\n enabled. This failure could occur if a malicious guest\n device sent a virtual interrupt (guest IRQ) with a\n larger (i1/4z1024) index value.(CVE-2017-1000252i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1534\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c73d2ac\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-08T00:27:45", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux kernel. There is an information leak in file 'sound/core/timer.c' of the latest mainline Linux kernel, the stack object aEURoetreadaEUR has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak.(CVE-2016-4569)\n\n - A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object aEURoer1aEUR has a total size of 32 bytes. Its field aEURoeeventaEUR and aEURoevalaEUR both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized.(CVE-2016-4578)\n\n - The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581)\n\n - Use after free vulnerability was found in percpu using previously allocated memory in bpf. First\n __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed.(CVE-2016-4794)\n\n - Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.(CVE-2016-4805)\n\n - A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb\n __copy_to_user() from a buffer allocated by\n __get_free_page().(CVE-2016-4913)\n\n - A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.(CVE-2016-4997)\n\n - An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments.(CVE-2016-4998)\n\n - A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.(CVE-2016-5195)\n\n - It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network.(CVE-2016-5696)\n\n - A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system.(CVE-2016-5829)\n\n - When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.(CVE-2016-6136)\n\n - It was found that the unlink and rename functionality in overlayfs did not verify the upper dentry for staleness. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to panic or crash the system.(CVE-2016-6197)\n\n - A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system.(CVE-2016-6198)\n\n - System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.(CVE-2016-6327)\n\n - A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.(CVE-2016-6480)\n\n - kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111.(CVE-2016-6786)\n\n - kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 31095224.(CVE-2016-6787)\n\n - A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions.\n This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.(CVE-2016-6828)\n\n - Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel.(CVE-2016-7039)\n\n - It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.(CVE-2016-7042)\n\n - It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications.(CVE-2016-7097)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5195", "CVE-2016-5696", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6197", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6786", "CVE-2016-6787", "CVE-2016-6828", "CVE-2016-7039", "CVE-2016-7042", "CVE-2016-7097"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1494.NASL", "href": "https://www.tenable.com/plugins/nessus/125100", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125100);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-4580\",\n \"CVE-2016-4581\",\n \"CVE-2016-4794\",\n \"CVE-2016-4805\",\n \"CVE-2016-4913\",\n \"CVE-2016-4997\",\n \"CVE-2016-4998\",\n \"CVE-2016-5195\",\n \"CVE-2016-5696\",\n \"CVE-2016-5829\",\n \"CVE-2016-6136\",\n \"CVE-2016-6197\",\n \"CVE-2016-6198\",\n \"CVE-2016-6327\",\n \"CVE-2016-6480\",\n \"CVE-2016-6786\",\n \"CVE-2016-6787\",\n \"CVE-2016-6828\",\n \"CVE-2016-7039\",\n \"CVE-2016-7042\",\n \"CVE-2016-7097\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A vulnerability was found in Linux kernel. There is an\n information leak in file 'sound/core/timer.c' of the\n latest mainline Linux kernel, the stack object\n aEURoetreadaEUR has a total size of 32 bytes. It contains a\n 8-bytes padding, which is not initialized but sent to\n user via copy_to_user(), resulting a kernel\n leak.(CVE-2016-4569)\n\n - A vulnerability was found in Linux kernel. There is an\n information leak in file sound/core/timer.c of the\n latest mainline Linux kernel. The stack object aEURoer1aEUR\n has a total size of 32 bytes. Its field aEURoeeventaEUR and\n aEURoevalaEUR both contain 4 bytes padding. These 8 bytes\n padding bytes are sent to user without being\n initialized.(CVE-2016-4578)\n\n - The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel before\n 4.5.5 does not properly initialize a certain data\n structure, which allows attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call\n Request.(CVE-2016-4580)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not\n properly traverse a mount propagation tree in a certain\n case involving a slave mount, which allows local users\n to cause a denial of service (NULL pointer dereference\n and OOPS) via a crafted series of mount system\n calls.(CVE-2016-4581)\n\n - Use after free vulnerability was found in percpu using\n previously allocated memory in bpf. First\n __alloc_percpu_gfp() is called, then the memory is\n freed with free_percpu() which triggers async\n pcpu_balance_work and then pcpu_extend_area_map could\n use a chunk after it has been freed.(CVE-2016-4794)\n\n - Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n before 4.5.2 allows local users to cause a denial of\n service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by\n removing a network namespace, related to the\n ppp_register_net_channel and ppp_unregister_channel\n functions.(CVE-2016-4805)\n\n - A vulnerability was found in the Linux kernel. Payloads\n of NM entries are not supposed to contain NUL. When\n such entry is processed, only the part prior to the\n first NUL goes into the concatenation (i.e. the\n directory entry name being encoded by a bunch of NM\n entries). The process stops when the amount collected\n so far + the claimed amount in the current NM entry\n exceed 254. However, the value returned as the total\n length is the sum of *claimed* sizes, not the actual\n amount collected. And that's what will be passed to\n readdir() callback as the name length - 8Kb\n __copy_to_user() from a buffer allocated by\n __get_free_page().(CVE-2016-4913)\n\n - A flaw was discovered in processing setsockopt for 32\n bit processes on 64 bit systems. This flaw will allow\n attackers to alter arbitrary kernel memory when\n unloading a kernel module. This action is usually\n restricted to root-privileged users but can also be\n leveraged if the kernel is compiled with CONFIG_USER_NS\n and CONFIG_NET_NS and the user is granted elevated\n privileges.(CVE-2016-4997)\n\n - An out-of-bounds heap memory access leading to a Denial\n of Service, heap disclosure, or further impact was\n found in setsockopt(). The function call is normally\n restricted to root, however some processes with\n cap_sys_admin may also be able to trigger this flaw in\n privileged container environments.(CVE-2016-4998)\n\n - A race condition was found in the way the Linux\n kernel's memory subsystem handled the copy-on-write\n (COW) breakage of private read-only memory mappings. An\n unprivileged, local user could use this flaw to gain\n write access to otherwise read-only memory mappings and\n thus increase their privileges on the\n system.(CVE-2016-5195)\n\n - It was found that the RFC 5961 challenge ACK rate\n limiting as implemented in the Linux kernel's\n networking subsystem allowed an off-path attacker to\n leak certain information about a given connection by\n creating congestion on the global challenge ACK rate\n limit counter and then measuring the changes by probing\n packets. An off-path attacker could use this flaw to\n either terminate TCP connection and/or inject payload\n into non-secured TCP connection between two endpoints\n on the network.(CVE-2016-5696)\n\n - A heap-based buffer overflow vulnerability was found in\n the Linux kernel's hiddev driver. This flaw could allow\n a local attacker to corrupt kernel memory, possible\n privilege escalation or crashing the\n system.(CVE-2016-5829)\n\n - When creating audit records for parameters to executed\n children processes, an attacker can convince the Linux\n kernel audit subsystem can create corrupt records which\n may allow an attacker to misrepresent or evade logging\n of executing commands.(CVE-2016-6136)\n\n - It was found that the unlink and rename functionality\n in overlayfs did not verify the upper dentry for\n staleness. A local, unprivileged user could use the\n rename syscall on overlayfs on top of xfs to panic or\n crash the system.(CVE-2016-6197)\n\n - A flaw was found that the vfs_rename() function did not\n detect hard links on overlayfs. A local, unprivileged\n user could use the rename syscall on overlayfs on top\n of xfs to crash the system.(CVE-2016-6198)\n\n - System using the infiniband support module ib_srpt were\n vulnerable to a denial of service by system crash by a\n local attacker who is able to abort writes to a device\n using this initiator.(CVE-2016-6327)\n\n - A race condition flaw was found in the ioctl_send_fib()\n function in the Linux kernel's aacraid implementation.\n A local attacker could use this flaw to cause a denial\n of service (out-of-bounds access or system crash) by\n changing a certain size value.(CVE-2016-6480)\n\n - kernel/events/core.c in the performance subsystem in\n the Linux kernel before 4.0 mismanages locks during\n certain migrations, which allows local users to gain\n privileges via a crafted application, aka Android\n internal bug 30955111.(CVE-2016-6786)\n\n - kernel/events/core.c in the performance subsystem in\n the Linux kernel before 4.0 mismanages locks during\n certain migrations, which allows local users to gain\n privileges via a crafted application, aka Android\n internal bug 31095224.(CVE-2016-6787)\n\n - A use-after-free vulnerability was found in\n tcp_xmit_retransmit_queue and other tcp_* functions.\n This condition could allow an attacker to send an\n incorrect selective acknowledgment to existing\n connections, possibly resetting a\n connection.(CVE-2016-6828)\n\n - Linux kernel built with the 802.1Q/802.1ad\n VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local\n Area Network(CONFIG_VXLAN) with Transparent Ethernet\n Bridging(TEB) GRO support, is vulnerable to a stack\n overflow issue. It could occur while receiving large\n packets via GRO path, as an unlimited recursion could\n unfold in both VLAN and TEB modules, leading to a stack\n corruption in the kernel.(CVE-2016-7039)\n\n - It was found that when the gcc stack protector was\n enabled, reading the /proc/keys file could cause a\n panic in the Linux kernel due to stack corruption. This\n happened because an incorrect buffer size was used to\n hold a 64-bit timeout value rendered as\n weeks.(CVE-2016-7042)\n\n - It was found that when file permissions were modified\n via chmod and the user modifying them was not in the\n owning group or capable of CAP_FSETID, the setgid bit\n would be cleared. Setting a POSIX ACL via setxattr sets\n the file permissions as well as the new ACL, but\n doesn't clear the setgid bit in a similar way. This\n could allow a local user to gain group privileges via\n certain setgid applications.(CVE-2016-7097)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1494\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e64722c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-5829\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T14:28:02", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0100 for details.", "cvss3": {}, "published": "2016-09-23T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-7513", "CVE-2015-7799", "CVE-2015-7837", "CVE-2015-8767", "CVE-2015-8787", "CVE-2015-8816", "CVE-2016-0723", "CVE-2016-0758", "CVE-2016-2069", "CVE-2016-2085", "CVE-2016-2117", "CVE-2016-2847", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4951", "CVE-2016-6197", "CVE-2016-6198"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0100.NASL", "href": "https://www.tenable.com/plugins/nessus/93679", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0100.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93679);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-7513\", \"CVE-2015-7799\", \"CVE-2015-7837\", \"CVE-2015-8767\", \"CVE-2015-8787\", \"CVE-2015-8816\", \"CVE-2016-0723\", \"CVE-2016-0758\", \"CVE-2016-2069\", \"CVE-2016-2085\", \"CVE-2016-2117\", \"CVE-2016-2847\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-4470\", \"CVE-2016-4565\", \"CVE-2016-4581\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4951\", \"CVE-2016-6197\", \"CVE-2016-6198\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0100)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2016-0100 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-September/000547.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bd3063c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.1.6.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.1.6.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:45", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2016:2584)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2017-13167"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2016-2584.NASL", "href": "https://www.tenable.com/plugins/nessus/94547", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2584. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94547);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2017-13167\");\n script_xref(name:\"RHSA\", value:\"2016:2584\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2016:2584)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829,\nCVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480,\nCVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384,\nCVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13167\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2017-13167\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2016:2584\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2584\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:59", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3596 advisory.\n\n - The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. (CVE-2015-8785)\n\n - The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. (CVE-2015-8816)\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. (CVE-2016-3156)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. (CVE-2016-4581)\n\n - Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. (CVE-2016-4805)\n\n - The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.\n (CVE-2016-4913)\n\n - The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. (CVE-2016-4951)\n\n - The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604. (CVE-2015-8787)\n\n - Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after- free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.\n (CVE-2016-0723)\n\n - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. (CVE-2016-2847)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2003-1604", "CVE-2013-4312", "CVE-2015-7513", "CVE-2015-7799", "CVE-2015-7837", "CVE-2015-8767", "CVE-2015-8785", "CVE-2015-8787", "CVE-2015-8816", "CVE-2016-0723", "CVE-2016-0758", "CVE-2016-2069", "CVE-2016-2085", "CVE-2016-2117", "CVE-2016-2847", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3156", "CVE-2016-3157", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4951", "CVE-2016-6197", "CVE-2016-6198"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.6.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.6.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2016-3596.NASL", "href": "https://www.tenable.com/plugins/nessus/93148", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3596.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93148);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-4312\",\n \"CVE-2015-7513\",\n \"CVE-2015-7799\",\n \"CVE-2015-7837\",\n \"CVE-2015-8767\",\n \"CVE-2015-8785\",\n \"CVE-2015-8787\",\n \"CVE-2015-8816\",\n \"CVE-2016-0723\",\n \"CVE-2016-0758\",\n \"CVE-2016-2069\",\n \"CVE-2016-2085\",\n \"CVE-2016-2117\",\n \"CVE-2016-2847\",\n \"CVE-2016-3136\",\n \"CVE-2016-3137\",\n \"CVE-2016-3156\",\n \"CVE-2016-3157\",\n \"CVE-2016-4470\",\n \"CVE-2016-4565\",\n \"CVE-2016-4581\",\n \"CVE-2016-4805\",\n \"CVE-2016-4913\",\n \"CVE-2016-4951\",\n \"CVE-2016-6197\",\n \"CVE-2016-6198\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2016-3596 advisory.\n\n - The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to\n cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the\n first segment of an iov. (CVE-2015-8785)\n\n - The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly\n maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of\n service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a\n USB hub device. (CVE-2015-8816)\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges\n by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which\n allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large\n number of IP addresses. (CVE-2016-3156)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a\n certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a crafted series of mount system calls. (CVE-2016-4581)\n\n - Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows\n local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions. (CVE-2016-4805)\n\n - The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM\n (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive\n information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.\n (CVE-2016-4913)\n\n - The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket\n existence, which allows local users to cause a denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a dumpit operation. (CVE-2016-4951)\n\n - The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows\n remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a\n related issue to CVE-2003-1604. (CVE-2015-8787)\n\n - Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows\n local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-\n free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.\n (CVE-2016-0723)\n\n - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows\n local users to cause a denial of service (memory consumption) by creating many pipes with non-default\n sizes. (CVE-2016-2847)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2016-3596.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8787\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.6.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.6.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.6.el6uek', '4.1.12-61.1.6.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2016-3596');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.6.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.6.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.6.el6uek / dtrace-modules-4.1.12-61.1.6.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:43", "description": "Security Fix(es) :\n\n - It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n(CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nAdditional Changes :", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20161103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161103_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95841);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that the Linux kernel's IPv6 implementation\n mishandled socket options. A local attacker could abuse\n concurrent access to the socket options to escalate\n their privileges, or cause a denial of service\n (use-after-free and system crash) via a crafted sendmsg\n system call. (CVE-2016-3841, Important)\n\n(CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812,\nCVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069,\nCVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794,\nCVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136,\nCVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746,\nCVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070,\nCVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=12735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77976f21\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:18", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2016:2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/94537", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2574. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94537);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2016:2574)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198,\nCVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956,\nCVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699,\nCVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16597\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2016:2574\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2574\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:19:47", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2574 advisory.\n\n - The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. (CVE-2013-4312)\n\n - The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. (CVE-2015-8543)\n\n - The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. (CVE-2016-2117)\n\n - The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. (CVE-2016-6198)\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. (CVE-2016-3156)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. (CVE-2016-4581)\n\n - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. (CVE-2016-2847)\n\n - fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. (CVE-2015-8374)\n\n - Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. (CVE-2016-5829)\n\n - The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. (CVE-2015-8844)\n\n - The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. (CVE-2015-8845)\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956)\n\n - The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. (CVE-2016-2053)\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. (CVE-2016-4569)\n\n - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.\n (CVE-2016-4578)\n\n - arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. (CVE-2016-5412)\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. (CVE-2016-6327)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. (CVE-2015-8746)\n\n - drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use- after-free) via crafted packets. (CVE-2015-8812)\n\n - The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. (CVE-2016-3070)\n\n - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. (CVE-2016-3699)\n\n - The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841)\n\n - Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. (CVE-2016-4794)\n\n - The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. (CVE-2016-5828)\n\n - Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a double fetch vulnerability. (CVE-2016-6136)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2016-2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/94697", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-2574.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94697);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-4312\",\n \"CVE-2015-8374\",\n \"CVE-2015-8543\",\n \"CVE-2015-8746\",\n \"CVE-2015-8812\",\n \"CVE-2015-8844\",\n \"CVE-2015-8845\",\n \"CVE-2015-8956\",\n \"CVE-2016-2053\",\n \"CVE-2016-2069\",\n \"CVE-2016-2117\",\n \"CVE-2016-2384\",\n \"CVE-2016-2847\",\n \"CVE-2016-3044\",\n \"CVE-2016-3070\",\n \"CVE-2016-3156\",\n \"CVE-2016-3699\",\n \"CVE-2016-3841\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-4581\",\n \"CVE-2016-4794\",\n \"CVE-2016-5412\",\n \"CVE-2016-5828\",\n \"CVE-2016-5829\",\n \"CVE-2016-6136\",\n \"CVE-2016-6198\",\n \"CVE-2016-6327\",\n \"CVE-2016-6480\",\n \"CVE-2016-7914\",\n \"CVE-2016-7915\",\n \"CVE-2016-9794\",\n \"CVE-2017-13167\",\n \"CVE-2018-16597\"\n );\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2016-2574)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2016-2574 advisory.\n\n - The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of\n service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to\n net/unix/af_unix.c and net/unix/garbage.c. (CVE-2013-4312)\n\n - The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products,\n does not validate protocol identifiers for certain protocol families, which allows local users to cause a\n denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by\n leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. (CVE-2015-8543)\n\n - The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2\n incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from\n kernel memory by reading packet data. (CVE-2016-2117)\n\n - The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an\n OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service\n (system crash) via a rename system call, related to fs/namei.c and fs/open.c. (CVE-2016-6198)\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges\n by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which\n allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large\n number of IP addresses. (CVE-2016-3156)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a\n certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a crafted series of mount system calls. (CVE-2016-4581)\n\n - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows\n local users to cause a denial of service (memory consumption) by creating many pipes with non-default\n sizes. (CVE-2016-2847)\n\n - fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local\n users to obtain sensitive pre-truncation information from a file via a clone action. (CVE-2015-8374)\n\n - Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in\n the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified\n other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. (CVE-2016-5829)\n\n - The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR\n with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing\n exception and panic) via a crafted application. (CVE-2015-8844)\n\n - The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on\n powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call,\n which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted\n application. (CVE-2015-8845)\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local\n users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956)\n\n - The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to\n cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. (CVE-2016-2053)\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel\n before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via crafted use of the ALSA timer interface. (CVE-2016-4569)\n\n - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which\n allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA\n timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.\n (CVE-2016-4578)\n\n - arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when\n CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite\n loop) by making a H_CEDE hypercall during the existence of a suspended transaction. (CVE-2016-5412)\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a\n denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation. (CVE-2016-6327)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory\n for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL\n pointer dereference and panic) via crafted network traffic. (CVE-2015-8746)\n\n - drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error\n conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-\n after-free) via crafted packets. (CVE-2015-8812)\n\n - The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel\n before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service\n (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a\n certain page move. (CVE-2016-3070)\n\n - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted\n with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute\n untrusted code by appending ACPI tables to the initrd. (CVE-2016-3699)\n\n - The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain\n privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system\n call. (CVE-2016-3841)\n\n - Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a\n denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf\n system calls. (CVE-2016-4794)\n\n - The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc\n platforms mishandles transactional state, which allows local users to cause a denial of service (invalid\n process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by\n starting and suspending a transaction before an exec system call. (CVE-2016-5828)\n\n - Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through\n 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by\n changing a certain string, aka a double fetch vulnerability. (CVE-2016-6136)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2016-2574.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8812\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-514.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2016-2574');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-514.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:54", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2016:2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/95321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2574 and \n# CentOS Errata and Security Advisory 2016:2574 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95321);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2016:2574)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198,\nCVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956,\nCVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699,\nCVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003609.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4a0f0ff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8812\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:45", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Security reported that various USB drivers do not sufficiently validate USB descriptors. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash).\n\n - CVE-2016-0821 Solar Designer noted that the list 'poisoning' feature, intended to mitigate the effects of bugs in list manipulation in the kernel, used poison values within the range of virtual addresses that can be allocated by user processes.\n\n - CVE-2016-1237 David Sinquin discovered that nfsd does not check permissions when setting ACLs, allowing users to grant themselves permissions to a file by setting the ACL.\n\n - CVE-2016-1583 Jann Horn of Google Project Zero reported that the eCryptfs filesystem could be used together with the proc filesystem to cause a kernel stack overflow. If the ecryptfs-utils package is installed, local users could exploit this, via the mount.ecryptfs_private program, for denial of service (crash) or possibly for privilege escalation.\n\n - CVE-2016-2117 Justin Yackoski of Cryptonite discovered that the Atheros L2 ethernet driver incorrectly enables scatter/gather I/O. A remote attacker could take advantage of this flaw to obtain potentially sensitive information from kernel memory.\n\n - CVE-2016-2143 Marcin Koscielnicki discovered that the fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash).\n\n - CVE-2016-3070 Jan Stancek of Red Hat discovered a local denial of service vulnerability in AIO handling.\n\n - CVE-2016-3134 The Google Project Zero team found that the netfilter subsystem does not sufficiently validate filter table entries. A user with the CAP_NET_ADMIN capability could use this for denial of service (crash) or possibly for privilege escalation. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this allows privilege escalation.\n\n - CVE-2016-3156 Solar Designer discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS.\n\n - CVE-2016-3157 / XSA-171 Andy Lutomirski discovered that the x86_64 (amd64) task switching implementation did not correctly update the I/O permission level when running as a Xen paravirtual (PV) guest. In some configurations this would allow local users to cause a denial of service (crash) or to escalate their privileges within the guest.\n\n - CVE-2016-3672 Hector Marco and Ismael Ripoll noted that it was possible to disable Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs by removing the stack resource limit. This made it easier for local users to exploit security flaws in programs that have the setuid or setgid flag set.\n\n - CVE-2016-3951 It was discovered that the cdc_ncm driver would free memory prematurely if certain errors occurred during its initialisation. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash) or possibly to escalate their privileges.\n\n - CVE-2016-3955 Ignat Korchagin reported that the usbip subsystem did not check the length of data received for a USB buffer.\n This allowed denial of service (crash) or privilege escalation on a system configured as a usbip client, by the usbip server or by an attacker able to impersonate it over the network. A system configured as a usbip server might be similarly vulnerable to physically present users.\n\n - CVE-2016-3961 / XSA-174 Vitaly Kuznetsov of Red Hat discovered that Linux allowed the use of hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen paravirtualised (PV) guest, although Xen does not support huge pages. This allowed users with access to /dev/hugepages to cause a denial of service (crash) in the guest.\n\n - CVE-2016-4470 David Howells of Red Hat discovered that a local user can trigger a flaw in the Linux kernel's handling of key lookups in the keychain subsystem, leading to a denial of service (crash) or possibly to privilege escalation.\n\n - CVE-2016-4482, CVE-2016-4485, CVE-2016-4486, CVE-2016-4569, CVE-2016-4578, CVE-2016-4580, CVE-2016-5243, CVE-2016-5244\n\n Kangjie Lu reported that the USB devio, llc, rtnetlink, ALSA timer, x25, tipc, and rds facilities leaked information from the kernel stack.\n\n - CVE-2016-4565 Jann Horn of Google Project Zero reported that various components in the InfiniBand stack implemented unusual semantics for the write() operation. On a system with InfiniBand drivers loaded, local users could use this for denial of service or privilege escalation.\n\n - CVE-2016-4581 Tycho Andersen discovered that in some situations the Linux kernel did not handle propagated mounts correctly.\n A local user can take advantage of this flaw to cause a denial of service (system crash).\n\n - CVE-2016-4805 Baozeng Ding discovered a use-after-free in the generic PPP layer in the Linux kernel. A local user can take advantage of this flaw to cause a denial of service (system crash), or potentially escalate their privileges.\n\n - CVE-2016-4913 Al Viro found that the ISO9660 filesystem implementation did not correctly count the length of certain invalid name entries. Reading a directory containing such name entries would leak information from kernel memory. Users permitted to mount disks or disk images could use this to obtain sensitive information.\n\n - CVE-2016-4997 / CVE-2016-4998 Jesse Hertz and Tim Newsham discovered that missing input sanitising in Netfilter socket handling may result in denial of service. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this also allows privilege escalation.", "cvss3": {}, "published": "2016-06-29T00:00:00", "type": "nessus", "title": "Debian DSA-3607-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7515", "CVE-2016-0821", "CVE-2016-1237", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2143", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3070", "CVE-2016-3134", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-3156", "CVE-2016-3157", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5243", "CVE-2016-5244"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3607.NASL", "href": "https://www.tenable.com/plugins/nessus/91886", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3607. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91886);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-7515\", \"CVE-2016-0821\", \"CVE-2016-1237\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-3070\", \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3157\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5243\", \"CVE-2016-5244\");\n script_xref(name:\"DSA\", value:\"3607\");\n\n script_name(english:\"Debian DSA-3607-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2015-7515, CVE-2016-2184, CVE-2016-2185,\n CVE-2016-2186, CVE-2016-2187, CVE-2016-3136,\n CVE-2016-3137, CVE-2016-3138, CVE-2016-3140\n Ralf Spenneberg of OpenSource Security reported that\n various USB drivers do not sufficiently validate USB\n descriptors. This allowed a physically present user with\n a specially designed USB device to cause a denial of\n service (crash).\n\n - CVE-2016-0821\n Solar Designer noted that the list 'poisoning' feature,\n intended to mitigate the effects of bugs in list\n manipulation in the kernel, used poison values within\n the range of virtual addresses that can be allocated by\n user processes.\n\n - CVE-2016-1237\n David Sinquin discovered that nfsd does not check\n permissions when setting ACLs, allowing users to grant\n themselves permissions to a file by setting the ACL.\n\n - CVE-2016-1583\n Jann Horn of Google Project Zero reported that the\n eCryptfs filesystem could be used together with the proc\n filesystem to cause a kernel stack overflow. If the\n ecryptfs-utils package is installed, local users could\n exploit this, via the mount.ecryptfs_private program,\n for denial of service (crash) or possibly for privilege\n escalation.\n\n - CVE-2016-2117\n Justin Yackoski of Cryptonite discovered that the\n Atheros L2 ethernet driver incorrectly enables\n scatter/gather I/O. A remote attacker could take\n advantage of this flaw to obtain potentially sensitive\n information from kernel memory.\n\n - CVE-2016-2143\n Marcin Koscielnicki discovered that the fork\n implementation in the Linux kernel on s390 platforms\n mishandles the case of four page-table levels, which\n allows local users to cause a denial of service (system\n crash).\n\n - CVE-2016-3070\n Jan Stancek of Red Hat discovered a local denial of\n service vulnerability in AIO handling.\n\n - CVE-2016-3134\n The Google Project Zero team found that the netfilter\n subsystem does not sufficiently validate filter table\n entries. A user with the CAP_NET_ADMIN capability could\n use this for denial of service (crash) or possibly for\n privilege escalation. Debian disables unprivileged user\n namespaces by default, if locally enabled with the\n kernel.unprivileged_userns_clone sysctl, this allows\n privilege escalation.\n\n - CVE-2016-3156\n Solar Designer discovered that the IPv4 implementation\n in the Linux kernel did not perform the destruction of\n inet device objects properly. An attacker in a guest OS\n could use this to cause a denial of service (networking\n outage) in the host OS.\n\n - CVE-2016-3157 / XSA-171\n Andy Lutomirski discovered that the x86_64 (amd64) task\n switching implementation did not correctly update the\n I/O permission level when running as a Xen paravirtual\n (PV) guest. In some configurations this would allow\n local users to cause a denial of service (crash) or to\n escalate their privileges within the guest.\n\n - CVE-2016-3672\n Hector Marco and Ismael Ripoll noted that it was\n possible to disable Address Space Layout Randomisation\n (ASLR) for x86_32 (i386) programs by removing the stack\n resource limit. This made it easier for local users to\n exploit security flaws in programs that have the setuid\n or setgid flag set.\n\n - CVE-2016-3951\n It was discovered that the cdc_ncm driver would free\n memory prematurely if certain errors occurred during its\n initialisation. This allowed a physically present user\n with a specially designed USB device to cause a denial\n of service (crash) or possibly to escalate their\n privileges.\n\n - CVE-2016-3955\n Ignat Korchagin reported that the usbip subsystem did\n not check the length of data received for a USB buffer.\n This allowed denial of service (crash) or privilege\n escalation on a system configured as a usbip client, by\n the usbip server or by an attacker able to impersonate\n it over the network. A system configured as a usbip\n server might be similarly vulnerable to physically\n present users.\n\n - CVE-2016-3961 / XSA-174\n Vitaly Kuznetsov of Red Hat discovered that Linux\n allowed the use of hugetlbfs on x86 (i386 and amd64)\n systems even when running as a Xen paravirtualised (PV)\n guest, although Xen does not support huge pages. This\n allowed users with access to /dev/hugepages to cause a\n denial of service (crash) in the guest.\n\n - CVE-2016-4470\n David Howells of Red Hat discovered that a local user\n can trigger a flaw in the Linux kernel's handling of key\n lookups in the keychain subsystem, leading to a denial\n of service (crash) or possibly to privilege escalation.\n\n - CVE-2016-4482, CVE-2016-4485, CVE-2016-4486,\n CVE-2016-4569, CVE-2016-4578, CVE-2016-4580,\n CVE-2016-5243, CVE-2016-5244\n\n Kangjie Lu reported that the USB devio, llc, rtnetlink,\n ALSA timer, x25, tipc, and rds facilities leaked\n information from the kernel stack.\n\n - CVE-2016-4565\n Jann Horn of Google Project Zero reported that various\n components in the InfiniBand stack implemented unusual\n semantics for the write() operation. On a system with\n InfiniBand drivers loaded, local users could use this\n for denial of service or privilege escalation.\n\n - CVE-2016-4581\n Tycho Andersen discovered that in some situations the\n Linux kernel did not handle propagated mounts correctly.\n A local user can take advantage of this flaw to cause a\n denial of service (system crash).\n\n - CVE-2016-4805\n Baozeng Ding discovered a use-after-free in the generic\n PPP layer in the Linux kernel. A local user can take\n advantage of this flaw to cause a denial of service\n (system crash), or potentially escalate their\n privileges.\n\n - CVE-2016-4913\n Al Viro found that the ISO9660 filesystem implementation\n did not correctly count the length of certain invalid\n name entries. Reading a directory containing such name\n entries would leak information from kernel memory. Users\n permitted to mount disks or disk images could use this\n to obtain sensitive information.\n\n - CVE-2016-4997 / CVE-2016-4998\n Jesse Hertz and Tim Newsham discovered that missing\n input sanitising in Netfilter socket handling may result\n in denial of service. Debian disables unprivileged user\n namespaces by default, if locally enabled with the\n kernel.unprivileged_userns_clone sysctl, this also\n allows privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-7515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-0821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1237\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-1583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-2143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-3961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4482\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-5244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4997\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-4998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3607\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt25-2+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.7-ckt25-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:57", "description": "The openSUSE 13.2 kernel was updated to fix various bugs and security issues.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \\0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971919 971944).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401 bsc#978445).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).\n\n - CVE-2016-4581: fs/pnode.c in the Linux kernel did not properly traverse a mount propagation tree in a certain case involving a slave mount, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls (bnc#979913).\n\n - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821).\n\n - CVE-2015-3288: A security flaw was found in the Linux kernel that there was a way to arbitrary change zero page memory. (bnc#979021).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).\n\n - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654).\n\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948 974646).\n\n - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955).\n\n - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).\n\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).\n\n - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418).\n\n - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).\n\n - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).\n\n - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).\n\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360).\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909).\n\n - CVE-2015-8830: Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allowed local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression (bnc#969354 bsc#969355).\n\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010).\n\n - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512).\n\n - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013).\n\n - CVE-2016-2547: sound/core/timer.c in the Linux kernel employs a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011).\n\n - CVE-2016-2548: sound/core/timer.c in the Linux kernel retains certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012).\n\n - CVE-2016-2546: sound/core/timer.c in the Linux kernel uses an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975).\n\n - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974).\n\n - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973).\n\n - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972).\n\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel mishandles uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states 'there is no kernel bug here (bnc#959709 960561 ).\n\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel did not properly identify error conditions, which allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets (bnc#966437).\n\n - CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor (bnc#966693).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel allowed local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov (bnc#963765).\n\n - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572 986573).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362 986365 986377).\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755 984764).\n\n - CVE-2015-6526: The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel on ppc64 platforms allowed local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace (bnc#942702).\n\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hrtimer: Handle start/stop more properly (bsc#973378).\n\n - ALSA: pcm: Fix potential deadlock in OSS emulation (bsc#968018).\n\n - ALSA: rawmidi: Fix race at copying & updating the position (bsc#968018).\n\n - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free (bsc#968018).\n\n - ALSA: seq: Fix double port list deletion (bsc#968018).\n\n - ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup() (bsc#968018).\n\n - ALSA: seq: Fix leak of pool buffer at concurrent writes (bsc#968018).\n\n - ALSA: seq: Fix lockdep warnings due to double mutex locks (bsc#968018).\n\n - ALSA: seq: Fix race at closing in virmidi driver (bsc#968018).\n\n - ALSA: seq: Fix yet another races among ALSA timer accesses (bsc#968018).\n\n - ALSA: timer: Call notifier in the same spinlock (bsc#973378).\n\n - ALSA: timer: Code cleanup (bsc#968018).\n\n - ALSA: timer: Fix leftover link at closing (bsc#968018).\n\n - ALSA: timer: Fix link corruption due to double start or stop (bsc#968018).\n\n - ALSA: timer: Fix race between stop and interrupt (bsc#968018).\n\n - ALSA: timer: Fix wrong instance passed to slave callbacks (bsc#968018).\n\n - ALSA: timer: Protect the whole snd_timer_close() with open race (bsc#973378).\n\n - ALSA: timer: Sync timer deletion at closing the system timer (bsc#973378).\n\n - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).\n\n - Bluetooth: vhci: Fix race at creating hci device (bsc#971799,bsc#966849).\n\n - Bluetooth: vhci: fix open_timeout vs. hdev race (bsc#971799,bsc#966849).\n\n - Bluetooth: vhci: purge unhandled skbs (bsc#971799,bsc#966849).\n\n - Btrfs: do not use src fd for printk (bsc#980348).\n\n - Refresh patches.drivers/ALSA-hrtimer-Handle-start-stop-more-prop erly. Fix the build error on 32bit architectures.\n\n - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469).\n\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position updates on /proc/xen/xenbus (bsc#970275).\n\n - Subject: [PATCH] USB: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982706).\n\n - USB: usbip: fix potential out-of-bounds write (bnc#975945).\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg (bsc#973570).\n\n - backends: guarantee one time reads of shared ring contents (bsc#957988).\n\n - btrfs: do not go readonly on existing qgroup items (bsc#957052).\n\n - btrfs: remove error message from search ioctl for nonexistent tree.\n\n - drm/i915: Fix missing backlight update during panel disablement (bsc#941113 boo#901754).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - ext4: fix races between buffered IO and collapse / insert range (bsc#972174).\n\n - ext4: fix races between page faults and hole punching (bsc#972174).\n\n - ext4: fix races of writeback with punch hole and zero range (bsc#972174).\n\n - ext4: move unlocked dio protection from ext4_alloc_file_blocks() (bsc#972174).\n\n - ipv4/fib: do not warn when primary address is missing if in_dev is dead (bsc#971360).\n\n - ipvs: count pre-established TCP states as active (bsc#970114).\n\n - net: core: Correct an over-stringent device loop detection (bsc#945219).\n\n - netback: do not use last request to determine minimum Tx credit (bsc#957988).\n\n - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.\n\n - pciback: Save the number of MSI-X entries to be copied later.\n\n - pciback: guarantee one time reads of shared ring contents (bsc#957988).\n\n - series.conf: move cxgb3 patch to network drivers section\n\n - usb: quirk to stop runtime PM for Intel 7260 (bnc#984464).\n\n - x86: standardize mmap_rnd() usage (bnc#974308).", "cvss3": {}, "published": "2016-08-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6701", "CVE-2013-7446", "CVE-2014-9904", "CVE-2015-3288", "CVE-2015-6526", "CVE-2015-7566", "CVE-2015-8709", "CVE-2015-8785", "CVE-2015-8812", "CVE-2015-8816", "CVE-2015-8830", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-2188", "CVE-2016-2384", "CVE-2016-2543", "CVE-2016-2544", "CVE-2016-2545", "CVE-2016-2546", "CVE-2016-2547", "CVE-2016-2548", "CVE-2016-2549", "CVE-2016-2782", "CVE-2016-2847", "CVE-2016-3134", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3156", "CVE-2016-3672", "CVE-2016-3689", "CVE-2016-3951", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4997", "CVE-2016-5244", "CVE-2016-5829"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bbswitch", "p-cpe:/a:novell:opensuse:bbswitch-debugsource", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen", "p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2016-1015.NASL", "href": "https://www.tenable.com/plugins/nessus/93104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1015.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93104);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6701\", \"CVE-2013-7446\", \"CVE-2014-9904\", \"CVE-2015-3288\", \"CVE-2015-6526\", \"CVE-2015-7566\", \"CVE-2015-8709\", \"CVE-2015-8785\", \"CVE-2015-8812\", \"CVE-2015-8816\", \"CVE-2015-8830\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2188\", \"CVE-2016-2384\", \"CVE-2016-2543\", \"CVE-2016-2544\", \"CVE-2016-2545\", \"CVE-2016-2546\", \"CVE-2016-2547\", \"CVE-2016-2548\", \"CVE-2016-2549\", \"CVE-2016-2782\", \"CVE-2016-2847\", \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4581\", \"CVE-2016-4805\", \"CVE-2016-4913\", \"CVE-2016-4997\", \"CVE-2016-5244\", \"CVE-2016-5829\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)\");\n script_summary(english:\"Check for the openSUSE-2016-1015 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.2 kernel was updated to fix various bugs and security\nissues.\n\nThe following security bugs were fixed :\n\n - CVE-2016-1583: Prevent the usage of mmap when the lower\n file system does not allow it. This could have lead to\n local privilege escalation when ecryptfs-utils was\n installed and /sbin/mount.ecryptfs_private was setuid\n (bsc#983143).\n\n - CVE-2016-4913: The get_rock_ridge_filename function in\n fs/isofs/rock.c in the Linux kernel mishandles NM (aka\n alternate name) entries containing \\0 characters, which\n allowed local users to obtain sensitive information from\n kernel memory or possibly have unspecified other impact\n via a crafted isofs filesystem (bnc#980725).\n\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not\n properly initialize a certain data structure, which\n allowed attackers to obtain sensitive information from\n kernel stack memory via an X.25 Call Request\n (bnc#981267).\n\n - CVE-2016-0758: Tags with indefinite length could have\n corrupted pointers in asn1_find_indefinite_length\n (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2187: The gtco_probe function in\n drivers/input/tablet/gtco.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted endpoints value in a USB device descriptor\n (bnc#971919 971944).\n\n - CVE-2016-4482: The proc_connectinfo function in\n drivers/usb/core/devio.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call\n (bnc#978401 bsc#978445).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relies on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bnc#979548 bsc#980363).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-4581: fs/pnode.c in the Linux kernel did not\n properly traverse a mount propagation tree in a certain\n case involving a slave mount, which allowed local users\n to cause a denial of service (NULL pointer dereference\n and OOPS) via a crafted series of mount system calls\n (bnc#979913).\n\n - CVE-2016-4485: The llc_cmsg_rcv function in\n net/llc/af_llc.c in the Linux kernel did not initialize\n a certain data structure, which allowed attackers to\n obtain sensitive information from kernel stack memory by\n reading a message (bnc#978821).\n\n - CVE-2015-3288: A security flaw was found in the Linux\n kernel that there was a way to arbitrary change zero\n page memory. (bnc#979021).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel\n did not initialize certain r1 data structures, which\n allowed local users to obtain sensitive information from\n kernel stack memory via crafted use of the ALSA timer\n interface, related to the (1) snd_timer_user_ccallback\n and (2) snd_timer_user_tinterrupt functions\n (bnc#979879).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n\n - CVE-2013-7446: Use-after-free vulnerability in\n net/unix/af_unix.c in the Linux kernel allowed local\n users to bypass intended AF_UNIX socket permissions or\n cause a denial of service (panic) via crafted epoll_ctl\n calls (bnc#955654).\n\n - CVE-2016-4569: The snd_timer_user_params function in\n sound/core/timer.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface\n (bnc#979213).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not\n limit the amount of unread data in pipes, which allowed\n local users to cause a denial of service (memory\n consumption) by creating many pipes with non-default\n sizes (bnc#970948 974646).\n\n - CVE-2016-3136: The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted USB device without two interrupt-in\n endpoint descriptors (bnc#970955).\n\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted endpoints value in a USB device descriptor\n (bnc#970956).\n\n - CVE-2016-3138: The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a USB device without both a control and a data endpoint\n descriptor (bnc#970911).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a USB device without both an\n interrupt-in and an interrupt-out endpoint descriptor,\n related to the cypress_generic_port_probe and\n cypress_open functions (bnc#970970).\n\n - CVE-2016-3951: Double free vulnerability in\n drivers/net/usb/cdc_ncm.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (system crash) or possibly have unspecified\n other impact by inserting a USB device with an invalid\n USB descriptor (bnc#974418).\n\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970892).\n\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970958).\n\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#971124).\n\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (system crash) via a USB device without both a\n master and a slave interface (bnc#971628).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux\n kernel mishandles destruction of device objects, which\n allowed guest OS users to cause a denial of service\n (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference or\n double free, and system crash) via a crafted endpoints\n value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970909).\n\n - CVE-2015-8830: Integer overflow in the\n aio_setup_single_vector function in fs/aio.c in the\n Linux kernel 4.0 allowed local users to cause a denial\n of service or possibly have unspecified other impact via\n a large AIO iovec. NOTE: this vulnerability exists\n because of a CVE-2012-6701 regression (bnc#969354\n bsc#969355).\n\n - CVE-2016-2782: The treo_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacks a (1) bulk-in or (2) interrupt-in\n endpoint (bnc#968670).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bnc#968010).\n\n - CVE-2015-7566: The clie_5_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacks a bulk-out endpoint (bnc#961512).\n\n - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel\n did not prevent recursive callback access, which allowed\n local users to cause a denial of service (deadlock) via\n a crafted ioctl call (bnc#968013).\n\n - CVE-2016-2547: sound/core/timer.c in the Linux kernel\n employs a locking approach that did not consider slave\n timer instances, which allowed local users to cause a\n denial of service (race condition, use-after-free, and\n system crash) via a crafted ioctl call (bnc#968011).\n\n - CVE-2016-2548: sound/core/timer.c in the Linux kernel\n retains certain linked lists after a close or stop\n action, which allowed local users to cause a denial of\n service (system crash) via a crafted ioctl call, related\n to the (1) snd_timer_close and (2) _snd_timer_stop\n functions (bnc#968012).\n\n - CVE-2016-2546: sound/core/timer.c in the Linux kernel\n uses an incorrect type of mutex, which allowed local\n users to cause a denial of service (race condition,\n use-after-free, and system crash) via a crafted ioctl\n call (bnc#967975).\n\n - CVE-2016-2545: The snd_timer_interrupt function in\n sound/core/timer.c in the Linux kernel did not properly\n maintain a certain linked list, which allowed local\n users to cause a denial of service (race condition and\n system crash) via a crafted ioctl call (bnc#967974).\n\n - CVE-2016-2544: Race condition in the queue_delete\n function in sound/core/seq/seq_queue.c in the Linux\n kernel allowed local users to cause a denial of service\n (use-after-free and system crash) by making an ioctl\n call at a certain time (bnc#967973).\n\n - CVE-2016-2543: The snd_seq_ioctl_remove_events function\n in sound/core/seq/seq_clientmgr.c in the Linux kernel\n did not verify FIFO assignment before proceeding with\n FIFO clearing, which allowed local users to cause a\n denial of service (NULL pointer dereference and OOPS)\n via a crafted ioctl call (bnc#967972).\n\n - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the\n Linux kernel mishandles uid and gid mappings, which\n allowed local users to gain privileges by establishing a\n user namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states 'there is no\n kernel bug here (bnc#959709 960561 ).\n\n - CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in\n the Linux kernel did not properly identify error\n conditions, which allowed remote attackers to execute\n arbitrary code or cause a denial of service\n (use-after-free) via crafted packets (bnc#966437).\n\n - CVE-2016-2384: Double free vulnerability in the\n snd_usbmidi_create function in sound/usb/midi.c in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an\n invalid USB descriptor (bnc#966693).\n\n - CVE-2015-8785: The fuse_fill_write_pages function in\n fs/fuse/file.c in the Linux kernel allowed local users\n to cause a denial of service (infinite loop) via a\n writev system call that triggers a zero length for the\n first segment of an iov (bnc#963765).\n\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in\n the Linux kernel did not properly check for an integer\n overflow, which allowed local users to cause a denial of\n service (insufficient memory allocation) or possibly\n have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allow\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572 986573).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (memory corruption) by leveraging\n in-container root access to provide a crafted offset\n value that triggers an unintended decrement (bnc#986362\n 986365 986377).\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755 984764).\n\n - CVE-2015-6526: The perf_callchain_user_64 function in\n arch/powerpc/perf/callchain.c in the Linux kernel on\n ppc64 platforms allowed local users to cause a denial of\n service (infinite loop) via a deep 64-bit userspace\n backtrace (bnc#942702).\n\n - CVE-2016-5244: The rds_inc_info_copy function in\n net/rds/recv.c in the Linux kernel did not initialize a\n certain structure member, which allowed remote attackers\n to obtain sensitive information from kernel stack memory\n by reading an RDS message (bnc#983213).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hrtimer: Handle start/stop more properly\n (bsc#973378).\n\n - ALSA: pcm: Fix potential deadlock in OSS emulation\n (bsc#968018).\n\n - ALSA: rawmidi: Fix race at copying & updating the\n position (bsc#968018).\n\n - ALSA: rawmidi: Make snd_rawmidi_transmit() race-free\n (bsc#968018).\n\n - ALSA: seq: Fix double port list deletion (bsc#968018).\n\n - ALSA: seq: Fix incorrect sanity check at\n snd_seq_oss_synth_cleanup() (bsc#968018).\n\n - ALSA: seq: Fix leak of pool buffer at concurrent writes\n (bsc#968018).\n\n - ALSA: seq: Fix lockdep warnings due to double mutex\n locks (bsc#968018).\n\n - ALSA: seq: Fix race at closing in virmidi driver\n (bsc#968018).\n\n - ALSA: seq: Fix yet another races among ALSA timer\n accesses (bsc#968018).\n\n - ALSA: timer: Call notifier in the same spinlock\n (bsc#973378).\n\n - ALSA: timer: Code cleanup (bsc#968018).\n\n - ALSA: timer: Fix leftover link at closing (bsc#968018).\n\n - ALSA: timer: Fix link corruption due to double start or\n stop (bsc#968018).\n\n - ALSA: timer: Fix race between stop and interrupt\n (bsc#968018).\n\n - ALSA: timer: Fix wrong instance passed to slave\n callbacks (bsc#968018).\n\n - ALSA: timer: Protect the whole snd_timer_close() with\n open race (bsc#973378).\n\n - ALSA: timer: Sync timer deletion at closing the system\n timer (bsc#973378).\n\n - ALSA: timer: Use mod_timer() for rearming the system\n timer (bsc#973378).\n\n - Bluetooth: vhci: Fix race at creating hci device\n (bsc#971799,bsc#966849).\n\n - Bluetooth: vhci: fix open_timeout vs. hdev race\n (bsc#971799,bsc#966849).\n\n - Bluetooth: vhci: purge unhandled skbs\n (bsc#971799,bsc#966849).\n\n - Btrfs: do not use src fd for printk (bsc#980348).\n\n - Refresh\n patches.drivers/ALSA-hrtimer-Handle-start-stop-more-prop\n erly. Fix the build error on 32bit architectures.\n\n - Refresh patches.xen/xen-netback-coalesce: Restore\n copying of SKBs with head exceeding page size\n (bsc#978469).\n\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic\n file position updates on /proc/xen/xenbus (bsc#970275).\n\n - Subject: [PATCH] USB: xhci: Add broken streams quirk for\n Frescologic device id 1009 (bnc#982706).\n\n - USB: usbip: fix potential out-of-bounds write\n (bnc#975945).\n\n - af_unix: Guard against other == sk in unix_dgram_sendmsg\n (bsc#973570).\n\n - backends: guarantee one time reads of shared ring\n contents (bsc#957988).\n\n - btrfs: do not go readonly on existing qgroup items\n (bsc#957052).\n\n - btrfs: remove error message from search ioctl for\n nonexistent tree.\n\n - drm/i915: Fix missing backlight update during panel\n disablement (bsc#941113 boo#901754).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - ext4: fix races between buffered IO and collapse /\n insert range (bsc#972174).\n\n - ext4: fix races between page faults and hole punching\n (bsc#972174).\n\n - ext4: fix races of writeback with punch hole and zero\n range (bsc#972174).\n\n - ext4: move unlocked dio protection from\n ext4_alloc_file_blocks() (bsc#972174).\n\n - ipv4/fib: do not warn when primary address is missing if\n in_dev is dead (bsc#971360).\n\n - ipvs: count pre-established TCP states as active\n (bsc#970114).\n\n - net: core: Correct an over-stringent device loop\n detection (bsc#945219).\n\n - netback: do not use last request to determine minimum Tx\n credit (bsc#957988).\n\n - pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.\n\n - pciback: Save the number of MSI-X entries to be copied\n later.\n\n - pciback: guarantee one time reads of shared ring\n contents (bsc#957988).\n\n - series.conf: move cxgb3 patch to network drivers section\n\n - usb: quirk to stop runtime PM for Intel 7260\n (bnc#984464).\n\n - x86: standardize mmap_rnd() usage (bnc#974308).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=901754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=941113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=942702\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955654\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963765\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966693\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=967975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984464\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986811\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-0.8-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-debugsource-0.8-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-debuginfo-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_42-3.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-2.639-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debuginfo-2.639-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debugsource-2.639-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.16.7_42-14.20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debuginfo-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debugsource-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-devel-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-debuginfo-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-debuginfo-7.0.8-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-debuginfo-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-debuginfo-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-debuginfo-7.0.8_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-debugsource-1.28-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_42-18.21.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debuginfo-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debugsource-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-devel-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-debuginfo-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-debuginfo-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-debuginfo-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-debuginfo-6.23_k3.16.7_42-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-macros-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-3.16.7-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-debugsource-3.16.7-42.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-xen-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-vanilla-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-syms-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-debuginfo-6.23-20.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-0.44-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debuginfo-0.44-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debugsource-0.44-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_42-260.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-debugsource-20140629-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-debuginfo-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-debuginfo-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-debuginfo-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-debuginfo-20140629_k3.16.7_42-2.20.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debugsource-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-devel-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-desktop-icons-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-debuginfo-5.0.20_k3.16.7_42-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-source-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-debuginfo-5.0.20-48.5\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-debugsource-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-devel-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-debuginfo-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-debuginfo-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-2.6-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debuginfo-2.6-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debugsource-2.6-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_42-22.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.16.7-42.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_02_k3.16.7_42-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_02_k3.16.7_42-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-4.4.4_02_k3.16.7_42-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-debuginfo-4.4.4_02_k3.16.7_42-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_02-46.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_02-46.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bbswitch / bbswitch-debugsource / bbswitch-kmp-default / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "amazon": [{"lastseen": "2023-09-24T01:23:44", "description": "**Issue Overview:**\n\nThe Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. (CVE-2016-3961 / XSA-174)\n\nA flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758)\n\nMultiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)\n\nThe following flaws were also fixed in this version:\n\nCVE-2016-4557: Use after free vulnerability via double fdput \nCVE-2016-4581: Slave being first propagated copy causes oops in propagate_mnt \nCVE-2016-4486: Information leak in rtnetlink \nCVE-2016-4485: Information leak in llc module \nCVE-2016-4558: bpf: refcnt overflow \nCVE-2016-4565: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko \nCVE-2016-0758: tags with indefinite length can corrupt pointers in asn1_find_indefinite_length() \nCVE-2015-8839: ext4 filesystem page fault race condition with fallocate call. \n\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 perf-debuginfo-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-headers-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 perf-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-i686-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-devel-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.4.10-22.54.amzn1.i686 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.4.10-22.54.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 kernel-doc-4.4.10-22.54.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 kernel-4.4.10-22.54.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 kernel-tools-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-debuginfo-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 perf-debuginfo-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-devel-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-headers-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-common-x86_64-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-debuginfo-4.4.10-22.54.amzn1.x86_64 \n \u00a0\u00a0\u00a0 kernel-tools-devel-4.4.10-22.54.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-8839](<https://access.redhat.com/security/cve/CVE-2015-8839>), [CVE-2016-0758](<https://access.redhat.com/security/cve/CVE-2016-0758>), [CVE-2016-3961](<https://access.redhat.com/security/cve/CVE-2016-3961>), [CVE-2016-4485](<https://access.redhat.com/security/cve/CVE-2016-4485>), [CVE-2016-4486](<https://access.redhat.com/security/cve/CVE-2016-4486>), [CVE-2016-4557](<https://access.redhat.com/security/cve/CVE-2016-4557>), [CVE-2016-4558](<https://access.redhat.com/security/cve/CVE-2016-4558>), [CVE-2016-4565](<https://access.redhat.com/security/cve/CVE-2016-4565>), [CVE-2016-4581](<https://access.redhat.com/security/cve/CVE-2016-4581>)\n\nMitre: [CVE-2015-8839](<https://vulners.com/cve/CVE-2015-8839>), [CVE-2016-0758](<https://vulners.com/cve/CVE-2016-0758>), [CVE-2016-3961](<https://vulners.com/cve/CVE-2016-3961>), [CVE-2016-4485](<https://vulners.com/cve/CVE-2016-4485>), [CVE-2016-4486](<https://vulners.com/cve/CVE-2016-4486>), [CVE-2016-4557](<https://vulners.com/cve/CVE-2016-4557>), [CVE-2016-4558](<https://vulners.com/cve/CVE-2016-4558>), [CVE-2016-4565](<https://vulners.com/cve/CVE-2016-4565>), [CVE-2016-4581](<https://vulners.com/cve/CVE-2016-4581>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-05-18T14:00:00", "type": "amazon", "title": "Medium: kernel", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8839", "CVE-2016-0758", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4557", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-05-18T14:00:00", "id": "ALAS-2016-703", "href": "https://alas.aws.amazon.com/ALAS-2016-703.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-09-18T04:10:32", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file \nsystem. A local user could exploit this flaw to cause a denial of service \n(disk corruption) by writing to a page that is associated with a different \nusers file after unsynchronized hole punching and page-fault handling. \n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) \nimplementation in the Linux kernel could overflow reference counters on \nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to \ninfinite. A local unprivileged attacker could use to create a use-after- \nfree situation, causing a denial of service (system crash) or possibly gain \nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-3007-1", "href": "https://ubuntu.com/security/notices/USN-3007-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:16:28", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's \ntranslation lookaside buffer (TLB) handling of flush events. A local \nattacker could use this to cause a denial of service or possibly leak \nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-01T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2016-06-01T00:00:00", "id": "USN-2989-1", "href": "https://ubuntu.com/security/notices/USN-2989-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:15:20", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file \nsystem. A local user could exploit this flaw to cause a denial of service \n(disk corruption) by writing to a page that is associated with a different \nusers file after unsynchronized hole punching and page-fault handling. \n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) \nimplementation in the Linux kernel could overflow reference counters on \nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to \ninfinite. A local unprivileged attacker could use to create a use-after- \nfree situation, causing a denial of service (system crash) or possibly gain \nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-3005-1", "href": "https://ubuntu.com/security/notices/USN-3005-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:17:39", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nMultiple race conditions where discovered in the Linux kernel's ext4 file \nsystem. A local user could exploit this flaw to cause a denial of service \n(disk corruption) by writing to a page that is associated with a different \nusers file after unsynchronized hole punching and page-fault handling. \n(CVE-2015-8839)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the extended Berkeley Packet Filter (eBPF) \nimplementation in the Linux kernel could overflow reference counters on \nsystems with more than 32GB of physical ram and with RLIMIT_MEMLOCK set to \ninfinite. A local unprivileged attacker could use to create a use-after- \nfree situation, causing a denial of service (system crash) or possibly gain \nadministrative privileges. (CVE-2016-4558)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8839", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4558", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-3006-1", "href": "https://ubuntu.com/security/notices/USN-3006-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:14:20", "description": "## Releases\n\n * Ubuntu 12.04 \n\n## Packages\n\n * linux-lts-trusty \\- Linux hardware enablement kernel from Trusty for Precise\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's \ntranslation lookaside buffer (TLB) handling of flush events. A local \nattacker could use this to cause a denial of service or possibly leak \nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-2998-1", "href": "https://ubuntu.com/security/notices/USN-2998-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:12:22", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-wily \\- Linux hardware enablement kernel from Wily for Trusty\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Wily HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-3002-1", "href": "https://ubuntu.com/security/notices/USN-3002-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:11:40", "description": "## Releases\n\n * Ubuntu 15.10 \n\n## Packages\n\n * linux \\- Linux kernel\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-3003-1", "href": "https://ubuntu.com/security/notices/USN-3003-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:12:23", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-vivid \\- Linux hardware enablement kernel from Vivid for Trusty\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Vivid HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-3001-1", "href": "https://ubuntu.com/security/notices/USN-3001-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:11:16", "description": "## Releases\n\n * Ubuntu 15.10 \n\n## Packages\n\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-3004-1", "href": "https://ubuntu.com/security/notices/USN-3004-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-18T04:14:20", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-lts-utopic \\- Linux hardware enablement kernel from Utopic for Trusty\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nMCT USB RS232 Converter device driver in the Linux kernel did not properly \nvalidate USB device descriptors. An attacker with physical access could use \nthis to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nCypress M8 USB device driver in the Linux kernel did not properly validate \nUSB device descriptors. An attacker with physical access could use this to \ncause a denial of service (system crash). (CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nLinux kernel's USB driver for Digi AccelePort serial converters did not \nproperly validate USB device descriptors. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger \nControl Unit devices did not properly validate the device's interfaces. An \nattacker with physical access could use this to cause a denial of service \n(system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Utopic HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-3689", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2016-06-10T00:00:00", "id": "USN-3000-1", "href": "https://ubuntu.com/security/notices/USN-3000-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2023-09-21T06:38:28", "description": "USN-3001-1 Linux kernel (Vivid HWE) vulnerabilities\n\n# \n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS \n\n# Description\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-2117](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2117.html>))\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. ([CVE-2016-1583](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1583.html>))\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. ([CVE-2015-4004](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4004.html>))\n\nRalf Spenneberg discovered that the Linux kernel\u2019s GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). ([CVE-2016-2187](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2187.html>))\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. ([CVE-2016-3672](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3672.html>))\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). ([CVE-2016-3951](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3951.html>))\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ([CVE-2016-3955](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3955.html>))\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). ([CVE-2016-3961](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3961.html>))\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-4485](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4485.html>))\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-4486](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4486.html>))\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. ([CVE-2016-4565](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4565.html>))\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). ([CVE-2016-4581](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4581.html>))\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * Cloud Foundry BOSH stemcells 3146.1 versions prior to 3146.15 AND other versions prior to 3232.7 are vulnerable \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.16 OR other versions to 3232.8\n\n# Credit\n\nJustin Yackoski, Jann Horn, Jason A. Donenfeld, Ralf Spenneberg, Hector Marco and Ismael Ripoll, Andrey Konovalov, Vitaly Kuznetsov, Kangjie Lu\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-3001-1/>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-15T00:00:00", "type": "cloudfoundry", "title": "USN-3001-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2016-06-15T00:00:00", "id": "CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978", "href": "https://www.cloudfoundry.org/blog/usn-3001-1/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:03", "description": "kernel-uek\n[4.1.12-61.1.6]\n- blk-mq: avoid setting hctx->tags->cpumask before allocation (Akinobu Mita) [Orabug: 24464170]\n[4.1.12-61.1.3]\n- ocfs2: improve recovery performance (Junxiao Bi) [Orabug: 24395729] \n- qed: Utilize FW 8.10.3.0 (Yuval Mintz) [Orabug: 24442553] \n- blk-mq: mark request queue as mq asap (Ming Lei) [Orabug: 24318720] \n- lpfc: fix oops in lpfc_sli4_scmd_to_wqidx_distr() from lpfc_send_taskmgmt() (Mauricio Faria de Oliveira) [Orabug: 24312616]\n[4.1.12-61.1.2]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24402831] {CVE-2016-4470}\n[4.1.12-61.1.1]\n- ol6-spec: update linux-firmware dependency to 20160616-44.git43e96a1e.0.10 (Chuck Anderson) [Orabug: 24311968] \n- ol7-spec: update dracut version dependency to 033-360.0.3 (Chuck Anderson) [Orabug: 24308248] \n- [2d8747c2] fixup! blk-mq: prevent double-unlock of mutex (Dan Duval) [Orabug: 24376521] \n- tcp: make challenge acks less predictable (Eric Dumazet) [Orabug: 24010102] \n- IBCM: dereference timewait_info only when needed (Santosh Shilimkar) [Orabug: 24326732] \n- ext4: update c/mtime on truncate up (Eryu Guan) [Orabug: 24325361] \n- vfs: add vfs_select_inode() helper (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197}\n- vfs: rename: check backing inode being equal (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197}\n- ovl: verify upper dentry before unlink and rename (Miklos Szeredi) [Orabug: 24009788] {CVE-2016-6198} {CVE-2016-6197}\n- xen-pciback: mark device to be hidden on AER error trigger (Elena Ufimtseva)\n[4.1.12-61]\n- block: Initialize max_dev_sectors to 0 (Keith Busch) [Orabug: 23615929] \n- sd: Fix rw_max for devices that report an optimal xfer size (Martin K. Petersen) [Orabug: 23615929] \n- sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes (Martin K. Petersen) [Orabug: 23615929] \n- sd: Optimal I/O size is in bytes, not sectors (Martin K. Petersen) [Orabug: 23615929] \n- sd: Reject optimal transfer length smaller than page size (Martin K. Petersen) [Orabug: 23615929] \n- block/sd: Fix device-imposed transfer length limits (Joe Jin) [Orabug: 23615929] \n- Fix kabi issue for upstream commit ca369d51 (Joe Jin) [Orabug: 23615929] \n- Revert 'ocfs2: bump up o2cb network protocol version' (Junxiao Bi) [Orabug: 24292852] \n- Btrfs: fix leaking of ordered extents after direct IO write error (Filipe Manana) [Orabug: 23717870] \n- Btrfs: fix error path when failing to submit bio for direct IO write (Filipe Manana) [Orabug: 23717870] \n- Btrfs: fix memory corruption on failure to submit bio for direct IO (Filipe Manana) [Orabug: 23717870] \n- Btrfs: fix extent accounting for partial direct IO writes (Filipe Manana) [Orabug: 23717870] \n- Btrfs: Direct I/O: Fix space accounting (chandan) [Orabug: 23717870] \n- Btrfs: fix warning of bytes_may_use (Liu Bo) [Orabug: 23717870] \n- xen: use same main loop for counting and remapping pages (Juergen Gross)\n[4.1.12-60]\n- xen-blkfront: dynamic configuration of per-vbd resources (Bob Liu) [Orabug: 23720696] \n- xen-blkfront: introduce blkif_set_queue_limits() (Bob Liu) [Orabug: 23720696] \n- xen-blkfront: fix places not updated after introducing 64KB page granularity (Bob Liu) [Orabug: 23720696] \n- IB: Add RNR timer workaround for PSIF (Santosh Shilimkar) [Orabug: 23633926] \n- IB/core: Add encode/decode FDR/EDR rates (Hans Westgaard Ry) [Orabug: 23084916] \n- bfa: Fix for crash when bfa_itnim is NULL (Sudarsana Reddy Kalluru) [Orabug: 23950878] \n- bfa:Update driver version to 3.2.25.0 (Anil Gurumurthy) [Orabug: 23950878] \n- bfa:File header and user visible string changes (Anil Gurumurthy) [Orabug: 23950878] \n- bfa:Updating copyright messages (Anil Gurumurthy) [Orabug: 23950878] \n- bfa: Fix incorrect de-reference of pointer (Anil Gurumurthy) [Orabug: 23950878] \n- bfa: Fix indentation (Anil Gurumurthy) [Orabug: 23950878] \n- lpfc updates to 11.1.0.4 for uek4-r2 (rkennedy) [Orabug: 23762058] \n- lpfc: Update modified file copyrights (James Smart) [Orabug: 23762058] \n- lpfc: Fix interaction between fdmi_on and enable_SmartSAN (James Smart) [Orabug: 23762058] \n- lpfc: Add support for SmartSAN 2.0 (James Smart) [Orabug: 23762058] \n- lpfc: Fix Device discovery failures during switch reboot test. (James Smart) [Orabug: 23762058] \n- lpfc: Utilize embedded CDB logic to minimize IO latency (James Smart) [Orabug: 23762058] \n- lpfc: Fix crash when unregistering default rpi. (James Smart) [Orabug: 23762058] \n- lpfc: Fix DMA faults observed upon plugging loopback connector (James Smart) [Orabug: 23762058] \n- lpfc: Correct LOGO handling during login (James Smart) [Orabug: 23762058] \n- lpfc: fix misleading indentation (Arnd Bergmann) [Orabug: 23762058] \n- lpfc: fix missing zero termination in debugfs (Alan) [Orabug: 23762058] \n- lpfc: Remove redundant code block in lpfc_scsi_cmd_iocb_cmpl (Johannes Thumshirn) [Orabug: 23762058] \n- qla2xxx: Update driver version to 8.07.00.38.40.0-k. (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Fix BBCR offset (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Disable the adapter and skip error recovery in case of register disconnect. (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Separate ISP type bits out from device type. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Correction to function qla26xx_dport_diagnostics(). (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Add support to handle Loop Init error Asynchronus event. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Let DPORT be enabled purely by nvram. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Add bsg interface to support statistics counter reset. (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Add bsg interface to support D_Port Diagnostics. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Check for device state before unloading the driver. (Sawan Chandak) [Orabug: 23755773] \n- qla2xxx: Properly reset firmware statistics. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Properly initialize IO statistics. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Make debug buffer log easier to view. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Add module parameter alternate/short names. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Set FLOGI retry in additional firmware options for P2P (N2N) mode. (Giridhar Malavali) [Orabug: 23755773] \n- qla2xxx: Shutdown board on thermal shutdown aen. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Add ram area DDR for fwdump template entry T262. (Joe Carnuccio) [Orabug: 23755773] \n- qla2xxx: Remove sysfs node fw_dump_template. (Joe Carnuccio) [Orabug: 23755773] \n- mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Fix initial Reference tag field for 4K PI drives. (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Handle active cable exception event (Chaitra P B) [Orabug: 22529571] \n- mpt3sas: Update MPI header to 2.00.42 (Chaitra P B) [Orabug: 22529571] \n- mpt3sas - remove unused fw_event_work elements (Joe Lawrence) [Orabug: 22529571] \n- mpt3sas: Remove usage of 'struct timeval' (Tina Ruchandani) [Orabug: 22529571] \n- mpt3sas: Dont overreach ioc->reply_post[] during initialization (Calvin Owens) [Orabug: 22529571] \n- mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Lars-Peter Clausen) [Orabug: 22529571] \n- mpt3sas: Free memory pools before retrying to allocate with different value. (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO. (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Updated MPI Header to 2.00.42 (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Add support for configurable Chain Frame Size (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Added smp_affinity_enable module parameter. (Suganath Prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Never block the Enclosure device (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Fix static analyzer(coverity) tool identified defects (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message. (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: Added support for high port count HBA variants. (Suganath prabu Subramani) [Orabug: 22529571] \n- mpt3sas: A correction in unmap_resources (Tomas Henzl) [Orabug: 22529571] \n- mpt3sas: fix Kconfig dependency problem for mpt2sas back compatibility (James Bottomley) [Orabug: 22529571] \n- mpt3sas: Add dummy Kconfig option for backwards compatibility (Martin K. Petersen) [Orabug: 22529571] \n- mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: fix inline markers on non inline function declarations (Stephen Rothwell) [Orabug: 22529571] \n- mpt3sas: Bump mpt3sas driver version to 09.102.00.00 (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Single driver module which supports both SAS 2.0 & SAS 3.0 HBAs (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas, mpt3sas: Update the driver versions (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: setpci reset kernel oops fix (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Added OEM Gen2 PnP ID branding names (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Refcount fw_events and fix unsafe list usage (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Refcount sas_device objects and fix unsafe list usage (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: sysfs attribute to report Backup Rail Monitor Status (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Ported WarpDrive product SSS6200 support (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: fix for driver fails EEH, recovery from injected pci bus error (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Manage MSI-X vectors according to HBA device type (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Dont send PHYDISK_HIDDEN RAID action request on SAS2 HBAs (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Build MPI SGL LIST on GEN2 HBAs and IEEE SGL LIST on GEN3 HBAs (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas, mpt3sas: Remove SCSI_MPTXSAS_LOGGING entry from Kconfig (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Define 'hba_mpi_version_belonged' IOC variable (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas: Remove .c and .h files from mpt2sas driver (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas: Move Gen2 HBAs device registration to a separate file (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Move Gen3 HBAs device registration to a separate file (Sreekanth Reddy) [Orabug: 22529571] \n- mpt3sas: Added mpt2sas driver definitions (Sreekanth Reddy) [Orabug: 22529571] \n- mpt2sas: Use mpi headers from mpt3sas (Christoph Hellwig) [Orabug: 22529571] \n- ext4: only call ext4_truncate when size <= isize (Josef Bacik) [Orabug: 23598757] \n- fix kABI breakage from 'blk-mq: fix race between timeout and freeing request' (Dan Duval) [Orabug: 23521058] \n- blk-mq: fix race between timeout and freeing request (Ming Lei) [Orabug: 23521058] \n- fix kABI breakage from 'blk-mq: Shared tag enhancements' (Dan Duval) [Orabug: 23521058] \n- blk-mq: Shared tag enhancements (Keith Busch) [Orabug: 23521058] \n- propogate_mnt: Handle the first propogated copy being a slave (Eric W. Biederman) [Orabug: 23276659] {CVE-2016-4581}\n- fs/pnode.c: treat zero mnt_group_id-s as unequal (Maxim Patlasov) [Orabug: 23276659] {CVE-2016-4581}\n- xsigo: SKB Frag cleanup (Pradeep Gopanapalli) [Orabug: 23514725] \n- xsigo: Tx_tail goes outof bound (Pradeep Gopanapalli) [Orabug: 23514725] \n- xsigo: Fixed Path locking issues (Pradeep Gopanapalli) [Orabug: 23514725] \n- net/rds: Skip packet filtering if interface does not support ACL (Yuval Shaia) [Orabug: 23541567] \n- RDS: Fix the rds_conn_destroy panic due to pending messages (Bang Nguyen) [Orabug: 23222944] \n- RDS: add handshaking for ACL violation detection at passive (Ajaykumar Hotchandani) [Orabug: 23222944] \n- RDS: IB: enforce IP anti-spoofing based on ACLs (Santosh Shilimkar) [Orabug: 23222944] \n- RDS: Add acl fields to the rds_connection (Santosh Shilimkar) [Orabug: 23222944] \n- RDS: IB: invoke connection destruction in worker (Ajaykumar Hotchandani) [Orabug: 23222944] \n- RDS: Add reset all conns for a source address to CONN_RESET (Santosh Shilimkar) [Orabug: 23222944] \n- IB/mlx4: Generate alias GUID for slaves (Yuval Shaia) [Orabug: 23222944] \n- IB/ipoib: ioctl interface to manage ACL tables (Yuval Shaia) [Orabug: 23222944] \n- IB/ipoib: sysfs interface to manage ACL tables (Yuval Shaia) [Orabug: 23222944] \n- IB/{cm,ipoib}: Filter traffic using ACL (Yuval Shaia) [Orabug: 23222944] \n- IB/{cm,ipoib}: Manage ACL tables (Yuval Shaia) [Orabug: 23222944]\n[4.1.12-59]\n- Enable CONFIG_CONNTRACK_ZONES for Ol6 (Manjunath Govindashetty) [Orabug: 23755115] \n- perf tools: add --sym-lookup arg to enable symbol lookup in hugepage shm segment (ashok.vairavan) [Orabug: 23278057] \n- offload ib subnet manager port and node get info query handling. (Rama Nichanamatlu) [Orabug: 23750258] \n- IB/ipoib: Adjust queue sizes (Ajaykumar Hotchandani) [Orabug: 23302017] \n- IB/ipoib: Change send workqueue size for CM mode (Ajaykumar Hotchandani) [Orabug: 23254764] \n- qed: Add support for qed and qede drivers from Qlogic in UEK4 (Manjunath Govindashetty) [Orabug: 23732603] \n- qed: Protect the doorbell BAR with the write barriers. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Add missing port-mode (Yuval Mintz) [Orabug: 23732603] \n- qed: Fix returning unlimited SPQ entries (Yuval Mintz) [Orabug: 23732603] \n- qed*: Dont reset statistics on inner reload (Yuval Mintz) [Orabug: 23732603] \n- qed: Prevent VF from Tx-switching 'promisc' (Yuval Mintz) [Orabug: 23732603] \n- qed: Correct default vlan behavior (Yuval Mintz) [Orabug: 23732603] \n- qed: fix qed_fill_link() error handling (Arnd Bergmann) [Orabug: 23732603] \n- qed: Dont config min BW on 100g on link flap (Yuval Mintz) [Orabug: 23732603] \n- qed: Prevent 100g from working in MSI (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Add missing 100g init mode (Yuval Mintz) [Orabug: 23732603] \n- qed: Save min/max accross dcbx-change (Yuval Mintz) [Orabug: 23732603] \n- qed: Fix allocation in interrupt context (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qede: Dont expose self-test for VFs (Yuval Mintz) [Orabug: 23732603] \n- qede: Reload on GRO changes (Yuval Mintz) [Orabug: 23732603] \n- qede: Fix VF minimum BW setting (Yuval Mintz) [Orabug: 23732603] \n- qed: Reset the enable flag for eth protocol. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: signedness bug in qed_dcbx_process_tlv() (Dan Carpenter) [Orabug: 23732603] \n- qede: Fix DMA address APIs usage (Manish Chopra) [Orabug: 23732603] \n- qed: add support for dcbx. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Remove a stray tab (Dan Carpenter) [Orabug: 23732603] \n- qed: VFs gracefully accept lack of PM (Yuval Mintz) [Orabug: 23732603] \n- qed: Allow more than 16 VFs (Yuval Mintz) [Orabug: 23732603] \n- qed: Reset link on IOV disable (Manish Chopra) [Orabug: 23732603] \n- qed: Improve VF interrupt reset (Yuval Mintz) [Orabug: 23732603] \n- qed: Correct PF-sanity check (Yuval Mintz) [Orabug: 23732603] \n- qed*: Tx-switching configuration (Yuval Mintz) [Orabug: 23732603] \n- qed*: support ndo_get_vf_config (Yuval Mintz) [Orabug: 23732603] \n- qed*: IOV support spoof-checking (Yuval Mintz) [Orabug: 23732603] \n- qed*: IOV link control (Yuval Mintz) [Orabug: 23732603] \n- qed*: Support forced MAC (Yuval Mintz) [Orabug: 23732603] \n- qed*: Support PVID configuration (Yuval Mintz) [Orabug: 23732603] \n- qede: Add VF support (Yuval Mintz) [Orabug: 23732603] \n- qed: Align TLVs (Yuval Mintz) [Orabug: 23732603] \n- qed: Bulletin and Link (Yuval Mintz) [Orabug: 23732603] \n- qed: IOV l2 functionality (Yuval Mintz) [Orabug: 23732603] \n- qed: IOV configure and FLR (Yuval Mintz) [Orabug: 23732603] \n- qed: Introduce VFs (Yuval Mintz) [Orabug: 23732603] \n- qed: Add VF->PF channel infrastructure (Yuval Mintz) [Orabug: 23732603] \n- qed: Add CONFIG_QED_SRIOV (Yuval Mintz) [Orabug: 23732603] \n- qede: uninitialized variable in qede_start_xmit() (Dan Carpenter) [Orabug: 23732603] \n- qede: prevent chip hang when increasing channels (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Apply tunnel configurations after PF start (Manish Chopra) [Orabug: 23732603] \n- qede: add implementation for internal loopback test. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qede: add support for selftests. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: add infrastructure for device self tests. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Add PF min bandwidth configuration support (Manish Chopra) [Orabug: 23732603] \n- qed: Add PF max bandwidth configuration support (Manish Chopra) [Orabug: 23732603] \n- qed: Add vport WFQ configuration APIs (Manish Chopra) [Orabug: 23732603] \n- qed: add support for link pause configuration. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed*: Conditions for changing link (Yuval Mintz) [Orabug: 23732603] \n- qede: Add support for ethtool private flags (Yuval Mintz) [Orabug: 23732603] \n- qed*: Align statistics names (Yuval Mintz) [Orabug: 23732603] \n- qede: Fix single MTU sized packet from firmware GRO flow (Manish Chopra) [Orabug: 23732603] \n- qede: Fix setting Skb network header (Manish Chopra) [Orabug: 23732603] \n- qede: Fix various memory allocation error flows for fastpath (Manish Chopra) [Orabug: 23732603] \n- qede: Add fastpath support for tunneling (Manish Chopra) [Orabug: 23732603] \n- qed: Enable GRE tunnel slowpath configuration (Manish Chopra) [Orabug: 23732603] \n- qed/qede: Add VXLAN tunnel slowpath configuration support (Manish Chopra) [Orabug: 23732603] \n- qed: Add infrastructure support for tunneling (Manish Chopra) [Orabug: 23732603] \n- qed* - bump driver versions to 8.7.1.20 (Yuval Mintz) [Orabug: 23732603] \n- qede: add Rx flow hash/indirection support. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: add Rx flow hash/indirection support. (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed*: remove version dependency (Rahul Verma) [Orabug: 23732603] \n- qed: initialize return rc to avoid returning garbage (Colin Ian King) [Orabug: 23732603] \n- qed: Enlrage the drain timeout (Yuval Mintz) [Orabug: 23732603] \n- qed: Notify of transciever changes (Zvi Nachmani) [Orabug: 23732603] \n- qed: Major changes to MB locking (Tomer Tayar) [Orabug: 23732603] \n- qed: Prevent MF link notifications (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qede: Fix net-next 'make ARCH=x86_64' (Manish Chopra) [Orabug: 23732603] \n- qede: Add slowpath/fastpath support and enable hardware GRO (Manish Chopra) [Orabug: 23732603] \n- qed/qede: Add infrastructure support for hardware GRO (Manish Chopra) [Orabug: 23732603] \n- qed: Remove unused NVM vendor ID (Yuval Mintz) [Orabug: 23732603] \n- qed: Fix error flow on slowpath start (Yuval Mintz) [Orabug: 23732603] \n- qed: Move statistics to L2 code (Yuval Mintz) [Orabug: 23732603] \n- qed: Support B0 instead of A0 (Yuval Mintz) [Orabug: 23732603] \n- qed: Correct BAR sizes for older MFW (Ram Amrani) [Orabug: 23732603] \n- qed: Print additional HW attention info (Yuval Mintz) [Orabug: 23732603] \n- qed: Print HW attention reasons (Yuval Mintz) [Orabug: 23732603] \n- qed: Add support for HW attentions (Yuval Mintz) [Orabug: 23732603] \n- qed: Semantic refactoring of interrupt code (Yuval Mintz) [Orabug: 23732603] \n- qed, qede: rebrand module description (Yuval Mintz) [Orabug: 23732603] \n- qed: Prevent probe on previous error (Yuval Mintz) [Orabug: 23732603] \n- qed: add MODULE_FIRMWARE() (Yuval Mintz) [Orabug: 23732603] \n- qede: Dont report link change needlessly (Yuval Mintz) [Orabug: 23732603] \n- qede: Linearize SKBs when needed (Yuval Mintz) [Orabug: 23732603] \n- qede: Change pci DID for 10g device (Yuval Mintz) [Orabug: 23732603] \n- qed,qede: Bump driver versions to 8.7.0.0 (Yuval Mintz) [Orabug: 23732603] \n- qed: Introduce DMA_REGPAIR_LE (Yuval Mintz) [Orabug: 23732603] \n- qed: Change metadata needed for SPQ entries (Yuval Mintz) [Orabug: 23732603] \n- qed: Handle possible race in SB config (Yuval Mintz) [Orabug: 23732603] \n- qed: Turn most GFP_ATOMIC into GFP_KERNEL (Yuval Mintz) [Orabug: 23732603] \n- qede: Add vlan filtering offload support (Sudarsana Reddy Kalluru) [Orabug: 23732603] \n- qed: Lay infrastructure for vlan filtering offload (Yuval Mintz) [Orabug: 23732603] \n- qed/qede: use 8.7.3.0 FW. (Yuval Mintz) [Orabug: 23732603] \n- qed: Correct slowpath interrupt scheme (Sudarsana Kalluru) [Orabug: 23732603] \n- qed: Fix BAR size split for some servers (Ariel Elior) [Orabug: 23732603] \n- qed: fix handling of concurrent ramrods. (Tomer Tayar) [Orabug: 23732603] \n- qed: Fix corner case for chain in-between pages (Tomer Tayar) [Orabug: 23732603] \n- qede: Add support for {get, set}_pauseparam (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add support for nway_reset (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add support for set_phys_id (Sudarsana Kalluru) [Orabug: 23732603] \n- qed: Add support for changing LED state (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add support for {get, set}_ringparam (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add support for {get, set}_channels (Sudarsana Kalluru) [Orabug: 23732603] \n- qed: select ZLIB_INFLATE (Arnd Bergmann) [Orabug: 23732603] \n- qlogic: qed: fix error codes in qed_resc_alloc() (Dan Carpenter) [Orabug: 23732603] \n- qlogic: qed: fix a test for MODE_MF_SI (Dan Carpenter) [Orabug: 23732603] \n- qlogic/qed: remove bogus NULL check (Dan Carpenter) [Orabug: 23732603] \n- qede: Add basic ethtool support (Sudarsana Kalluru) [Orabug: 23732603] \n- qed: Add statistics support (Manish Chopra) [Orabug: 23732603] \n- qede: Add support for link (Sudarsana Kalluru) \n- qed: Add link support (Yuval Mintz) [Orabug: 23732603] \n- qede: classification configuration (Sudarsana Kalluru) [Orabug: 23732603] \n- qede: Add basic network device support (Yuval Mintz) [Orabug: 23732603] \n- qed: Add slowpath L2 support (Manish Chopra) [Orabug: 23732603] \n- qede: Add basic Network driver (Yuval Mintz) [Orabug: 23732603] \n- qed: Add basic L2 interface (Yuval Mintz) [Orabug: 23732603] \n- qed: Add module with basic common support (Yuval Mintz) [Orabug: 23732603] \n- qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template() (Dan Carpenter) [Orabug: 23711389] \n- qlcnic: protect qlicnic_attach_func with rtnl_lock (Hannes Frederic Sowa) [Orabug: 23711389] \n- qlcnic: Update version to 5.3.64 (Manish Chopra) [Orabug: 23711389] \n- qlcnic: Fix mailbox completion handling during spurious interrupt (Rajesh Borundia) [Orabug: 23711389] \n- qlcnic: Remove unnecessary usage of atomic_t (Rajesh Borundia) [Orabug: 23711389] \n- qlcnic: correctly handle qlcnic_alloc_mbx_args (Insu Yun) [Orabug: 23711389] \n- qlcnic: constify qlcnic_dcb_ops structures (Julia Lawall) [Orabug: 23711389] \n- qlcnic: fix a loop exit condition better (Dan Carpenter) [Orabug: 23711389] \n- qlcnic: fix a timeout loop (Dan Carpenter) [Orabug: 23711389] \n- net/qlcnic: fix mac address restore in bond mode 5/6 (Jarod Wilson) [Orabug: 23711389] \n- qlcnic: constify qlcnic_mbx_ops structure (Julia Lawall) [Orabug: 23711389] \n- qlcnic: track vxlan port count (Jiri Benc) [Orabug: 23711389] \n- net: qlcnic: delete redundant memsets (Rasmus Villemoes) [Orabug: 23711389]\n[4.1.12-58]\n- ol6-spec: remove require for ql23xx-firmware-3.03.27 (Ethan Zhao) [Orabug: 23724175] \n- ol7-spec: update version dependency for linux-firmware package (Ethan Zhao) [Orabug: 23701430] \n- ol6-spec: update version dependency for linux-firmware package (Ethan Zhao) [Orabug: 23701352] \n- xen/acpi: Disable ACPI memory hotplug when running under Xen. (Konrad Rzeszutek Wilk) \n- mlx4_core: use higher log_rdmarc_per_qp when scale_profile is set (Mukesh Kacker) [Orabug: 23725942] \n- RDS: IB: change rds_ib_active_bonding_excl_ips to only RFC3927 space (Todd Vierling) \n- RDS: avoid large pages for sg allocation for TCP transport (Santosh Shilimkar) [Orabug: 23635336] \n- bnx2x: Update driver version to 1.713.10 (Rajesh Borundia) [Orabug: 23718192] \n- bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: avoid leaking memory on bnx2x_init_one() failures (Vitaly Kuznetsov) [Orabug: 23718192] \n- bnx2x: Prevent false warning for lack of FC NPIV (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: dont wait for Tx completion on recovery (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: fix indentation in bnx2x_sp_task() (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: define event data reserved fields as little-endian (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: define fields of struct cfc_del_event_data as little-endian (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: access cfc_del_event only if the opcode is CFC_DEL (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: fix crash on big-endian when adding VLAN (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: Fix 84833 phy command handler (Yuval Mintz) \n- bnx2x: Fix led setting for 84858 phy. (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Correct 84858 PHY fw version (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Fix 84833 RX CRC (Yuval Mintz) \n- bnx2x: Fix link-forcing for KR2 (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Add missing HSI for big-endian machines (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Warn about grc timeouts in register dump (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: extend DCBx support (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Add support for single-port DCBx (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Remove unneccessary EXPORT_SYMBOL (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Prevent FW assertion when using Vxlan (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: remove rx_pkt/rx_calls (Eric Dumazet) [Orabug: 23718192] \n- bnx2x: avoid soft lockup in bnx2x_poll() (Eric Dumazet) [Orabug: 23718192] \n- bnx2x: simplify distinction between port and func stats (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: change FW GRO error message to WARN_ONCE (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: drop redundant error message about allocation failure (Michal Schmidt) [Orabug: 23718192] \n- bnx2x: Utilize FW 7.13.1.0. (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Show port statistics in Multi-function (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Add new SW stat 'tx_exhaustion_events' (Yuval Mintz) [Orabug: 23718192] \n- bnx2x: Fix vxlan removal (Yuval Mintz) [Orabug: 23718192] \n- net: move skb_mark_napi_id() into core networking stack (Eric Dumazet) [Orabug: 23718192] \n- bnx2x: remove bnx2x_low_latency_recv() support (Eric Dumazet) [Orabug: 23718192] \n- bnx2x: Add FW 7.13.1.0. (Yuval Mintz) [Orabug: 23718192] \n- be2iscsi: Update the driver version (Jitendra Bhivare) [Orabug: 23712824] \n- be2iscsi: Replace _bh with _irqsave/irqrestore (Jitendra Bhivare) [Orabug: 23712824] \n- be2iscsi: Remove unnecessary synchronize_irq() before free_irq() (Lars-Peter Clausen) [Orabug: 23712824] \n- be2iscsi:Add missing error check in beiscsi_eeh_resume (Nicholas Krause) [Orabug: 23712824] \n- atl2: Disable unimplemented scatter/gather feature (Ben Hutchings) [Orabug: 23703754] {CVE-2016-2117}\n- be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Somnath Kotur) [Orabug: 23641442] \n- be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Sriharsha Basavapatna) [Orabug: 23641442] \n- be2net: use max-TXQs limit too while provisioning VF queue pairs (Suresh Reddy) [Orabug: 23641442] \n- benet: be_resume needs to protect be_open with rtnl_lock (Hannes Frederic Sowa) [Orabug: 23641442] \n- be2net: Dont leak iomapped memory on removal. (Douglas Miller) [Orabug: 23641442] \n- be2net: dont enable multicast flag in be_enable_if_filters() routine (Venkat Duvvuru) [Orabug: 23641442] \n- be2net: Fix a UE caused by passing large frames to the ASIC (ajit.khaparde@broadcom.com) [Orabug: 23641442] \n- be2net: Declare some u16 fields as u32 to improve performance (ajit.khaparde@broadcom.com) [Orabug: 23641442] \n- be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Padmanabh Ratnakar) [Orabug: 23641442] \n- VSOCK: Only check error on skb_recv_datagram when skb is NULL (Jorgen Hansen) [Orabug: 23718522] \n- VSOCK: Detach QP check should filter out non matching QPs. (Jorgen Hansen) [Orabug: 23718522] \n- x86/mce: Ensure offline CPUs dont participate in rendezvous process (Ashok Raj) [Orabug: 23520972]\n[4.1.12-57]\n- PCI: Mark Intel i40e NIC INTx masking as broken (Alex Williamson) [Orabug: 23176970] \n- i40e: fix an uninitialized variable bug (Dan Carpenter) [Orabug: 23176970] \n- i40e: Bump version from 1.5.10 to 1.5.16 (Bimmy Pujari) [Orabug: 23176970] \n- i40e: dont add broadcast filter for VFs (Mitch Williams) [Orabug: 23176970] \n- i40e/i40evf: properly report Rx packet hash (Mitch Williams) [Orabug: 23176970] \n- i40e: set context to use VSI RSS LUT for SR-IOV (Ashish Shah) [Orabug: 23176970] \n- i40e: Correct UDP packet header for non_tunnel-ipv6 (Akeem G Abodunrin) [Orabug: 23176970] \n- i40e: change Rx hang message into a WARN_ONCE (Jacob Keller) [Orabug: 23176970] \n- i40e: Refactor ethtool get_settings (Catherine Sullivan) [Orabug: 23176970] \n- i40e: lie to the VF (Mitch Williams) [Orabug: 23176970] \n- i40e: Add vf-true-promisc-support priv flag (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Implement the API function for aq_set_switch_config (Shannon Nelson) [Orabug: 23176970] \n- i40e: Add allmulti support for the VF (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Add support for disabling all link and change bits needed for PHY interactions (Kevin Scott) [Orabug: 23176970] \n- i40e: constify i40e_client_ops structure (Julia Lawall) [Orabug: 23176970] \n- i40e: fix misleading indentation (Arnd Bergmann) [Orabug: 23176970] \n- i40e: Test memory before ethtool alloc succeeds (Jesse Brandeburg) [Orabug: 23176970] \n- i40evf: Allocate Rx buffers properly (Mitch Williams) [Orabug: 23176970] \n- i40e/i40evf: Remove unused hardware receive descriptor code (Jesse Brandeburg) [Orabug: 23176970] \n- i40evf: refactor receive routine (Jesse Brandeburg) [Orabug: 23176970] \n- i40evf: Drop packet split receive routine (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Refactor receive routine (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Remove reference to ring->dtype (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Drop packet split receive routine (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Refactor tunnel interpretation (Jesse Brandeburg) [Orabug: 23176970] \n- i40evf: make use of BIT() macro to avoid signed left shift (Jacob Keller) [Orabug: 23176970] \n- i40e: make use of BIT() macro to prevent left shift of signed values (Jacob Keller) [Orabug: 23176970] \n- i40e/i40evf: fix I40E_MASK signed shift overflow warnings (Jacob Keller) [Orabug: 23176970] \n- i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Harshitha Ramamurthy) [Orabug: 23176970] \n- i40e: Update device ids for X722 (Catherine Sullivan) [Orabug: 23176970] \n- i40e: Drop extra copy of function (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Use consistent type for vf_id (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: PTP - avoid aggregate return warnings (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Fix uninitialized variable (Catherine Sullivan) [Orabug: 23176970] \n- i40evf: RSS Hash Option parameters (Carolyn Wyborny) [Orabug: 23176970] \n- i40e: Remove HMC AQ API implementation (Neerav Parikh) [Orabug: 23176970] \n- i40e: Limit the number of MAC and VLAN addresses that can be added for VFs (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Change the default for VFs to be not privileged (Anjali Singhai Jain) [Orabug: 23176970] \n- i40evf: Add driver support for promiscuous mode (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Add VF promiscuous mode driver support (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: Add promiscuous on VLAN support (Greg Rose) [Orabug: 23176970] \n- i40e/i40evf: Only offload VLAN tag if enabled (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Remove zero check (Greg Rose) [Orabug: 23176970] \n- i40e: Add DeviceID for X722 QSFP+ (Kamil Krawczyk) [Orabug: 23176970] \n- i40e: Add device capability which defines if update is available (Michal Kosiarz) [Orabug: 23176970] \n- i40evf: Allow PF driver to configure RSS (Mitch Williams) [Orabug: 23176970] \n- i40e: Specify AQ event opcode to wait for (Shannon Nelson) [Orabug: 23176970] \n- i40e: Code cleanup in i40e_add_fdir_ethtool (Shannon Nelson) [Orabug: 23176970] \n- i40evf: Dont Panic (Mitch Williams) [Orabug: 23176970] \n- i40e: Add support for configuring VF RSS (Mitch Williams) [Orabug: 23176970] \n- i40e/i40evf: Add support for IPIP and SIT offloads (Alexander Duyck) [Orabug: 23176970] \n- i40e/i40evf: Clean up feature flags (Alexander Duyck) [Orabug: 23176970] \n- i40evf: properly handle VLAN features (Mitch Williams) [Orabug: 23176970] \n- i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Harshitha Ramamurthy) [Orabug: 23176970] \n- i40e: Input set mask constants for RSS, flow director, and flex bytes (Kiran Patil) [Orabug: 23176970] \n- i40e: Move NVM event wait check to NVM code (Shannon Nelson) [Orabug: 23176970] \n- i40e: Add RSS configuration to virtual channel (Mitch Williams) [Orabug: 23176970] \n- i40e: Move NVM variable out of AQ struct (Shannon Nelson) [Orabug: 23176970] \n- i40e: Restrict VF poll mode to only single function mode devices (Shannon Nelson) [Orabug: 23176970] \n- i40e/i40evf: Faster RX via avoiding FCoE (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Drop unused tx_ring argument (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Move stack var deeper (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Move HW flush (Akeem G Abodunrin) [Orabug: 23176970] \n- i40e: Leave debug_mask cleared at init (Shannon Nelson) [Orabug: 23176970] \n- i40e: Inserting a HW capability display info (Deepthi Kavalur) [Orabug: 23176970] \n- i40e/i40evf: Fix TSO checksum pseudo-header adjustment (Alexander Duyck) [Orabug: 23176970] \n- i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Avinash Dayanand) [Orabug: 23176970] \n- i40e: Request PHY media event at reset time (Shannon Nelson) [Orabug: 23176970] \n- i40e: Lower some message levels (Mitch Williams) [Orabug: 23176970] \n- i40e: Fix for supported link modes in 10GBaseT PHYs (Avinash Dayanand) [Orabug: 23176970] \n- i40evf: Fix get_rss_aq (Catherine Sullivan) [Orabug: 23176970] \n- i40e: Disable link polling (Shannon Nelson) [Orabug: 23176970] \n- i40evf: Add longer wait after remove module (Mitch Williams) [Orabug: 23176970] \n- i40e: Make VF resets more reliable (Mitch Williams) [Orabug: 23176970] \n- i40e: Add new device ID for X722 (Catherine Sullivan) [Orabug: 23176970] \n- i40evf: Fix VLAN features (Mitch Williams) [Orabug: 23176970] \n- i40e: Remove unused variable (Mitch Williams) [Orabug: 23176970] \n- i40e: Enable Geneve offload for FW API ver > 1.4 for XL710/X710 devices (Anjali Singhai Jain) [Orabug: 23176970] \n- i40e: remove redundant check on vsi->active_vlans (Colin King) [Orabug: 23176970] \n- i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Catherine Sullivan) [Orabug: 23176970] \n- i40e: Change comment to reflect correct function name (Mitch Williams) [Orabug: 23176970] \n- i40evf: Add additional check for reset (Mitch Williams) [Orabug: 23176970] \n- i40e: Change unknown event error msg to ignore message (Shannon Nelson) [Orabug: 23176970] \n- i40e: Added code to prevent double resets (Mitch Williams) [Orabug: 23176970] \n- i40e: Notify VFs of all resets (Mitch Williams) [Orabug: 23176970] \n- i40e: Remove timer and task only if created (Shannon Nelson) [Orabug: 23176970] \n- i40e: Assure that adminq is alive in debug mode (Shannon Nelson) [Orabug: 23176970] \n- i40e: Remove MSIx only if created (Shannon Nelson) [Orabug: 23176970] \n- i40e: Fix up return code (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Save off VSI resource count when updating VSI (Kevin Scott) [Orabug: 23176970] \n- i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Catherine Sullivan) [Orabug: 23176970] \n- i40e/i40evf: Fix casting in transmit code (Jesse Brandeburg) [Orabug: 23176970] \n- i40e/i40evf: Fix handling of boolean logic in polling routines (Alexander Duyck) [Orabug: 23176970] \n- i40evf: remove dead code (Alan Cox) [Orabug: 23176970] \n- i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Alexander Duyck) [Orabug: 23176970] \n- i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [Orabug: 23176970] \n- i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Alexander Duyck) [Orabug: 23176970] \n- i40e: fix errant PCIe bandwidth message (Jesse Brandeburg) [Orabug: 23176970] \n- i40e: Add support for client interface for IWARP driver (Anjali Singhai Jain) [Orabug: 23176970]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-08-26T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8785", "CVE-2015-8787", "CVE-2015-8816", "CVE-2016-0723", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2847", "CVE-2016-3156", "CVE-2016-4470", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4951", "CVE-2016-6197", "CVE-2016-6198"], "modified": "2016-08-26T00:00:00", "id": "ELSA-2016-3596", "href": "http://linux.oracle.com/errata/ELSA-2016-3596.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:50", "description": "- [3.10.0-514.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514]\n- [mm] remove gup_flags FOLL_WRITE games from __get_user_pages() (Larry Woodman) [1385124] {CVE-2016-5195}\n[3.10.0-513]\n- [md] dm raid: fix compat_features validation (Mike Snitzer) [1383726]\n[3.10.0-512]\n- [fs] revert 'ext4: pre-zero allocated blocks for DAX IO' (Eric Sandeen) [1380571]\n- [fs] nfsd: fix corruption in notifier registration ('J. Bruce Fields') [1378363]\n- [fs] xfs: log recovery tracepoints to track cu
CVE-2016-4581
