EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)

2019-05-13T00:00:00

Description

According to the versions of the kernel - A flaw was found in the way the Linux kernel handled - A denial of service vulnerability was found in the - A NULL pointer dereference flaw was found in the SCTP - It was found that the x86 ISA (Instruction Set - A flaw was found in the way the Linux kernel's - A flaw was found in the way the Linux kernel's - A cross-boundary flaw was discovered in the Linux - An integer-overflow vulnerability was found in the scsi - A flaw was found in the way the Linux kernel's vhost - A flaw was found in the way the Linux kernel's perf - A NULL-pointer dereference vulnerability was discovered - Multiple race conditions in the Advanced Union - A divide-by-zero flaw was discovered in the Linux - An out-of-bounds memory access flaw was found in the - A NULL-pointer dereference flaw was found in the - A flaw was found in the way the Linux kernel visor The driver assumes that the device always has at least - A race condition flaw was found in the way the Linux - A flaw was discovered in the Linux kernel where issuing - It was found that the Linux kernel's keys subsystem did A local attacker could use this flaw to crash the - A denial of service flaw was discovered in the Linux - It was found that the x86 ISA (Instruction Set - It was found that the Linux kernel's IPv6 network stack Note that Tenable Network Security has extracted packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system.(CVE-2015-5157) WhiteHEAT USB Serial Driver (whiteheat_attach function in drivers/usb/serial/whiteheat.c). In the driver, the COMMAND_PORT variable was hard coded and set to 4 (5th element). The driver assumed that the number of ports would always be 5 and used port number 5 as the command port. However, when using a USB device in which the number of ports was set to a number less than 5 (for example, 3), the driver triggered a kernel NULL-pointer dereference. A non-privileged attacker could use this flaw to panic the host.(CVE-2015-5257) implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.(CVE-2015-5283) Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-5307) networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5364) networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5366) kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible.(CVE-2015-5697) block-request handling code in function start_req(). A local attacker could use specially crafted IOV requests to overflow a counter used in bio_map_user_iov()'s page calculation, and write past the end of the array that contains kernel-page pointers.(CVE-2015-5707) driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack.(CVE-2015-6252) subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop.(CVE-2015-6526) in the Linux kernel. The kernel's Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport existed before creating a connection to a remote server. A local system user could exploit this flaw to crash the system by creating sockets at specific times to trigger a NULL pointer dereference.(CVE-2015-6937) Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.(CVE-2015-7312) kernel built with KVM virtualization support(CONFIG_KVM). The flaw occurs in the KVM module's Programmable Interval Timer(PIT) emulation, when PIT counters for channel 1 or 2 are set to zero(0) and a privileged user inside the guest attempts to read these counters. A privileged guest user with access to PIT I/O ports could exploit this issue to crash the host kernel (denial of service).(CVE-2015-7513) Linux kernel's aiptek USB tablet driver (aiptek_probe() function in drivers/input/tablet/aiptek.c). The driver assumed that the interface always had at least one endpoint. By using a specially crafted USB device with no endpoints on one of its interfaces, an unprivileged user with physical access to the system could trigger a kernel NULL pointer dereference, causing the system to panic.(CVE-2015-7515) kernel, which is caused by a race between revoking a user-type key and reading from it. The issue could be triggered by an unprivileged user with a local account, causing the kernel to crash (denial of service).(CVE-2015-7550) driver handles certain invalid USB device descriptors. one bulk OUT endpoint. By using a specially crafted USB device (without a bulk OUT endpoint), an unprivileged user with physical access could trigger a kernel NULL-pointer dereference and cause a system panic (denial of service).(CVE-2015-7566) kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.(CVE-2015-7613) certain ioctl() -s commands to the '/dev/ppp' device file could lead to a NULL pointer dereference. A privileged user could use this flaw to cause a kernel crash and denial of service.(CVE-2015-7799) not correctly garbage collect uninstantiated keyrings. system or, potentially, escalate their privileges on the system.(CVE-2015-7872) kernel, where a race condition caused a NULL pointer dereference in the RDS socket-creation code. A local attacker could use this flaw to create a situation in which a NULL pointer crashed the kernel.(CVE-2015-7990) Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-8104) did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system.(CVE-2015-8215) the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "EULEROS_SA-2019-1488.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system.(CVE-2015-5157)\n\n - A denial of service vulnerability was found in the WhiteHEAT USB Serial Driver (whiteheat_attach function in drivers/usb/serial/whiteheat.c). In the driver, the COMMAND_PORT variable was hard coded and set to 4 (5th element). The driver assumed that the number of ports would always be 5 and used port number 5 as the command port. However, when using a USB device in which the number of ports was set to a number less than 5 (for example, 3), the driver triggered a kernel NULL-pointer dereference. A non-privileged attacker could use this flaw to panic the host.(CVE-2015-5257)\n\n - A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.(CVE-2015-5283)\n\n - It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-5307)\n\n - A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5364)\n\n - A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5366)\n\n - A cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible.(CVE-2015-5697)\n\n - An integer-overflow vulnerability was found in the scsi block-request handling code in function start_req(). A local attacker could use specially crafted IOV requests to overflow a counter used in bio_map_user_iov()'s page calculation, and write past the end of the array that contains kernel-page pointers.(CVE-2015-5707)\n\n - A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack.(CVE-2015-6252)\n\n - A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop.(CVE-2015-6526)\n\n - A NULL-pointer dereference vulnerability was discovered in the Linux kernel. The kernel's Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport existed before creating a connection to a remote server. A local system user could exploit this flaw to crash the system by creating sockets at specific times to trigger a NULL pointer dereference.(CVE-2015-6937)\n\n - Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.(CVE-2015-7312)\n\n - A divide-by-zero flaw was discovered in the Linux kernel built with KVM virtualization support(CONFIG_KVM). The flaw occurs in the KVM module's Programmable Interval Timer(PIT) emulation, when PIT counters for channel 1 or 2 are set to zero(0) and a privileged user inside the guest attempts to read these counters. A privileged guest user with access to PIT I/O ports could exploit this issue to crash the host kernel (denial of service).(CVE-2015-7513)\n\n - An out-of-bounds memory access flaw was found in the Linux kernel's aiptek USB tablet driver (aiptek_probe() function in drivers/input/tablet/aiptek.c). The driver assumed that the interface always had at least one endpoint. By using a specially crafted USB device with no endpoints on one of its interfaces, an unprivileged user with physical access to the system could trigger a kernel NULL pointer dereference, causing the system to panic.(CVE-2015-7515)\n\n - A NULL-pointer dereference flaw was found in the kernel, which is caused by a race between revoking a user-type key and reading from it. The issue could be triggered by an unprivileged user with a local account, causing the kernel to crash (denial of service).(CVE-2015-7550)\n\n - A flaw was found in the way the Linux kernel visor driver handles certain invalid USB device descriptors.\n The driver assumes that the device always has at least one bulk OUT endpoint. By using a specially crafted USB device (without a bulk OUT endpoint), an unprivileged user with physical access could trigger a kernel NULL-pointer dereference and cause a system panic (denial of service).(CVE-2015-7566)\n\n - A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.(CVE-2015-7613)\n\n - A flaw was discovered in the Linux kernel where issuing certain ioctl() -s commands to the '/dev/ppp' device file could lead to a NULL pointer dereference. A privileged user could use this flaw to cause a kernel crash and denial of service.(CVE-2015-7799)\n\n - It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings.\n A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.(CVE-2015-7872)\n\n - A denial of service flaw was discovered in the Linux kernel, where a race condition caused a NULL pointer dereference in the RDS socket-creation code. A local attacker could use this flaw to create a situation in which a NULL pointer crashed the kernel.(CVE-2015-7990)\n\n - It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-8104)\n\n - It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system.(CVE-2015-8215)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2019-05-13T00:00:00", "modified": "2021-02-09T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/124812", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7515", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7312", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5697", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7990", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7872", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6937", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6252", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5283", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7799", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6526", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8215", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7513", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5707", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7613", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5157", "http://www.nessus.org/u?0073ce36"], "cvelist": ["CVE-2015-5157", "CVE-2015-5257", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6526", "CVE-2015-6937", "CVE-2015-7312", "CVE-2015-7513", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-7566", "CVE-2015-7613", "CVE-2015-7799", "CVE-2015-7872", "CVE-2015-7990", "CVE-2015-8104", "CVE-2015-8215"], "immutableFields": [], "lastseen": "2021-08-19T12:22:57", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2015-565", "ALAS-2015-603", "ALAS-2015-610"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-01-01", "ANDROID:2016-09-01", "ANDROID:2016-12-01", "ANDROID:2017-07-01"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "centos", "idList": ["CESA-2015:1623", "CESA-2015:1778", "CESA-2015:2152", "CESA-2015:2552", "CESA-2015:2636", "CESA-2016:0045", "CESA-2016:0185", "CESA-2016:0715", "CESA-2016:0855"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:15914764000DDC203CA1C6352FDFCDC2", "CFOUNDRY:1E92DA1FCC786D8CF92EF17F4A659881", "CFOUNDRY:316D3894E2B3A400E830586A381960FE", "CFOUNDRY:3F54C95B87B9551DBB314C8164D88E3A", "CFOUNDRY:B5E740952DB37A265609D7340482ED2C", "CFOUNDRY:C4D044657909D168617F0C63F623467E", "CFOUNDRY:DBE2857E4A4B43C72E03FDC8B6460BBB", "CFOUNDRY:F5F537A71E1AA4DEDACA06B703EC9D12"]}, {"type": "cve", "idList": ["CVE-2015-0272", "CVE-2015-5157", "CVE-2015-5257", "CVE-2015-5275", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6526", "CVE-2015-6646", "CVE-2015-6937", "CVE-2015-7312", "CVE-2015-7513", "CVE-2015-7515", "CVE-2015-7550", "CVE-2015-7566", "CVE-2015-7613", "CVE-2015-7799", "CVE-2015-7872", "CVE-2015-7990", "CVE-2015-8104", "CVE-2015-8215"]}, {"type": "debian", "idList": ["DEBIAN:DLA-310-1:EAC5D", "DEBIAN:DLA-325-1:91395", "DEBIAN:DLA-360-1:6C323", "DEBIAN:DLA-378-1:26763", "DEBIAN:DLA-412-1:99076", "DEBIAN:DLA-479-1:373A9", "DEBIAN:DSA-3313-1:00F99", "DEBIAN:DSA-3313-1:C4641", "DEBIAN:DSA-3329-1:6C2DD", "DEBIAN:DSA-3329-1:93E26", "DEBIAN:DSA-3364-1:5D544", "DEBIAN:DSA-3364-1:B19FA", "DEBIAN:DSA-3372-1:9C218", "DEBIAN:DSA-3372-1:CF728", "DEBIAN:DSA-3396-1:605FF", "DEBIAN:DSA-3396-1:D48F1", "DEBIAN:DSA-3414-1:421D5", "DEBIAN:DSA-3426-1:7C23A", "DEBIAN:DSA-3426-1:AC984", "DEBIAN:DSA-3434-1:98A31", "DEBIAN:DSA-3434-1:C4F9A", "DEBIAN:DSA-3448-1:04492", "DEBIAN:DSA-3448-1:C7742", "DEBIAN:DSA-3454-1:3BA83", "DEBIAN:DSA-3503-1:23448", "DEBIAN:DSA-3503-1:9DDFA", "DEBIAN:DSA-3607-1:0BD6E", "DEBIAN:DSA-3607-1:29E1C"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-0272", "DEBIANCVE:CVE-2015-5157", "DEBIANCVE:CVE-2015-5257", "DEBIANCVE:CVE-2015-5283", "DEBIANCVE:CVE-2015-5307", "DEBIANCVE:CVE-2015-5364", "DEBIANCVE:CVE-2015-5366", "DEBIANCVE:CVE-2015-5697", "DEBIANCVE:CVE-2015-5707", "DEBIANCVE:CVE-2015-6252", "DEBIANCVE:CVE-2015-6526", "DEBIANCVE:CVE-2015-6937", "DEBIANCVE:CVE-2015-7312", "DEBIANCVE:CVE-2015-7513", "DEBIANCVE:CVE-2015-7515", "DEBIANCVE:CVE-2015-7550", "DEBIANCVE:CVE-2015-7566", "DEBIANCVE:CVE-2015-7613", "DEBIANCVE:CVE-2015-7799", "DEBIANCVE:CVE-2015-7872", "DEBIANCVE:CVE-2015-7990", "DEBIANCVE:CVE-2015-8104", "DEBIANCVE:CVE-2015-8215"]}, {"type": "exploitdb", "idList": ["EDB-ID:39540"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:1EC12227A84F918BB0C8C659BE0F2284", "EXPLOITPACK:C617424ADAF7B063C6D9C6F505360E69"]}, {"type": "f5", "idList": ["F5:K12903841", "F5:K17307", "F5:K17309", "F5:K17326", "F5:K17457", "F5:K17475", "F5:K24642829", "F5:K31026324", "F5:K37510383", "F5:K90230486", "F5:K94105604", "F5:K98102572", "SOL12903841", "SOL17307", "SOL17309", "SOL17326", "SOL17457", "SOL17475", "SOL24642829", "SOL31026324", "SOL37510383", "SOL90230486", "SOL94105604", "SOL98102572"]}, {"type": "fedora", "idList": ["FEDORA:0A3A560481D7", "FEDORA:0D267606CFB3", "FEDORA:14809606180F", "FEDORA:1CCEF6087EB7", "FEDORA:249EA60D01F2", "FEDORA:2EB1060491B1", "FEDORA:3ED73605E19A", "FEDORA:4276F60157E5", "FEDORA:4375D611D164", "FEDORA:51510605E219", "FEDORA:52C43604E44B", "FEDORA:581F9608B7DF", "FEDORA:60B8C60918D5", "FEDORA:85BCF6087CBF", "FEDORA:8A5146071240", "FEDORA:9AEA46074A7D", "FEDORA:9D2976087C32", "FEDORA:A5C89601FC0F", "FEDORA:AA4AD60600CD", "FEDORA:BAFAB6087824", "FEDORA:C7C84604E909", "FEDORA:DDD4D6087E4D", "FEDORA:E328560486E4", "FEDORA:EFDE7605A2A8"]}, {"type": "freebsd", "idList": ["2CABFBAB-8BFB-11E5-BD18-002590263BF5"]}, {"type": "ibm", "idList": ["0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69", "658C6A388449448220E16F3A05A122A56F35F4A9A9370C4B63DC0779B971B6CE", "DCF0785A8E04DB6808EC923041C1F99827C730DBA6770E63D5DA25D354F764EE"]}, {"type": "kaspersky", "idList": ["KLA10744"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2015-0386", "MGASA-2015-0390", "MGASA-2015-0435", "MGASA-2015-0439", "MGASA-2015-0450", "MGASA-2016-0005", "MGASA-2016-0014", "MGASA-2016-0015", "MGASA-2016-0098", "MGASA-2016-0225", "MGASA-2016-0232", "MGASA-2016-0233"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-565.NASL", "ALA_ALAS-2015-603.NASL", "ALA_ALAS-2015-610.NASL", "CENTOS_RHSA-2015-1623.NASL", "CENTOS_RHSA-2015-1778.NASL", "CENTOS_RHSA-2015-2152.NASL", "CENTOS_RHSA-2015-2552.NASL", "CENTOS_RHSA-2015-2636.NASL", "CENTOS_RHSA-2016-0045.NASL", "CENTOS_RHSA-2016-0185.NASL", "CENTOS_RHSA-2016-0715.NASL", "CENTOS_RHSA-2016-0855.NASL", "CITRIX_XENSERVER_CTX202583.NASL", "DEBIAN_DLA-310.NASL", "DEBIAN_DLA-325.NASL", "DEBIAN_DLA-360.NASL", "DEBIAN_DLA-378.NASL", "DEBIAN_DLA-412.NASL", "DEBIAN_DLA-479.NASL", "DEBIAN_DSA-3313.NASL", "DEBIAN_DSA-3329.NASL", "DEBIAN_DSA-3364.NASL", "DEBIAN_DSA-3372.NASL", "DEBIAN_DSA-3396.NASL", "DEBIAN_DSA-3414.NASL", "DEBIAN_DSA-3426-1.NASL", "DEBIAN_DSA-3434.NASL", "DEBIAN_DSA-3448.NASL", "DEBIAN_DSA-3454.NASL", "DEBIAN_DSA-3503.NASL", "DEBIAN_DSA-3607.NASL", "EULEROS_SA-2016-1018.NASL", "EULEROS_SA-2016-1026.NASL", "EULEROS_SA-2019-1474.NASL", "EULEROS_SA-2019-1478.NASL", "EULEROS_SA-2019-1484.NASL", "EULEROS_SA-2019-1503.NASL", "EULEROS_SA-2019-1505.NASL", "EULEROS_SA-2019-1508.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1520.NASL", "EULEROS_SA-2019-1527.NASL", "EULEROS_SA-2019-1530.NASL", "EULEROS_SA-2019-1531.NASL", "EULEROS_SA-2019-1532.NASL", "EULEROS_SA-2019-1533.NASL", "EULEROS_SA-2019-1536.NASL", "F5_BIGIP_SOL17307.NASL", "F5_BIGIP_SOL17309.NASL", "F5_BIGIP_SOL17326.NASL", "F5_BIGIP_SOL31026324.NASL", "F5_BIGIP_SOL37510383.NASL", "F5_BIGIP_SOL90230486.NASL", "F5_BIGIP_SOL94105604.NASL", "F5_BIGIP_SOL98102572.NASL", "FEDORA_2015-115C302856.NASL", "FEDORA_2015-12908.NASL", "FEDORA_2015-12917.NASL", "FEDORA_2015-13391.NASL", "FEDORA_2015-13396.NASL", "FEDORA_2015-16417.NASL", "FEDORA_2015-16440.NASL", "FEDORA_2015-16441.NASL", "FEDORA_2015-394835A3F6.NASL", "FEDORA_2015-3C8C8BA072.NASL", "FEDORA_2015-43145298F4.NASL", "FEDORA_2015-668D213DC3.NASL", "FEDORA_2015-AC9A19888E.NASL", "FEDORA_2015-C1C2F5E168.NASL", "FEDORA_2015-C4ED00A68F.NASL", "FEDORA_2015-C59710B05D.NASL", "FEDORA_2015-CD94AD8D7C.NASL", "FEDORA_2015-D7E074BA30.NASL", "FEDORA_2015-DCC260F2F2.NASL", "FEDORA_2015-F150B2A8C8.NASL", "FEDORA_2015-F2C534BC12.NASL", "FEDORA_2016-26E19F042A.NASL", "FEDORA_2016-5D43766E33.NASL", "FEDORA_2016-B59FD603BE.NASL", "FREEBSD_PKG_2CABFBAB8BFB11E5BD18002590263BF5.NASL", "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL", "OPENSUSE-2015-543.NASL", "OPENSUSE-2015-686.NASL", "OPENSUSE-2015-879.NASL", "OPENSUSE-2015-892.NASL", "OPENSUSE-2015-893.NASL", "OPENSUSE-2016-1015.NASL", "OPENSUSE-2016-116.NASL", "OPENSUSE-2016-1227.NASL", "OPENSUSE-2016-124.NASL", "OPENSUSE-2016-136.NASL", "OPENSUSE-2016-34.NASL", "OPENSUSE-2016-35.NASL", "OPENSUSE-2016-36.NASL", "OPENSUSE-2016-445.NASL", "ORACLELINUX_ELSA-2015-1623.NASL", "ORACLELINUX_ELSA-2015-1778.NASL", "ORACLELINUX_ELSA-2015-2152.NASL", "ORACLELINUX_ELSA-2015-2552.NASL", "ORACLELINUX_ELSA-2015-2636.NASL", "ORACLELINUX_ELSA-2015-3066.NASL", "ORACLELINUX_ELSA-2015-3067.NASL", "ORACLELINUX_ELSA-2015-3068.NASL", "ORACLELINUX_ELSA-2015-3071.NASL", "ORACLELINUX_ELSA-2015-3072.NASL", "ORACLELINUX_ELSA-2015-3073.NASL", "ORACLELINUX_ELSA-2015-3098.NASL", "ORACLELINUX_ELSA-2015-3101.NASL", "ORACLELINUX_ELSA-2015-3107.NASL", "ORACLELINUX_ELSA-2016-0045.NASL", "ORACLELINUX_ELSA-2016-0185.NASL", "ORACLELINUX_ELSA-2016-0715.NASL", "ORACLELINUX_ELSA-2016-0855.NASL", "ORACLELINUX_ELSA-2016-3501.NASL", "ORACLELINUX_ELSA-2016-3502.NASL", "ORACLELINUX_ELSA-2016-3503.NASL", "ORACLELINUX_ELSA-2016-3519.NASL", "ORACLELINUX_ELSA-2016-3565.NASL", "ORACLELINUX_ELSA-2016-3566.NASL", "ORACLELINUX_ELSA-2016-3567.NASL", "ORACLELINUX_ELSA-2016-3596.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3535.NASL", "ORACLELINUX_ELSA-2017-3566.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLELINUX_ELSA-2018-4020.NASL", "ORACLELINUX_ELSA-2018-4022.NASL", "ORACLELINUX_ELSA-2018-4109.NASL", "ORACLELINUX_ELSA-2018-4110.NASL", "ORACLEVM_OVMSA-2015-0113.NASL", "ORACLEVM_OVMSA-2015-0114.NASL", "ORACLEVM_OVMSA-2015-0147.NASL", "ORACLEVM_OVMSA-2015-0150.NASL", "ORACLEVM_OVMSA-2015-0154.NASL", "ORACLEVM_OVMSA-2016-0005.NASL", "ORACLEVM_OVMSA-2016-0007.NASL", "ORACLEVM_OVMSA-2016-0014.NASL", "ORACLEVM_OVMSA-2016-0037.NASL", "ORACLEVM_OVMSA-2016-0053.NASL", "ORACLEVM_OVMSA-2016-0060.NASL", "ORACLEVM_OVMSA-2016-0081.NASL", "ORACLEVM_OVMSA-2016-0100.NASL", "ORACLEVM_OVMSA-2016-0165.NASL", "ORACLEVM_OVMSA-2016-0166.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0058.NASL", "ORACLEVM_OVMSA-2017-0105.NASL", "ORACLEVM_OVMSA-2017-0106.NASL", "ORACLEVM_OVMSA-2018-0016.NASL", "REDHAT-RHSA-2015-1623.NASL", "REDHAT-RHSA-2015-1778.NASL", "REDHAT-RHSA-2015-1787.NASL", "REDHAT-RHSA-2015-1788.NASL", "REDHAT-RHSA-2015-2152.NASL", "REDHAT-RHSA-2015-2411.NASL", "REDHAT-RHSA-2015-2552.NASL", "REDHAT-RHSA-2015-2587.NASL", "REDHAT-RHSA-2015-2636.NASL", "REDHAT-RHSA-2015-2645.NASL", "REDHAT-RHSA-2016-0004.NASL", "REDHAT-RHSA-2016-0024.NASL", "REDHAT-RHSA-2016-0045.NASL", "REDHAT-RHSA-2016-0046.NASL", "REDHAT-RHSA-2016-0103.NASL", "REDHAT-RHSA-2016-0185.NASL", "REDHAT-RHSA-2016-0212.NASL", "REDHAT-RHSA-2016-0224.NASL", "REDHAT-RHSA-2016-0715.NASL", "REDHAT-RHSA-2016-0855.NASL", "REDHAT-RHSA-2016-1096.NASL", "REDHAT-RHSA-2016-1100.NASL", "REDHAT-RHSA-2016-1225.NASL", "SL_20150813_KERNEL_ON_SL6_X.NASL", "SL_20150915_KERNEL_ON_SL7_X.NASL", "SL_20151119_KERNEL_ON_SL7_X.NASL", "SL_20151208_KERNEL_ON_SL7_X.NASL", "SL_20151215_KERNEL_ON_SL6_X.NASL", "SL_20160119_KERNEL_ON_SL5_X.NASL", "SL_20160216_KERNEL_ON_SL7_X.NASL", "SL_20160504_KERNEL_ON_SL6_X.NASL", "SL_20160510_KERNEL_ON_SL6_X.NASL", "SMB_KB3108638.NASL", "SOLARIS_JUL2016_SRU11_3_8_7_0.NASL", "SOLARIS_OCT2018_SRU11_4_1_4_0.NASL", "SUSE_SU-2015-1324-1.NASL", "SUSE_SU-2015-1478-1.NASL", "SUSE_SU-2015-1611-1.NASL", "SUSE_SU-2015-1678-1.NASL", "SUSE_SU-2015-1727-1.NASL", "SUSE_SU-2015-2108-1.NASL", "SUSE_SU-2015-2194-1.NASL", "SUSE_SU-2015-2292-1.NASL", "SUSE_SU-2015-2306-1.NASL", "SUSE_SU-2015-2324-1.NASL", "SUSE_SU-2015-2326-1.NASL", "SUSE_SU-2015-2328-1.NASL", "SUSE_SU-2015-2338-1.NASL", "SUSE_SU-2015-2339-1.NASL", "SUSE_SU-2016-0168-1.NASL", "SUSE_SU-2016-0585-1.NASL", "SUSE_SU-2016-0658-1.NASL", "SUSE_SU-2016-0785-1.NASL", "SUSE_SU-2016-0911-1.NASL", "SUSE_SU-2016-1203-1.NASL", "SUSE_SU-2016-1672-1.NASL", "SUSE_SU-2016-2074-1.NASL", "SUSE_SU-2016-2245-1.NASL", "SUSE_SU-2016-2976-1.NASL", "SUSE_SU-2017-0333-1.NASL", "UBUNTU_USN-2680-1.NASL", "UBUNTU_USN-2681-1.NASL", "UBUNTU_USN-2682-1.NASL", "UBUNTU_USN-2683-1.NASL", "UBUNTU_USN-2684-1.NASL", "UBUNTU_USN-2685-1.NASL", "UBUNTU_USN-2687-1.NASL", "UBUNTU_USN-2688-1.NASL", "UBUNTU_USN-2689-1.NASL", "UBUNTU_USN-2690-1.NASL", "UBUNTU_USN-2691-1.NASL", "UBUNTU_USN-2700-1.NASL", "UBUNTU_USN-2701-1.NASL", "UBUNTU_USN-2713-1.NASL", "UBUNTU_USN-2731-1.NASL", "UBUNTU_USN-2733-1.NASL", "UBUNTU_USN-2734-1.NASL", "UBUNTU_USN-2737-1.NASL", "UBUNTU_USN-2738-1.NASL", "UBUNTU_USN-2748-1.NASL", "UBUNTU_USN-2749-1.NASL", "UBUNTU_USN-2750-1.NASL", "UBUNTU_USN-2751-1.NASL", "UBUNTU_USN-2752-1.NASL", "UBUNTU_USN-2759-1.NASL", "UBUNTU_USN-2761-1.NASL", "UBUNTU_USN-2762-1.NASL", "UBUNTU_USN-2763-1.NASL", "UBUNTU_USN-2764-1.NASL", "UBUNTU_USN-2765-1.NASL", "UBUNTU_USN-2773-1.NASL", "UBUNTU_USN-2775-1.NASL", "UBUNTU_USN-2776-1.NASL", "UBUNTU_USN-2777-1.NASL", "UBUNTU_USN-2778-1.NASL", "UBUNTU_USN-2779-1.NASL", "UBUNTU_USN-2792-1.NASL", "UBUNTU_USN-2794-1.NASL", "UBUNTU_USN-2795-1.NASL", "UBUNTU_USN-2797-1.NASL", "UBUNTU_USN-2798-1.NASL", "UBUNTU_USN-2799-1.NASL", "UBUNTU_USN-2800-1.NASL", "UBUNTU_USN-2801-1.NASL", "UBUNTU_USN-2802-1.NASL", "UBUNTU_USN-2803-1.NASL", "UBUNTU_USN-2804-1.NASL", "UBUNTU_USN-2805-1.NASL", "UBUNTU_USN-2806-1.NASL", "UBUNTU_USN-2807-1.NASL", "UBUNTU_USN-2823-1.NASL", "UBUNTU_USN-2824-1.NASL", "UBUNTU_USN-2826-1.NASL", "UBUNTU_USN-2829-1.NASL", "UBUNTU_USN-2829-2.NASL", "UBUNTU_USN-2840-1.NASL", "UBUNTU_USN-2841-1.NASL", "UBUNTU_USN-2841-2.NASL", "UBUNTU_USN-2842-1.NASL", "UBUNTU_USN-2842-2.NASL", "UBUNTU_USN-2843-1.NASL", "UBUNTU_USN-2843-2.NASL", "UBUNTU_USN-2843-3.NASL", "UBUNTU_USN-2844-1.NASL", "UBUNTU_USN-2886-1.NASL", "UBUNTU_USN-2887-1.NASL", "UBUNTU_USN-2887-2.NASL", "UBUNTU_USN-2888-1.NASL", "UBUNTU_USN-2889-1.NASL", "UBUNTU_USN-2889-2.NASL", "UBUNTU_USN-2890-1.NASL", "UBUNTU_USN-2890-2.NASL", "UBUNTU_USN-2890-3.NASL", "UBUNTU_USN-2907-1.NASL", "UBUNTU_USN-2907-2.NASL", "UBUNTU_USN-2910-1.NASL", "UBUNTU_USN-2910-2.NASL", "UBUNTU_USN-2911-1.NASL", "UBUNTU_USN-2929-1.NASL", "UBUNTU_USN-2929-2.NASL", "UBUNTU_USN-2930-1.NASL", "UBUNTU_USN-2930-2.NASL", "UBUNTU_USN-2930-3.NASL", "UBUNTU_USN-2932-1.NASL", "UBUNTU_USN-2948-1.NASL", "UBUNTU_USN-2948-2.NASL", "UBUNTU_USN-2967-1.NASL", "UBUNTU_USN-2968-1.NASL", "UBUNTU_USN-2968-2.NASL", "UBUNTU_USN-2969-1.NASL", "UBUNTU_USN-2970-1.NASL", "UBUNTU_USN-2971-1.NASL", "UBUNTU_USN-2971-2.NASL", "UBUNTU_USN-2971-3.NASL", "VIRTUALBOX_5_0_10.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105465", "OPENVAS:1361412562310105481", "OPENVAS:1361412562310105516", "OPENVAS:1361412562310105517", "OPENVAS:1361412562310105528", "OPENVAS:1361412562310106510", "OPENVAS:1361412562310120566", "OPENVAS:1361412562310120600", "OPENVAS:1361412562310122732", "OPENVAS:1361412562310122785", "OPENVAS:1361412562310122793", "OPENVAS:1361412562310122797", "OPENVAS:1361412562310122801", "OPENVAS:1361412562310122806", "OPENVAS:1361412562310122821", "OPENVAS:1361412562310122822", "OPENVAS:1361412562310122823", "OPENVAS:1361412562310122852", "OPENVAS:1361412562310122855", "OPENVAS:1361412562310122884", "OPENVAS:1361412562310122886", "OPENVAS:1361412562310122929", "OPENVAS:1361412562310123005", "OPENVAS:1361412562310123031", "OPENVAS:1361412562310123032", "OPENVAS:1361412562310123033", "OPENVAS:1361412562310123034", "OPENVAS:1361412562310123037", "OPENVAS:1361412562310123038", "OPENVAS:1361412562310123039", "OPENVAS:1361412562310130003", "OPENVAS:1361412562310130007", "OPENVAS:1361412562310131108", "OPENVAS:1361412562310131129", "OPENVAS:1361412562310131137", "OPENVAS:1361412562310131174", "OPENVAS:1361412562310131175", "OPENVAS:1361412562310131182", "OPENVAS:1361412562310131256", "OPENVAS:1361412562310140016", "OPENVAS:1361412562310703313", "OPENVAS:1361412562310703329", "OPENVAS:1361412562310703364", "OPENVAS:1361412562310703372", "OPENVAS:1361412562310703396", "OPENVAS:1361412562310703414", "OPENVAS:1361412562310703426", "OPENVAS:1361412562310703434", "OPENVAS:1361412562310703448", "OPENVAS:1361412562310703454", "OPENVAS:1361412562310703503", "OPENVAS:1361412562310703607", "OPENVAS:1361412562310806718", "OPENVAS:1361412562310806985", "OPENVAS:1361412562310807219", "OPENVAS:1361412562310842379", "OPENVAS:1361412562310842380", "OPENVAS:1361412562310842381", "OPENVAS:1361412562310842383", "OPENVAS:1361412562310842384", "OPENVAS:1361412562310842388", "OPENVAS:1361412562310842389", "OPENVAS:1361412562310842390", "OPENVAS:1361412562310842392", "OPENVAS:1361412562310842396", "OPENVAS:1361412562310842399", "OPENVAS:1361412562310842411", "OPENVAS:1361412562310842414", "OPENVAS:1361412562310842429", "OPENVAS:1361412562310842430", "OPENVAS:1361412562310842431", "OPENVAS:1361412562310842432", "OPENVAS:1361412562310842435", "OPENVAS:1361412562310842446", "OPENVAS:1361412562310842450", "OPENVAS:1361412562310842451", "OPENVAS:1361412562310842463", "OPENVAS:1361412562310842466", "OPENVAS:1361412562310842467", "OPENVAS:1361412562310842468", "OPENVAS:1361412562310842469", "OPENVAS:1361412562310842474", "OPENVAS:1361412562310842475", "OPENVAS:1361412562310842479", "OPENVAS:1361412562310842480", "OPENVAS:1361412562310842481", "OPENVAS:1361412562310842483", "OPENVAS:1361412562310842484", "OPENVAS:1361412562310842492", "OPENVAS:1361412562310842493", "OPENVAS:1361412562310842494", "OPENVAS:1361412562310842496", "OPENVAS:1361412562310842498", "OPENVAS:1361412562310842499", "OPENVAS:1361412562310842500", "OPENVAS:1361412562310842514", "OPENVAS:1361412562310842515", "OPENVAS:1361412562310842516", "OPENVAS:1361412562310842517", "OPENVAS:1361412562310842519", "OPENVAS:1361412562310842520", "OPENVAS:1361412562310842521", "OPENVAS:1361412562310842522", "OPENVAS:1361412562310842523", "OPENVAS:1361412562310842524", "OPENVAS:1361412562310842525", "OPENVAS:1361412562310842526", "OPENVAS:1361412562310842528", "OPENVAS:1361412562310842529", "OPENVAS:1361412562310842530", "OPENVAS:1361412562310842544", "OPENVAS:1361412562310842546", "OPENVAS:1361412562310842549", "OPENVAS:1361412562310842550", "OPENVAS:1361412562310842551", "OPENVAS:1361412562310842565", "OPENVAS:1361412562310842566", "OPENVAS:1361412562310842567", "OPENVAS:1361412562310842568", "OPENVAS:1361412562310842569", "OPENVAS:1361412562310842571", "OPENVAS:1361412562310842572", "OPENVAS:1361412562310842573", "OPENVAS:1361412562310842574", "OPENVAS:1361412562310842575", "OPENVAS:1361412562310842621", "OPENVAS:1361412562310842622", "OPENVAS:1361412562310842623", "OPENVAS:1361412562310842624", "OPENVAS:1361412562310842625", "OPENVAS:1361412562310842627", "OPENVAS:1361412562310842628", "OPENVAS:1361412562310842629", "OPENVAS:1361412562310842631", "OPENVAS:1361412562310842632", "OPENVAS:1361412562310842650", "OPENVAS:1361412562310842651", "OPENVAS:1361412562310842653", "OPENVAS:1361412562310842654", "OPENVAS:1361412562310842657", "OPENVAS:1361412562310842667", "OPENVAS:1361412562310842686", "OPENVAS:1361412562310842690", "OPENVAS:1361412562310842691", "OPENVAS:1361412562310842692", "OPENVAS:1361412562310842693", "OPENVAS:1361412562310842698", "OPENVAS:1361412562310842713", "OPENVAS:1361412562310842735", "OPENVAS:1361412562310842736", "OPENVAS:1361412562310842737", "OPENVAS:1361412562310842738", "OPENVAS:1361412562310842739", "OPENVAS:1361412562310842741", "OPENVAS:1361412562310842742", "OPENVAS:1361412562310842743", "OPENVAS:1361412562310842744", "OPENVAS:1361412562310850675", "OPENVAS:1361412562310850904", "OPENVAS:1361412562310851080", "OPENVAS:1361412562310851121", "OPENVAS:1361412562310851138", "OPENVAS:1361412562310851154", "OPENVAS:1361412562310851157", "OPENVAS:1361412562310851159", "OPENVAS:1361412562310851176", "OPENVAS:1361412562310851179", "OPENVAS:1361412562310851188", "OPENVAS:1361412562310851197", "OPENVAS:1361412562310851242", "OPENVAS:1361412562310851273", "OPENVAS:1361412562310851386", "OPENVAS:1361412562310851420", "OPENVAS:1361412562310869857", "OPENVAS:1361412562310869860", "OPENVAS:1361412562310869886", "OPENVAS:1361412562310869889", "OPENVAS:1361412562310869982", "OPENVAS:1361412562310869986", "OPENVAS:1361412562310871426", "OPENVAS:1361412562310871452", "OPENVAS:1361412562310871487", "OPENVAS:1361412562310871516", "OPENVAS:1361412562310871524", "OPENVAS:1361412562310871541", "OPENVAS:1361412562310871558", "OPENVAS:1361412562310871606", "OPENVAS:1361412562310871611", "OPENVAS:1361412562310882245", "OPENVAS:1361412562310882285", "OPENVAS:1361412562310882342", "OPENVAS:1361412562310882369", "OPENVAS:1361412562310882396", "OPENVAS:1361412562310882482", "OPENVAS:1361412562311220161018", "OPENVAS:1361412562311220161026", "OPENVAS:1361412562311220191474", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562311220191484", "OPENVAS:1361412562311220191488", "OPENVAS:1361412562311220191503", "OPENVAS:1361412562311220191505", "OPENVAS:1361412562311220191508", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191520", "OPENVAS:1361412562311220191527", "OPENVAS:1361412562311220191530", "OPENVAS:1361412562311220191531", "OPENVAS:1361412562311220191532", "OPENVAS:1361412562311220191533", "OPENVAS:1361412562311220191536", "OPENVAS:703313", "OPENVAS:703329", "OPENVAS:703364", "OPENVAS:703372", "OPENVAS:703396", "OPENVAS:703414", "OPENVAS:703426", "OPENVAS:703434", "OPENVAS:703448", "OPENVAS:703454", "OPENVAS:703503", "OPENVAS:703607"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2016", "ORACLE:CPUJUL2016", "ORACLE:CPUOCT2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-1623", "ELSA-2015-1778", "ELSA-2015-2152", "ELSA-2015-2552", "ELSA-2015-2636", "ELSA-2015-3066", "ELSA-2015-3067", "ELSA-2015-3068", "ELSA-2015-3071", "ELSA-2015-3072", "ELSA-2015-3073", "ELSA-2015-3098", "ELSA-2015-3101", "ELSA-2015-3107", "ELSA-2016-0045", "ELSA-2016-0045-1", "ELSA-2016-0185", "ELSA-2016-0715", "ELSA-2016-0855", "ELSA-2016-3501", "ELSA-2016-3502", "ELSA-2016-3503", "ELSA-2016-3519", "ELSA-2016-3565", "ELSA-2016-3566", "ELSA-2016-3567", "ELSA-2017-3534", "ELSA-2017-3535", "ELSA-2017-3566", "ELSA-2017-3567", "ELSA-2018-4020", "ELSA-2018-4022", "ELSA-2018-4109", "ELSA-2018-4110"]}, {"type": "osv", "idList": ["OSV:DLA-310-1", "OSV:DLA-325-1", "OSV:DLA-360-1", "OSV:DLA-378-1", "OSV:DLA-412-1", "OSV:DLA-479-1", "OSV:DSA-3313-1", "OSV:DSA-3329-1", "OSV:DSA-3364-1", "OSV:DSA-3372-1", "OSV:DSA-3396-1", "OSV:DSA-3414-1", "OSV:DSA-3426-1", "OSV:DSA-3434-1", "OSV:DSA-3448-1", "OSV:DSA-3454-1", "OSV:DSA-3503-1", "OSV:DSA-3607-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:136137", "PACKETSTORM:136141"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0025"]}, {"type": "redhat", "idList": ["RHSA-2015:1623", "RHSA-2015:1778", "RHSA-2015:1787", "RHSA-2015:1788", "RHSA-2015:2152", "RHSA-2015:2411", "RHSA-2015:2552", "RHSA-2015:2587", "RHSA-2015:2636", "RHSA-2015:2645", "RHSA-2016:0004", "RHSA-2016:0024", "RHSA-2016:0045", "RHSA-2016:0046", "RHSA-2016:0103", "RHSA-2016:0185", "RHSA-2016:0212", "RHSA-2016:0224", "RHSA-2016:0715", "RHSA-2016:0855", "RHSA-2016:1096", "RHSA-2016:1100", "RHSA-2016:1225"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32350", "SECURITYVULNS:DOC:32352", "SECURITYVULNS:DOC:32513", "SECURITYVULNS:VULN:14579"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1382-1", "OPENSUSE-SU-2015:1842-1", "OPENSUSE-SU-2016:0123-1", "OPENSUSE-SU-2016:0124-1", "OPENSUSE-SU-2016:0126-1", "OPENSUSE-SU-2016:0280-1", "OPENSUSE-SU-2016:0301-1", "OPENSUSE-SU-2016:0318-1", "OPENSUSE-SU-2016:1008-1", "OPENSUSE-SU-2016:2144-1", "OPENSUSE-SU-2016:2625-1", "OPENSUSE-SU-2016:2649-1", "SUSE-SU-2015:1224-1", "SUSE-SU-2015:1324-1", "SUSE-SU-2015:1478-1", "SUSE-SU-2015:1487-1", "SUSE-SU-2015:1488-1", "SUSE-SU-2015:1489-1", "SUSE-SU-2015:1490-1", "SUSE-SU-2015:1491-1", "SUSE-SU-2015:1592-1", "SUSE-SU-2015:1611-1", "SUSE-SU-2015:1727-1", "SUSE-SU-2015:2084-1", "SUSE-SU-2015:2085-1", "SUSE-SU-2015:2086-1", "SUSE-SU-2015:2087-1", "SUSE-SU-2015:2089-1", "SUSE-SU-2015:2090-1", "SUSE-SU-2015:2091-1", "SUSE-SU-2015:2108-1", "SUSE-SU-2015:2194-1", "SUSE-SU-2015:2292-1", "SUSE-SU-2015:2339-1", "SUSE-SU-2015:2350-1", "SUSE-SU-2016:0168-1", "SUSE-SU-2016:0335-1", "SUSE-SU-2016:0337-1", "SUSE-SU-2016:0354-1", "SUSE-SU-2016:0380-1", "SUSE-SU-2016:0381-1", "SUSE-SU-2016:0383-1", "SUSE-SU-2016:0384-1", "SUSE-SU-2016:0386-1", "SUSE-SU-2016:0387-1", "SUSE-SU-2016:0434-1", "SUSE-SU-2016:0585-1", "SUSE-SU-2016:0658-1", "SUSE-SU-2016:0785-1", "SUSE-SU-2016:0911-1", "SUSE-SU-2016:1102-1", "SUSE-SU-2016:1203-1", "SUSE-SU-2016:1672-1", "SUSE-SU-2016:1707-1", "SUSE-SU-2016:1764-1", "SUSE-SU-2016:2074-1", "SUSE-SU-2016:2245-1", "SUSE-SU-2016:2976-1", "SUSE-SU-2016:3069-1", "SUSE-SU-2017:0333-1"]}, {"type": "ubuntu", "idList": ["USN-2680-1", "USN-2681-1", "USN-2682-1", "USN-2683-1", "USN-2684-1", "USN-2685-1", "USN-2687-1", "USN-2688-1", "USN-2689-1", "USN-2690-1", "USN-2691-1", "USN-2713-1", "USN-2714-1", "USN-2731-1", "USN-2732-1", "USN-2733-1", "USN-2734-1", "USN-2737-1", "USN-2738-1", "USN-2748-1", "USN-2749-1", "USN-2750-1", "USN-2751-1", "USN-2752-1", "USN-2759-1", "USN-2760-1", "USN-2761-1", "USN-2762-1", "USN-2763-1", "USN-2764-1", "USN-2765-1", "USN-2773-1", "USN-2774-1", "USN-2775-1", "USN-2776-1", "USN-2777-1", "USN-2778-1", "USN-2779-1", "USN-2792-1", "USN-2794-1", "USN-2795-1", "USN-2796-1", "USN-2797-1", "USN-2798-1", "USN-2799-1", "USN-2800-1", "USN-2801-1", "USN-2802-1", "USN-2803-1", "USN-2804-1", "USN-2805-1", "USN-2806-1", "USN-2807-1", "USN-2823-1", "USN-2824-1", "USN-2826-1", "USN-2829-1", "USN-2829-2", "USN-2840-1", "USN-2840-2", "USN-2841-1", "USN-2841-2", "USN-2842-1", "USN-2842-2", "USN-2843-1", "USN-2843-2", "USN-2843-3", "USN-2844-1", "USN-2886-1", "USN-2886-2", "USN-2887-1", "USN-2887-2", "USN-2888-1", "USN-2889-1", "USN-2889-2", "USN-2890-1", "USN-2890-2", "USN-2890-3", "USN-2907-1", "USN-2907-2", "USN-2910-1", "USN-2910-2", "USN-2911-1", "USN-2911-2", "USN-2929-1", "USN-2929-2", "USN-2930-1", "USN-2930-2", "USN-2930-3", "USN-2932-1", "USN-2948-1", "USN-2948-2", "USN-2967-1", "USN-2967-2", "USN-2968-1", "USN-2968-2", "USN-2969-1", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-0272", "UB:CVE-2015-5157", "UB:CVE-2015-5257", "UB:CVE-2015-5283", "UB:CVE-2015-5307", "UB:CVE-2015-5364", "UB:CVE-2015-5366", "UB:CVE-2015-5697", "UB:CVE-2015-5707", "UB:CVE-2015-6252", "UB:CVE-2015-6526", "UB:CVE-2015-6646", "UB:CVE-2015-6937", "UB:CVE-2015-7312", "UB:CVE-2015-7513", "UB:CVE-2015-7515", "UB:CVE-2015-7550", "UB:CVE-2015-7566", "UB:CVE-2015-7613", "UB:CVE-2015-7799", "UB:CVE-2015-7872", "UB:CVE-2015-7990", "UB:CVE-2015-8104", "UB:CVE-2015-8215"]}, {"type": "xen", "idList": ["XSA-156"]}, {"type": "zdt", "idList": ["1337DAY-ID-25865", "1337DAY-ID-25869"]}]}, "score": {"value": 0.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2015-565"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-01-01"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "centos", "idList": ["CESA-2015:1623", "CESA-2015:1778", "CESA-2015:2636", "CESA-2016:0045", "CESA-2016:0185", "CESA-2016:0715"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DBE2857E4A4B43C72E03FDC8B6460BBB"]}, {"type": "cve", "idList": ["CVE-2015-5157", "CVE-2015-5257", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6526", "CVE-2015-6937", "CVE-2015-7312", "CVE-2015-7513", "CVE-2015-7550", "CVE-2015-7566", "CVE-2015-7613", "CVE-2015-7799", "CVE-2015-7872", "CVE-2015-7990", "CVE-2015-8104", "CVE-2015-8215"]}, {"type": "debian", "idList": ["DEBIAN:DLA-325-1:91395", "DEBIAN:DSA-3313-1:00F99", "DEBIAN:DSA-3364-1:5D544"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-5157", "DEBIANCVE:CVE-2015-5257", "DEBIANCVE:CVE-2015-5283", "DEBIANCVE:CVE-2015-5307", "DEBIANCVE:CVE-2015-5364", "DEBIANCVE:CVE-2015-5366", "DEBIANCVE:CVE-2015-5697", "DEBIANCVE:CVE-2015-5707", "DEBIANCVE:CVE-2015-6252", "DEBIANCVE:CVE-2015-6526", "DEBIANCVE:CVE-2015-6937", "DEBIANCVE:CVE-2015-7312", "DEBIANCVE:CVE-2015-7513", "DEBIANCVE:CVE-2015-7515", "DEBIANCVE:CVE-2015-7550", "DEBIANCVE:CVE-2015-7566", "DEBIANCVE:CVE-2015-7613", "DEBIANCVE:CVE-2015-7799", "DEBIANCVE:CVE-2015-7872", "DEBIANCVE:CVE-2015-7990", "DEBIANCVE:CVE-2015-8104", "DEBIANCVE:CVE-2015-8215"]}, {"type": "exploitdb", "idList": ["EDB-ID:39540", "EDB-ID:39544"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C617424ADAF7B063C6D9C6F505360E69"]}, {"type": "f5", "idList": ["F5:K17326", "F5:K94105604", "F5:K98102572", "SOL12903841", "SOL17307", "SOL17457", "SOL90230486", "SOL94105604"]}, {"type": "fedora", "idList": ["FEDORA:2EB1060491B1", "FEDORA:85BCF6087CBF", "FEDORA:EFDE7605A2A8"]}, {"type": "freebsd", "idList": ["2CABFBAB-8BFB-11E5-BD18-002590263BF5"]}, {"type": "ibm", "idList": ["658C6A388449448220E16F3A05A122A56F35F4A9A9370C4B63DC0779B971B6CE"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/F5-BIG-IP-CVE-2015-5707/", "MSF:ILITIES/ORACLE_LINUX-CVE-2015-6937/", "MSF:ILITIES/UBUNTU-CVE-2015-5283/"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-565.NASL", "CENTOS_RHSA-2015-1778.NASL", "CENTOS_RHSA-2015-2552.NASL", "DEBIAN_DLA-310.NASL", "DEBIAN_DLA-412.NASL", "F5_BIGIP_SOL98102572.NASL", "FEDORA_2015-16441.NASL", "FEDORA_2016-26E19F042A.NASL", "OPENSUSE-2015-686.NASL", "ORACLELINUX_ELSA-2015-3101.NASL", "ORACLELINUX_ELSA-2015-3107.NASL", "ORACLELINUX_ELSA-2016-0045.NASL", "ORACLELINUX_ELSA-2016-3501.NASL", "ORACLEVM_OVMSA-2015-0154.NASL", "ORACLEVM_OVMSA-2016-0053.NASL", "SL_20150915_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2015-2339-1.NASL", "UBUNTU_USN-2681-1.NASL", "UBUNTU_USN-2688-1.NASL", "UBUNTU_USN-2738-1.NASL", "UBUNTU_USN-2792-1.NASL", "UBUNTU_USN-2803-1.NASL", "UBUNTU_USN-2806-1.NASL", "UBUNTU_USN-2807-1.NASL", "UBUNTU_USN-2823-1.NASL", "UBUNTU_USN-2840-1.NASL", "UBUNTU_USN-2844-1.NASL", "UBUNTU_USN-2888-1.NASL", "UBUNTU_USN-2911-1.NASL", "UBUNTU_USN-2930-1.NASL", "UBUNTU_USN-2930-2.NASL", "UBUNTU_USN-2930-3.NASL", "VIRTUALBOX_5_0_10.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105465", "OPENVAS:1361412562310122797", "OPENVAS:1361412562310122806", "OPENVAS:1361412562310122821", "OPENVAS:1361412562310122855", "OPENVAS:1361412562310122884", "OPENVAS:1361412562310123005", "OPENVAS:1361412562310123032", "OPENVAS:1361412562310703372", "OPENVAS:1361412562310703607", "OPENVAS:1361412562310806985", "OPENVAS:1361412562310842384", "OPENVAS:1361412562310842396", "OPENVAS:1361412562310842432", "OPENVAS:1361412562310842468", "OPENVAS:1361412562310842475", "OPENVAS:1361412562310842479", "OPENVAS:1361412562310842492", "OPENVAS:1361412562310842496", "OPENVAS:1361412562310842524", "OPENVAS:1361412562310842529", "OPENVAS:1361412562310842736", "OPENVAS:1361412562310851154", "OPENVAS:1361412562310851159", "OPENVAS:1361412562310871452", "OPENVAS:1361412562310871524", "OPENVAS:1361412562311220161026", "OPENVAS:703329", "OPENVAS:703426"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2016"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-3066", "ELSA-2015-3068", "ELSA-2018-4109"]}, {"type": "paloalto", "idList": ["PAN-SA-2016-0025"]}, {"type": "redhat", "idList": ["RHSA-2016:0224", "RHSA-2016:0855", "RHSA-2016:1225"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14579"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0301-1", "SUSE-SU-2015:1490-1", "SUSE-SU-2015:1491-1", "SUSE-SU-2015:2085-1", "SUSE-SU-2016:3069-1"]}, {"type": "ubuntu", "idList": ["USN-2737-1", "USN-2794-1", "USN-2840-1", "USN-2890-1", "USN-2929-1", "USN-2929-2", "USN-2930-1", "USN-2930-2", "USN-2930-3", "USN-2932-1", "USN-2948-1", "USN-2948-2", "USN-2967-1", "USN-2967-2", "USN-2968-1", "USN-2968-2", "USN-2970-1", "USN-2971-1", "USN-2971-2", "USN-2971-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-8215"]}, {"type": "xen", "idList": ["XSA-156"]}, {"type": "zdt", "idList": ["1337DAY-ID-25869"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-5157", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-5257", "epss": "0.002410000", "percentile": "0.602750000", "modified": "2023-03-15"}, {"cve": "CVE-2015-5283", "epss": "0.000440000", "percentile": "0.082330000", "modified": "2023-03-15"}, {"cve": "CVE-2015-5307", "epss": "0.000680000", "percentile": "0.278630000", "modified": "2023-03-15"}, {"cve": "CVE-2015-5364", "epss": "0.276230000", "percentile": "0.960630000", "modified": "2023-03-15"}, {"cve": "CVE-2015-5366", "epss": "0.440320000", "percentile": "0.967530000", "modified": "2023-03-15"}, {"cve": "CVE-2015-5697", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-5707", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-6252", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-6526", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2015-6937", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7312", "epss": "0.000420000", "percentile": "0.056670000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7513", "epss": "0.000640000", "percentile": "0.261620000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7515", "epss": "0.004520000", "percentile": "0.712310000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7550", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7566", "epss": "0.002970000", "percentile": "0.645730000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7613", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7799", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7872", "epss": "0.000460000", "percentile": "0.140030000", "modified": "2023-03-15"}, {"cve": "CVE-2015-7990", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8104", "epss": "0.000720000", "percentile": "0.293980000", "modified": "2023-03-15"}, {"cve": "CVE-2015-8215", "epss": "0.030970000", "percentile": "0.895190000", "modified": "2023-03-15"}], "vulnersScore": 0.6}, "_state": {"dependencies": 1678955717, "score": 1698838580, "epss": 1678955506}, "_internal": {"score_hash": "2e15fee6911a7a229175df00114c9165"}, "pluginID": "124812", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124812);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2015-5157\",\n \"CVE-2015-5257\",\n \"CVE-2015-5283\",\n \"CVE-2015-5307\",\n \"CVE-2015-5364\",\n \"CVE-2015-5366\",\n \"CVE-2015-5697\",\n \"CVE-2015-5707\",\n \"CVE-2015-6252\",\n \"CVE-2015-6526\",\n \"CVE-2015-6937\",\n \"CVE-2015-7312\",\n \"CVE-2015-7513\",\n \"CVE-2015-7515\",\n \"CVE-2015-7550\",\n \"CVE-2015-7566\",\n \"CVE-2015-7613\",\n \"CVE-2015-7799\",\n \"CVE-2015-7872\",\n \"CVE-2015-7990\",\n \"CVE-2015-8104\",\n \"CVE-2015-8215\"\n );\n script_bugtraq_id(\n 75510,\n 76005\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in the way the Linux kernel handled\n IRET faults during the processing of NMIs. An\n unprivileged, local user could use this flaw to crash\n the system or, potentially (although highly unlikely),\n escalate their privileges on the system.(CVE-2015-5157)\n\n - A denial of service vulnerability was found in the\n WhiteHEAT USB Serial Driver (whiteheat_attach function\n in drivers/usb/serial/whiteheat.c). In the driver, the\n COMMAND_PORT variable was hard coded and set to 4 (5th\n element). The driver assumed that the number of ports\n would always be 5 and used port number 5 as the command\n port. However, when using a USB device in which the\n number of ports was set to a number less than 5 (for\n example, 3), the driver triggered a kernel NULL-pointer\n dereference. A non-privileged attacker could use this\n flaw to panic the host.(CVE-2015-5257)\n\n - A NULL pointer dereference flaw was found in the SCTP\n implementation. A local user could use this flaw to\n cause a denial of service on the system by triggering a\n kernel panic when creating multiple sockets in parallel\n while the system did not have the SCTP module\n loaded.(CVE-2015-5283)\n\n - It was found that the x86 ISA (Instruction Set\n Architecture) is prone to a denial of service attack\n inside a virtualized environment in the form of an\n infinite loop in the microcode due to the way\n (sequential) delivering of benign exceptions such as\n #AC (alignment check exception) is handled. A\n privileged user inside a guest could use this flaw to\n create denial of service conditions on the host\n kernel.(CVE-2015-5307)\n\n - A flaw was found in the way the Linux kernel's\n networking implementation handled UDP packets with\n incorrect checksum values. A remote attacker could\n potentially use this flaw to trigger an infinite loop\n in the kernel, resulting in a denial of service on the\n system, or cause a denial of service in applications\n using the edge triggered epoll\n functionality.(CVE-2015-5364)\n\n - A flaw was found in the way the Linux kernel's\n networking implementation handled UDP packets with\n incorrect checksum values. A remote attacker could\n potentially use this flaw to trigger an infinite loop\n in the kernel, resulting in a denial of service on the\n system, or cause a denial of service in applications\n using the edge triggered epoll\n functionality.(CVE-2015-5366)\n\n - A cross-boundary flaw was discovered in the Linux\n kernel software raid driver. The driver accessed a\n disabled bitmap where only the first byte of the buffer\n was initialized to zero. This meant that the rest of\n the request (up to 4095 bytes) was left and copied into\n user space. An attacker could use this flaw to read\n private information from user space that would not\n otherwise have been accessible.(CVE-2015-5697)\n\n - An integer-overflow vulnerability was found in the scsi\n block-request handling code in function start_req(). A\n local attacker could use specially crafted IOV requests\n to overflow a counter used in bio_map_user_iov()'s page\n calculation, and write past the end of the array that\n contains kernel-page pointers.(CVE-2015-5707)\n\n - A flaw was found in the way the Linux kernel's vhost\n driver treated userspace provided log file descriptor\n when processing the VHOST_SET_LOG_FD ioctl command. The\n file descriptor was never released and continued to\n consume kernel memory. A privileged local user with\n access to the /dev/vhost-net files could use this flaw\n to create a denial-of-service attack.(CVE-2015-6252)\n\n - A flaw was found in the way the Linux kernel's perf\n subsystem retrieved userlevel stack traces on PowerPC\n systems. A local, unprivileged user could use this flaw\n to cause a denial of service on the system by creating\n a special stack layout that would force the\n perf_callchain_user_64() function into an infinite\n loop.(CVE-2015-6526)\n\n - A NULL-pointer dereference vulnerability was discovered\n in the Linux kernel. The kernel's Reliable Datagram\n Sockets (RDS) protocol implementation did not verify\n that an underlying transport existed before creating a\n connection to a remote server. A local system user\n could exploit this flaw to crash the system by creating\n sockets at specific times to trigger a NULL pointer\n dereference.(CVE-2015-6937)\n\n - Multiple race conditions in the Advanced Union\n Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch\n patches for the Linux kernel 3.x and 4.x allow local\n users to cause a denial of service (use-after-free and\n BUG) or possibly gain privileges via a (1) madvise or\n (2) msync system call, related to mm/madvise.c and\n mm/msync.c.(CVE-2015-7312)\n\n - A divide-by-zero flaw was discovered in the Linux\n kernel built with KVM virtualization\n support(CONFIG_KVM). The flaw occurs in the KVM\n module's Programmable Interval Timer(PIT) emulation,\n when PIT counters for channel 1 or 2 are set to zero(0)\n and a privileged user inside the guest attempts to read\n these counters. A privileged guest user with access to\n PIT I/O ports could exploit this issue to crash the\n host kernel (denial of service).(CVE-2015-7513)\n\n - An out-of-bounds memory access flaw was found in the\n Linux kernel's aiptek USB tablet driver (aiptek_probe()\n function in drivers/input/tablet/aiptek.c). The driver\n assumed that the interface always had at least one\n endpoint. By using a specially crafted USB device with\n no endpoints on one of its interfaces, an unprivileged\n user with physical access to the system could trigger a\n kernel NULL pointer dereference, causing the system to\n panic.(CVE-2015-7515)\n\n - A NULL-pointer dereference flaw was found in the\n kernel, which is caused by a race between revoking a\n user-type key and reading from it. The issue could be\n triggered by an unprivileged user with a local account,\n causing the kernel to crash (denial of\n service).(CVE-2015-7550)\n\n - A flaw was found in the way the Linux kernel visor\n driver handles certain invalid USB device descriptors.\n The driver assumes that the device always has at least\n one bulk OUT endpoint. By using a specially crafted USB\n device (without a bulk OUT endpoint), an unprivileged\n user with physical access could trigger a kernel\n NULL-pointer dereference and cause a system panic\n (denial of service).(CVE-2015-7566)\n\n - A race condition flaw was found in the way the Linux\n kernel's IPC subsystem initialized certain fields in an\n IPC object structure that were later used for\n permission checking before inserting the object into a\n globally visible list. A local, unprivileged user could\n potentially use this flaw to elevate their privileges\n on the system.(CVE-2015-7613)\n\n - A flaw was discovered in the Linux kernel where issuing\n certain ioctl() -s commands to the '/dev/ppp' device\n file could lead to a NULL pointer dereference. A\n privileged user could use this flaw to cause a kernel\n crash and denial of service.(CVE-2015-7799)\n\n - It was found that the Linux kernel's keys subsystem did\n not correctly garbage collect uninstantiated keyrings.\n A local attacker could use this flaw to crash the\n system or, potentially, escalate their privileges on\n the system.(CVE-2015-7872)\n\n - A denial of service flaw was discovered in the Linux\n kernel, where a race condition caused a NULL pointer\n dereference in the RDS socket-creation code. A local\n attacker could use this flaw to create a situation in\n which a NULL pointer crashed the kernel.(CVE-2015-7990)\n\n - It was found that the x86 ISA (Instruction Set\n Architecture) is prone to a denial of service attack\n inside a virtualized environment in the form of an\n infinite loop in the microcode due to the way\n (sequential) delivering of benign exceptions such as\n #DB (debug exception) is handled. A privileged user\n inside a guest could use this flaw to create denial of\n service conditions on the host kernel.(CVE-2015-8104)\n\n - It was found that the Linux kernel's IPv6 network stack\n did not properly validate the value of the MTU variable\n when it was set. A remote attacker could potentially\n use this flaw to disrupt a target system's networking\n (packet loss) by setting an invalid MTU value, for\n example, via a NetworkManager daemon that is processing\n router advertisement packets running on the target\n system.(CVE-2015-8215)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1488\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0073ce36\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5157\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "solution": "Update the affected kernel packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2015-5157", "vendor_cvss2": {}, "vendor_cvss3": {}, "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2019-05-09T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"openvas": [{"lastseen": "2020-01-27T18:39:13", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1488)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8215", "CVE-2015-6252", "CVE-2015-5364", "CVE-2015-7550", "CVE-2015-5257", "CVE-2015-6526", "CVE-2015-5366", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-7513", "CVE-2015-7312", "CVE-2015-7515", "CVE-2015-7990", "CVE-2015-5697", "CVE-2015-7799", "CVE-2015-7566", "CVE-2015-5283", "CVE-2015-5707", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191488", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191488", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1488\");\n script_version(\"2020-01-23T11:54:37+0000\");\n script_cve_id(\"CVE-2015-5157\", \"CVE-2015-5257\", \"CVE-2015-5283\", \"CVE-2015-5307\", \"CVE-2015-5364\", \"CVE-2015-5366\", \"CVE-2015-5697\", \"CVE-2015-5707\", \"CVE-2015-6252\", \"CVE-2015-6526\", \"CVE-2015-6937\", \"CVE-2015-7312\", \"CVE-2015-7513\", \"CVE-2015-7515\", \"CVE-2015-7550\", \"CVE-2015-7566\", \"CVE-2015-7613\", \"CVE-2015-7799\", \"CVE-2015-7872\", \"CVE-2015-7990\", \"CVE-2015-8104\", \"CVE-2015-8215\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:54:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:54:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1488)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1488\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1488\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1488 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system.(CVE-2015-5157)\n\nA denial of service vulnerability was found in the WhiteHEAT USB Serial Driver (whiteheat_attach function in drivers/usb/serial/whiteheat.c). In the driver, the COMMAND_PORT variable was hard coded and set to 4 (5th element). The driver assumed that the number of ports would always be 5 and used port number 5 as the command port. However, when using a USB device in which the number of ports was set to a number less than 5 (for example, 3), the driver triggered a kernel NULL-pointer dereference. A non-privileged attacker could use this flaw to panic the host.(CVE-2015-5257)\n\nA NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded.(CVE-2015-5283)\n\nIt was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel.(CVE-2015-5307)\n\nA flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5364)\n\nA flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.(CVE-2015-5366)\n\nA cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read pr ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:37:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for kernel-source (SUSE-SU-2015:1727-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-7613", "CVE-2015-5156", "CVE-2015-5697", "CVE-2015-5283", "CVE-2015-5157", "CVE-2015-6937"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850904", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850904", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850904\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 13:54:05 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-5156\", \"CVE-2015-5157\", \"CVE-2015-5283\", \"CVE-2015-5697\", \"CVE-2015-6252\", \"CVE-2015-6937\", \"CVE-2015-7613\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for kernel-source (SUSE-SU-2015:1727-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-source'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to\n receive various security and bugfixes.\n\n The following security bugs were fixed:\n\n * CVE-2015-7613: A flaw was found in the Linux kernel IPC code that could\n lead to arbitrary code execution. The ipc_addid() function initialized a\n shared object that has unset uid/gid values. Since the fields are not\n initialized, the check can falsely succeed. (bsc#948536)\n\n * CVE-2015-5156: When a guests KVM network devices is in a bridge\n configuration the kernel can create a situation in which packets are\n fragmented in an unexpected fashion. The GRO functionality can create a\n situation in which multiple SKB's are chained together in a single\n packets fraglist (by design). (bsc#940776)\n\n * CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel before\n 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs\n that occurred during userspace execution, which might allow local users\n to gain privileges by triggering an NMI (bsc#938706).\n\n * CVE-2015-6252: A flaw was found in the way the Linux kernel's vhost\n driver treated userspace provided log file descriptor when processing\n the VHOST_SET_LOG_FD ioctl command. The file descriptor was never\n released and continued to consume kernel memory. A privileged local user\n with access to the /dev/vhost-net files could use this flaw to create a\n denial-of-service attack (bsc#942367).\n\n * CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the\n Linux kernel before 4.1.6 does not initialize a certain bitmap data\n structure, which allows local users to obtain sensitive information from\n kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994)\n\n * CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#945825)\n\n * CVE-2015-5283: A NULL pointer dereference flaw was found in SCTP\n implementation allowing a local user to cause system DoS. Creation of\n multiple sockets in parallel when system doesn't have SCTP module loaded\n can lead to kernel panic. (bsc#947155)\n\n The following non-security bugs were fixed:\n\n - ALSA: hda - Abort the probe without i915 binding for HSW/BDW\n (bsc#936556).\n\n - Btrfs: Backport subvolume mount option handling (bsc#934962)\n\n - Btrfs: Handle unaligned length in extent_same (bsc#937609).\n\n - Btrfs: advertise which crc32c implementation is being used on mount\n ( ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel-source on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1727-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra-debuginfo\", rpm:\"kernel-default-extra-debuginfo~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.48~52.27.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.48~52.27.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.48~52.27.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.48~52.27.2\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.48~52.27.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.48~52.27.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.48~52.27.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.48~52.27.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.48~52.27.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.48~52.27.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.48~52.27.2\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.12.48~52.27.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-05T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for kernel (SUSE-SU-2015:2194-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-8215", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7799", "CVE-2015-5283", "CVE-2015-0272", "CVE-2015-8104"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851138", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851138", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851138\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-12-05 08:43:02 +0100 (Sat, 05 Dec 2015)\");\n script_cve_id(\"CVE-2015-0272\", \"CVE-2015-2925\", \"CVE-2015-5283\", \"CVE-2015-5307\",\n \"CVE-2015-7799\", \"CVE-2015-7872\", \"CVE-2015-7990\", \"CVE-2015-8104\",\n \"CVE-2015-8215\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for kernel (SUSE-SU-2015:2194-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers were valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n\n - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the\n Linux kernel had an incorrect sequence of protocol-initialization steps,\n which allowed local users to cause a denial of service (panic or memory\n corruption) by creating SCTP sockets before all of the steps have\n finished (bnc#947155).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a 'double-chroot attack (bnc#926238).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n\n - CVE-2015-7990: RDS: There was no verification that an underlying\n transport exists when creating a connection, causing usage of a NULL\n pointer (bsc#952384).\n\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n\n - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial\n of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6\n Router Advertisement (RA) message, a different vulnerability than\n CVE-2015-8215 (bnc#944296).\n\n The following non-security bugs were fixed:\n\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n\n - Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236\n (bsc#953796).\n\n - Btrfs: fix file corruption and data loss after cloning inline extents\n (bnc#956053).\n\n - Btrfs: fix truncation of compressed and inlined extents (bnc#956053).\n\n - Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)\n\n - Fix regression .\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:2194-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra-debuginfo\", rpm:\"kernel-default-extra-debuginfo~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.51~52.31.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.12.51~52.31.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-2777-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-5156", "CVE-2015-7312", "CVE-2015-5697", "CVE-2015-6937"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842493", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842493", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-2777-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842493\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-21 07:11:52 +0200 (Wed, 21 Oct 2015)\");\n script_cve_id(\"CVE-2015-5156\", \"CVE-2015-5697\", \"CVE-2015-6252\", \"CVE-2015-6937\",\n \"CVE-2015-7312\");\n script_tag(name:\"cvss_base\", value:\"6.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-2777-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that virtio networking in\nthe Linux kernel did not handle fragments correctly, leading to kernel memory\ncorruption. A remote attacker could use this to cause a denial of service (system\ncrash) or possibly execute code with administrative privileges. (CVE-2015-5156)\n\nBenjamin Randazzo discovered an information leak in the md (multiple\ndevice) driver when the bitmap_info.file is disabled. A local privileged\nattacker could use this to obtain sensitive information from the kernel.\n(CVE-2015-5697)\n\nMarc-Andr&#233 Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged attacker\ncould use this to cause a denial of service (resource exhaustion).\n(CVE-2015-6252)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) implementation\nin the Linux kernel did not verify sockets were properly bound before\nattempting to send a message, which could cause a NULL pointer dereference.\nAn attacker could use this to cause a denial of service (system crash).\n(CVE-2015-6937)\n\nBen Hutchings discovered that the Advanced Union Filesystem (aufs) for the\nLinux kernel did not correctly handle references of memory mapped files\nfrom an aufs mount. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code with\nadministrative privileges. (CVE-2015-7312)\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2777-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2777-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-51-generic\", ver:\"3.16.0-51.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-51-generic-lpae\", ver:\"3.16.0-51.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-51-lowlatency\", ver:\"3.16.0-51.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-51-powerpc-e500mc\", ver:\"3.16.0-51.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-51-powerpc-smp\", ver:\"3.16.0-51.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-51-powerpc64-emb\", ver:\"3.16.0-51.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-51-powerpc64-smp\", ver:\"3.16.0-51.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:53:38", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service.\n\nCVE-2015-5307Ben Serebrin from Google discovered a guest to host denial of\nservice flaw affecting the KVM hypervisor. A malicious guest can\ntrigger an infinite stream of alignment check \n(#AC) exceptions\ncausing the processor microcode to enter an infinite loop where the\ncore never receives another interrupt. This leads to a panic of the\nhost kernel.\n\nCVE-2015-7833 \nSergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a\nflaw in the processing of certain USB device descriptors in the\nusbvision driver. An attacker with physical access to the system can\nuse this flaw to crash the system.\n\nCVE-2015-7872 \nDmitry Vyukov discovered a vulnerability in the keyrings garbage\ncollector allowing a local user to trigger a kernel panic.\n\nCVE-2015-7990It was discovered that the fix for CVE-2015-6937 \nwas incomplete. A\nrace condition when sending a message on unbound socket can still\ncause a NULL pointer dereference. A remote attacker might be able to\ncause a denial of service (crash) by sending a crafted packet.", "cvss3": {}, "published": "2015-11-10T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3396-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7833", "CVE-2015-6937"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703396", "href": "http://plugins.openvas.org/nasl.php?oid=703396", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3396.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3396-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703396);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-6937\", \"CVE-2015-7833\", \"CVE-2015-7872\",\n \"CVE-2015-7990\");\n script_name(\"Debian Security Advisory DSA 3396-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-11-10 00:00:00 +0100 (Tue, 10 Nov 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3396.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the Linux operating system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution\n (wheezy), these problems have been fixed in version 3.2.68-1+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u6.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service.\n\nCVE-2015-5307Ben Serebrin from Google discovered a guest to host denial of\nservice flaw affecting the KVM hypervisor. A malicious guest can\ntrigger an infinite stream of alignment check \n(#AC) exceptions\ncausing the processor microcode to enter an infinite loop where the\ncore never receives another interrupt. This leads to a panic of the\nhost kernel.\n\nCVE-2015-7833 \nSergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a\nflaw in the processing of certain USB device descriptors in the\nusbvision driver. An attacker with physical access to the system can\nuse this flaw to crash the system.\n\nCVE-2015-7872 \nDmitry Vyukov discovered a vulnerability in the keyrings garbage\ncollector allowing a local user to trigger a kernel panic.\n\nCVE-2015-7990It was discovered that the fix for CVE-2015-6937 \nwas incomplete. A\nrace condition when sending a message on unbound socket can still\ncause a NULL pointer dereference. A remote attacker might be able to\ncause a denial of service (crash) by sending a crafted packet.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u6\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2760-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-6526", "CVE-2015-5707"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842475", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842475", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-2760-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842475\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-02 07:12:59 +0200 (Fri, 02 Oct 2015)\");\n script_cve_id(\"CVE-2015-5707\", \"CVE-2015-6252\", \"CVE-2015-6526\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-2760-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that an integer overflow\nerror existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker\nwith write permission to a SCSI generic device could use this to cause a denial of\nservice (system crash) or potentially escalate their privileges.\n(CVE-2015-5707)\n\nMarc-Andr&#233 Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged attacker\ncould use this to cause a denial of service (resource exhaustion).\n(CVE-2015-6252)\n\nIt was discovered that the Linux kernel's perf subsystem did not bound\ncallchain backtraces on PowerPC 64. A local attacker could use this to\ncause a denial of service. (CVE-2015-6526)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2760-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2760-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1471-omap4\", ver:\"3.2.0-1471.92\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:41", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service.\n\nCVE-2015-5307Ben Serebrin from Google discovered a guest to host denial of\nservice flaw affecting the KVM hypervisor. A malicious guest can\ntrigger an infinite stream of alignment check\n(#AC) exceptions\ncausing the processor microcode to enter an infinite loop where the\ncore never receives another interrupt. This leads to a panic of the\nhost kernel.\n\nCVE-2015-7833\nSergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a\nflaw in the processing of certain USB device descriptors in the\nusbvision driver. An attacker with physical access to the system can\nuse this flaw to crash the system.\n\nCVE-2015-7872\nDmitry Vyukov discovered a vulnerability in the keyrings garbage\ncollector allowing a local user to trigger a kernel panic.\n\nCVE-2015-7990It was discovered that the fix for CVE-2015-6937\nwas incomplete. A\nrace condition when sending a message on unbound socket can still\ncause a NULL pointer dereference. A remote attacker might be able to\ncause a denial of service (crash) by sending a crafted packet.", "cvss3": {}, "published": "2015-11-10T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3396-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7833", "CVE-2015-6937"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703396", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3396.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3396-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703396\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-6937\", \"CVE-2015-7833\", \"CVE-2015-7872\",\n \"CVE-2015-7990\");\n script_name(\"Debian Security Advisory DSA 3396-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-10 00:00:00 +0100 (Tue, 10 Nov 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3396.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution\n (wheezy), these problems have been fixed in version 3.2.68-1+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u6.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a denial of service.\n\nCVE-2015-5307Ben Serebrin from Google discovered a guest to host denial of\nservice flaw affecting the KVM hypervisor. A malicious guest can\ntrigger an infinite stream of alignment check\n(#AC) exceptions\ncausing the processor microcode to enter an infinite loop where the\ncore never receives another interrupt. This leads to a panic of the\nhost kernel.\n\nCVE-2015-7833\nSergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a\nflaw in the processing of certain USB device descriptors in the\nusbvision driver. An attacker with physical access to the system can\nuse this flaw to crash the system.\n\nCVE-2015-7872\nDmitry Vyukov discovered a vulnerability in the keyrings garbage\ncollector allowing a local user to trigger a kernel panic.\n\nCVE-2015-7990It was discovered that the fix for CVE-2015-6937\nwas incomplete. A\nrace condition when sending a message on unbound socket can still\ncause a NULL pointer dereference. A remote attacker might be able to\ncause a denial of service (crash) by sending a crafted packet.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u6\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.9, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:36:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2759-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-6526", "CVE-2015-5707"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842474", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842474", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2759-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842474\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-02 07:12:50 +0200 (Fri, 02 Oct 2015)\");\n script_cve_id(\"CVE-2015-5707\", \"CVE-2015-6252\", \"CVE-2015-6526\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2759-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that an integer overflow\nerror existed in the SCSI generic (sg) driver in the Linux kernel. A local\nattacker with write permission to a SCSI generic device could use this to cause\na denial of service (system crash) or potentially escalate their privileges.\n(CVE-2015-5707)\n\nMarc-Andr&#233 Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged attacker\ncould use this to cause a denial of service (resource exhaustion).\n(CVE-2015-6252)\n\nIt was discovered that the Linux kernel's perf subsystem did not bound\ncallchain backtraces on PowerPC 64. A local attacker could use this to\ncause a denial of service. (CVE-2015-6526)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2759-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2759-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-91-generic\", ver:\"3.2.0-91.129\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-91-generic-pae\", ver:\"3.2.0-91.129\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-91-highbank\", ver:\"3.2.0-91.129\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-91-omap\", ver:\"3.2.0-91.129\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-91-powerpc-smp\", ver:\"3.2.0-91.129\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-91-powerpc64-smp\", ver:\"3.2.0-91.129\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-91-virtual\", ver:\"3.2.0-91.129\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:36", "description": "Check the version of kernel", "cvss3": {}, "published": "2015-12-16T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2015:2636 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-8104"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882342", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882342", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2015:2636 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882342\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-16 05:50:17 +0100 (Wed, 16 Dec 2015)\");\n script_cve_id(\"CVE-2015-2925\", \"CVE-2015-5307\", \"CVE-2015-7613\", \"CVE-2015-7872\",\n \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2015:2636 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\n * A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n * It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\n * A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n * It was found that the Linux kernel's keys subsystem did not correctly\ngarbage collect uninstantiated keyrings. A local attacker could use this\nflaw to crash the system or, potentially, escalate their privileges on\nthe system. (CVE-2015-7872, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n * Previously, Human Interface Device (HID) ran a report on an unaligned\nbuffer, which could cause a page fault interrupt and an oops when the end\nof the report was read. This update fixes this bug by padding the end of\nthe report with extra bytes, so the reading of the report never crosses a\npage boundary. As a result, a page fault and subsequent oops no longer\noccur. (BZ#1268203)\n\n * The NFS client was previously failing to detect a directory loop for some\nNFS server directory structures. This failure could cause NFS inodes to\nremain referenced after attempting to unmount the file system, leading to a\nkernel crash. Loop checks have been added to VFS, which effectively\nprevents this problem from occurring. (BZ#1272858)\n\n * Due to a race whereby the nfs_wb_pages_cancel() and\nnfs_commit_release_pages() calls both removed a request from the nfs_inode\nstruct type, the kernel panicked with negative nfs_inode.npages count.\nThe provided upstream patch performs ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:2636\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-December/021541.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~573.12.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-16T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:2636-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-8104"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871524", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871524", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:2636-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871524\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-16 05:49:27 +0100 (Wed, 16 Dec 2015)\");\n script_cve_id(\"CVE-2015-2925\", \"CVE-2015-5307\", \"CVE-2015-7613\", \"CVE-2015-7872\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:2636-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\n * A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n * It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\n * A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n * It was found that the Linux kernel's keys subsystem did not correctly\ngarbage collect uninstantiated keyrings. A local attacker could use this\nflaw to crash the system or, potentially, escalate their privileges on\nthe system. (CVE-2015-7872, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n * Previously, Human Interface Device (HID) ran a report on an unaligned\nbuffer, which could cause a page fault interrupt and an oops when the end\nof the report was read. This update fixes this bug by padding the end of\nthe report with extra bytes, so the reading of the report never crosses a\npage boundary. As a result, a page fault and subsequent oops no longer\noccur. (BZ#1268203)\n\n * The NFS client was previously failing to detect a directory loop for some\nNFS server directory structures. This failure could cause NFS inodes to\nremain referenced after attempting to unmount the file system, leading to a\nkernel crash. Loop checks have been added to VFS, which effectively\nprevents this problem from occurring. (BZ#1272858)\n\n * Due to a race whereby the nfs_wb_pages_cancel() and\nnfs_commit_release_pages() calls both removed a request from th ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2636-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-December/msg00039.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~573.12.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:51", "description": "Oracle Linux Local Security Checks ELSA-2015-2636", "cvss3": {}, "published": "2015-12-16T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2636", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-8104"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122806", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122806", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2636.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122806\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-16 11:36:47 +0200 (Wed, 16 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2636\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2636 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2636\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2636.html\");\n script_cve_id(\"CVE-2015-2925\", \"CVE-2015-7613\", \"CVE-2015-5307\", \"CVE-2015-8104\", \"CVE-2015-7872\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~573.12.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:52", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice, unauthorised information disclosure or unauthorised information\nmodification.\n\nCVE-2015-2925\nJann Horn discovered that when a subdirectory of a filesystem was\nbind-mounted into a chroot or mount namespace, a user that should\nbe confined to that chroot or namespace could access the whole of\nthat filesystem if they had write permission on an ancestor of\nthe subdirectory. This is not a common configuration for wheezy,\nand the issue has previously been fixed for jessie.\n\nCVE-2015-5257\nMoein Ghasemzadeh of Istuary Innovation Labs reported that a USB\ndevice could cause a denial of service (crash) by imitating a\nWhiteheat USB serial device but presenting a smaller number of\nendpoints.\n\nCVE-2015-5283\nMarcelo Ricardo Leitner discovered that creating multiple SCTP\nsockets at the same time could cause a denial of service (crash)\nif the sctp module had not previously been loaded. This issue\nonly affects jessie.\n\nCVE-2015-7613\nDmitry Vyukov discovered that System V IPC objects (message queues\nand shared memory segments) were made accessible before their\nownership and other attributes were fully initialised. If a local\nuser can race against another user or service creating a new IPC\nobject, this may result in unauthorised information disclosure,\nunauthorised information modification, denial of service and/or\nprivilege escalation.\n\nA similar issue existed with System V semaphore arrays, but was\nless severe because they were always cleared before being fully\ninitialised.", "cvss3": {}, "published": "2015-10-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3372-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-5257", "CVE-2015-7613", "CVE-2015-5283"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703372", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3372.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3372-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703372\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2015-2925\", \"CVE-2015-5257\", \"CVE-2015-5283\", \"CVE-2015-7613\");\n script_name(\"Debian Security Advisory DSA 3372-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 00:00:00 +0200 (Tue, 13 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3372.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(7|8)\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 3.2.68-1+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.2.3-1 or earlier versions.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice, unauthorised information disclosure or unauthorised information\nmodification.\n\nCVE-2015-2925\nJann Horn discovered that when a subdirectory of a filesystem was\nbind-mounted into a chroot or mount namespace, a user that should\nbe confined to that chroot or namespace could access the whole of\nthat filesystem if they had write permission on an ancestor of\nthe subdirectory. This is not a common configuration for wheezy,\nand the issue has previously been fixed for jessie.\n\nCVE-2015-5257\nMoein Ghasemzadeh of Istuary Innovation Labs reported that a USB\ndevice could cause a denial of service (crash) by imitating a\nWhiteheat USB serial device but presenting a smaller number of\nendpoints.\n\nCVE-2015-5283\nMarcelo Ricardo Leitner discovered that creating multiple SCTP\nsockets at the same time could cause a denial of service (crash)\nif the sctp module had not previously been loaded. This issue\nonly affects jessie.\n\nCVE-2015-7613\nDmitry Vyukov discovered that System V IPC objects (message queues\nand shared memory segments) were made accessible before their\nownership and other attributes were fully initialised. If a local\nuser can race against another user or service creating a new IPC\nobject, this may result in unauthorised information disclosure,\nunauthorised information modification, denial of service and/or\nprivilege escalation.\n\nA similar issue existed with System V semaphore arrays, but was\nless severe because they were always cleared before being fully\ninitialised.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u5\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:53:45", "description": "Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice, unauthorised information disclosure or unauthorised information\nmodification.\n\nCVE-2015-2925 \nJann Horn discovered that when a subdirectory of a filesystem was\nbind-mounted into a chroot or mount namespace, a user that should\nbe confined to that chroot or namespace could access the whole of\nthat filesystem if they had write permission on an ancestor of\nthe subdirectory. This is not a common configuration for wheezy,\nand the issue has previously been fixed for jessie.\n\nCVE-2015-5257 \nMoein Ghasemzadeh of Istuary Innovation Labs reported that a USB\ndevice could cause a denial of service (crash) by imitating a\nWhiteheat USB serial device but presenting a smaller number of\nendpoints.\n\nCVE-2015-5283 \nMarcelo Ricardo Leitner discovered that creating multiple SCTP\nsockets at the same time could cause a denial of service (crash)\nif the sctp module had not previously been loaded. This issue\nonly affects jessie.\n\nCVE-2015-7613 \nDmitry Vyukov discovered that System V IPC objects (message queues\nand shared memory segments) were made accessible before their\nownership and other attributes were fully initialised. If a local\nuser can race against another user or service creating a new IPC\nobject, this may result in unauthorised information disclosure,\nunauthorised information modification, denial of service and/or\nprivilege escalation.\n\nA similar issue existed with System V semaphore arrays, but was\nless severe because they were always cleared before being fully\ninitialised.", "cvss3": {}, "published": "2015-10-13T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3372-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-5257", "CVE-2015-7613", "CVE-2015-5283"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703372", "href": "http://plugins.openvas.org/nasl.php?oid=703372", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3372.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3372-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703372);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-2925\", \"CVE-2015-5257\", \"CVE-2015-5283\", \"CVE-2015-7613\");\n script_name(\"Debian Security Advisory DSA 3372-1 (linux - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-10-13 00:00:00 +0200 (Tue, 13 Oct 2015)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3372.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"linux on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Linux kernel is the core of the\nLinux operating system.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthese problems have been fixed in version 3.2.68-1+deb7u5.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 3.16.7-ckt11-1+deb8u5.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 4.2.3-1 or earlier versions.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name: \"summary\", value: \"Several vulnerabilities have been\ndiscovered in the Linux kernel that may lead to a privilege escalation, denial of\nservice, unauthorised information disclosure or unauthorised information\nmodification.\n\nCVE-2015-2925 \nJann Horn discovered that when a subdirectory of a filesystem was\nbind-mounted into a chroot or mount namespace, a user that should\nbe confined to that chroot or namespace could access the whole of\nthat filesystem if they had write permission on an ancestor of\nthe subdirectory. This is not a common configuration for wheezy,\nand the issue has previously been fixed for jessie.\n\nCVE-2015-5257 \nMoein Ghasemzadeh of Istuary Innovation Labs reported that a USB\ndevice could cause a denial of service (crash) by imitating a\nWhiteheat USB serial device but presenting a smaller number of\nendpoints.\n\nCVE-2015-5283 \nMarcelo Ricardo Leitner discovered that creating multiple SCTP\nsockets at the same time could cause a denial of service (crash)\nif the sctp module had not previously been loaded. This issue\nonly affects jessie.\n\nCVE-2015-7613 \nDmitry Vyukov discovered that System V IPC objects (message queues\nand shared memory segments) were made accessible before their\nownership and other attributes were fully initialised. If a local\nuser can race against another user or service creating a new IPC\nobject, this may result in unauthorised information disclosure,\nunauthorised information modification, denial of service and/or\nprivilege escalation.\n\nA similar issue existed with System V semaphore arrays, but was\nless severe because they were always cleared before being fully\ninitialised.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.2\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-486\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-amd64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armel\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-armhf\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-i386\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-ia64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-powerpc\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-s390x\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-sparc\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common-rt\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-iop32x\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-itanium\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-ixp4xx\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-kirkwood\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mckinley\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mv78xx0\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-mx5\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-omap\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-orion5x\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc-smp\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-powerpc64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-686-pae\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-rt-amd64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-s390x\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sparc64-smp\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-versatile\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-vexpress\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-486\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-686-pae-dbg\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-amd64-dbg\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-iop32x\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-itanium\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-ixp4xx\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-kirkwood\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mckinley\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mv78xx0\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-mx5\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-omap\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-orion5x\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc-smp\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-powerpc64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-686-pae-dbg\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-rt-amd64-dbg\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-dbg\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-s390x-tape\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sparc64-smp\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-versatile\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-vexpress\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.2\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.2\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.2.0-4\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-686-pae\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.2.0-4-amd64\", ver:\"3.2.68-1+deb7u5\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:i386\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-libc-dev:amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.7-ckt11-1+deb8u5\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:52", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2749-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-5697"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842468", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842468", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2749-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842468\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-30 07:08:06 +0200 (Wed, 30 Sep 2015)\");\n script_cve_id(\"CVE-2015-5697\", \"CVE-2015-6252\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2749-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Benjamin Randazzo discovered an information leak in the md (multiple\ndevice) driver when the bitmap_info.file is disabled. A local privileged\nattacker could use this to obtain sensitive information from the kernel.\n(CVE-2015-5697)\n\nMarc-Andr&#233 Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged attacker\ncould use this to cause a denial of service (resource exhaustion).\n(CVE-2015-6252)\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2749-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2749-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-generic\", ver:\"3.13.0-65.105~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-generic-lpae\", ver:\"3.13.0-65.105~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-2751-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-5697"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842467", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-2751-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842467\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-30 07:08:03 +0200 (Wed, 30 Sep 2015)\");\n script_cve_id(\"CVE-2015-5697\", \"CVE-2015-6252\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-2751-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Benjamin Randazzo discovered an information leak in the md (multiple\ndevice) driver when the bitmap_info.file is disabled. A local privileged\nattacker could use this to obtain sensitive information from the kernel.\n(CVE-2015-5697)\n\nMarc-Andr&#233 Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged attacker\ncould use this to cause a denial of service (resource exhaustion).\n(CVE-2015-6252)\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2751-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2751-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-generic\", ver:\"3.19.0-30.33~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-generic-lpae\", ver:\"3.19.0-30.33~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-lowlatency\", ver:\"3.19.0-30.33~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-powerpc-e500mc\", ver:\"3.19.0-30.33~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-powerpc-smp\", ver:\"3.19.0-30.33~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-powerpc64-emb\", ver:\"3.19.0-30.33~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-powerpc64-smp\", ver:\"3.19.0-30.33~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:35:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2748-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-5697"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842463", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842463", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2748-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842463\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 07:43:45 +0200 (Tue, 29 Sep 2015)\");\n script_cve_id(\"CVE-2015-5697\", \"CVE-2015-6252\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2748-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Benjamin Randazzo discovered an information leak in the md (multiple\ndevice) driver when the bitmap_info.file is disabled. A local privileged\nattacker could use this to obtain sensitive information from the kernel.\n(CVE-2015-5697)\n\nMarc-Andr&#233 Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged attacker\ncould use this to cause a denial of service (resource exhaustion).\n(CVE-2015-6252)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2748-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2748-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-generic\", ver:\"3.13.0-65.105\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-generic-lpae\", ver:\"3.13.0-65.105\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-lowlatency\", ver:\"3.13.0-65.105\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-powerpc-e500\", ver:\"3.13.0-65.105\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-powerpc-e500mc\", ver:\"3.13.0-65.105\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-powerpc-smp\", ver:\"3.13.0-65.105\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-powerpc64-emb\", ver:\"3.13.0-65.105\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-65-powerpc64-smp\", ver:\"3.13.0-65.105\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-09-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2752-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-5697"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842469", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842469", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2752-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842469\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-09-30 07:08:09 +0200 (Wed, 30 Sep 2015)\");\n script_cve_id(\"CVE-2015-5697\", \"CVE-2015-6252\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2752-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Benjamin Randazzo discovered an information leak in the md (multiple\ndevice) driver when the bitmap_info.file is disabled. A local privileged\nattacker could use this to obtain sensitive information from the kernel.\n(CVE-2015-5697)\n\nMarc-Andr&#233 Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged attacker\ncould use this to cause a denial of service (resource exhaustion).\n(CVE-2015-6252)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 15.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2752-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2752-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-generic\", ver:\"3.19.0-30.33\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-generic-lpae\", ver:\"3.19.0-30.33\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-lowlatency\", ver:\"3.19.0-30.33\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-powerpc-e500mc\", ver:\"3.19.0-30.33\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-powerpc-smp\", ver:\"3.19.0-30.33\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-powerpc64-emb\", ver:\"3.19.0-30.33\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-30-powerpc64-smp\", ver:\"3.19.0-30.33\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:44", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2829-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7872", "CVE-2015-5283"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842550", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2829-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842550\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-05 08:42:51 +0100 (Sat, 05 Dec 2015)\");\n script_cve_id(\"CVE-2015-5283\", \"CVE-2015-7872\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2829-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the SCTP protocol\nimplementation in the Linux kernel performed an incorrect sequence of protocol-\ninitialization steps. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2015-5283)\n\nDmitry Vyukov discovered that the Linux kernel's keyring handler attempted\nto garbage collect incompletely instantiated keys. A local unprivileged\nattacker could use this to cause a denial of service (system crash).\n(CVE-2015-7872)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 15.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2829-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2829-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-generic\", ver:\"3.19.0-39.44\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-generic-lpae\", ver:\"3.19.0-39.44\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-lowlatency\", ver:\"3.19.0-39.44\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-powerpc-e500mc\", ver:\"3.19.0-39.44\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-powerpc-smp\", ver:\"3.19.0-39.44\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-powerpc64-emb\", ver:\"3.19.0-39.44\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-powerpc64-smp\", ver:\"3.19.0-39.44\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:32", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2823-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7872", "CVE-2015-5283"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842544", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842544", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2823-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842544\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-02 06:42:24 +0100 (Wed, 02 Dec 2015)\");\n script_cve_id(\"CVE-2015-5283\", \"CVE-2015-7872\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2823-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the SCTP protocol\nimplementation in the Linux kernel performed an incorrect sequence of protocol-\nnitialization steps. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2015-5283)\n\nDmitry Vyukov discovered that the Linux kernel's keyring handler attempted\nto garbage collect incompletely instantiated keys. A local unprivileged\nattacker could use this to cause a denial of service (system crash).\n(CVE-2015-7872)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2823-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2823-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-generic\", ver:\"3.13.0-71.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-generic-lpae\", ver:\"3.13.0-71.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-lowlatency\", ver:\"3.13.0-71.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-powerpc-e500\", ver:\"3.13.0-71.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-powerpc-e500mc\", ver:\"3.13.0-71.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-powerpc-smp\", ver:\"3.13.0-71.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-powerpc64-emb\", ver:\"3.13.0-71.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-powerpc64-smp\", ver:\"3.13.0-71.114\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2826-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7872", "CVE-2015-5283"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842549", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842549", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2826-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842549\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-04 06:13:21 +0100 (Fri, 04 Dec 2015)\");\n script_cve_id(\"CVE-2015-5283\", \"CVE-2015-7872\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2826-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the SCTP protocol\nimplementation in the Linux kernel performed an incorrect sequence of protocol\n\n - initialization steps. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2015-5283)\n\nDmitry Vyukov discovered that the Linux kernel's keyring handler attempted\nto garbage collect incompletely instantiated keys. A local unprivileged\nattacker could use this to cause a denial of service (system crash).\n(CVE-2015-7872)\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2826-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2826-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-generic\", ver:\"3.13.0-71.114~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-71-generic-lpae\", ver:\"3.13.0-71.114~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:47", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-05T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-2829-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7872", "CVE-2015-5283"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-2829-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842551\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-05 08:42:55 +0100 (Sat, 05 Dec 2015)\");\n script_cve_id(\"CVE-2015-5283\", \"CVE-2015-7872\");\n script_tag(name:\"cvss_base\", value:\"4.7\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-2829-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the SCTP protocol\nimplementation in the Linux kernel performed an incorrect sequence of protocol-\ninitialization steps. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2015-5283)\n\nDmitry Vyukov discovered that the Linux kernel's keyring handler attempted\nto garbage collect incompletely instantiated keys. A local unprivileged\nattacker could use this to cause a denial of service (system crash).\n(CVE-2015-7872)\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2829-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2829-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-generic\", ver:\"3.19.0-39.44~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-generic-lpae\", ver:\"3.19.0-39.44~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-lowlatency\", ver:\"3.19.0-39.44~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-powerpc-e500mc\", ver:\"3.19.0-39.44~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-powerpc-smp\", ver:\"3.19.0-39.44~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-powerpc64-emb\", ver:\"3.19.0-39.44~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-39-powerpc64-smp\", ver:\"3.19.0-39.44~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-01-21T00:00:00", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-26", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7513", "CVE-2015-7566"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310806985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-26\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806985\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-21 06:13:59 +0100 (Thu, 21 Jan 2016)\");\n script_cve_id(\"CVE-2015-7566\", \"CVE-2015-7513\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-26\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-26\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.3.3~301.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:48", "description": "Oracle Linux Local Security Checks ELSA-2015-3101", "cvss3": {}, "published": "2015-12-02T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3101", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7613", "CVE-2015-5283"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3101.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122793\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-02 11:24:55 +0200 (Wed, 02 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3101\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3101 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3101\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3101.html\");\n script_cve_id(\"CVE-2015-5283\", \"CVE-2015-7613\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~118.2.1.el7uek~0.4.5~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~118.2.1.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~118.2.1.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~118.2.1.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~118.2.1.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~118.2.1.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~118.2.1.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~118.2.1.el6uek~0.4.5~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~118.2.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~118.2.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~118.2.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~118.2.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~118.2.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~118.2.1.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:06", "description": "Oracle Linux Local Security Checks ELSA-2015-3071", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3071", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123031", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123031", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3071.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123031\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:52 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3071\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3071 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3071\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3071.html\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~98.1.2.el7uek~0.4.5~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~98.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~98.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~98.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~98.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~98.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~98.1.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~98.1.2.el6uek~0.4.5~2.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~98.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~98.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~98.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~98.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~98.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~98.1.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:30", "description": "Check the version of kernel", "cvss3": {}, "published": "2016-01-20T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2016:0045 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882369", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2016:0045 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882369\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-20 06:16:08 +0100 (Wed, 20 Jan 2016)\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2016:0045 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\n * Two flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0045\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-January/021616.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~408.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-06T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:1623-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871426", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:1623-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871426\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-06 15:29:36 +0530 (Fri, 06 May 2016)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:1623-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux operating system.\n\nTwo flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\nThis update also fixes the following bugs:\n\n * When removing a directory, and a reference was held to that directory by\na reference to a negative child dentry, the directory dentry was previously\nnot killed. In addition, once the negative child dentry was killed, an\nunlinked and unused dentry was present in the cache. As a consequence,\ndeadlock could be caused by forcing the dentry eviction while the file\nsystem in question was frozen. With this update, all unused dentries are\nunhashed and evicted just after a successful directory removal, which\navoids the deadlock, and the system no longer hangs in the aforementioned\nscenario. (BZ#1243400)\n\n * Due to the broken s_umount lock ordering, a race condition occurred when\nan unlinked file was closed and the sync (or syncfs) utility was run at the\nsame time. As a consequence, deadlock occurred on a frozen file system\nbetween sync and a process trying to unfreeze the file system. With this\nupdate, sync (or syncfs) is skipped on a frozen file system, and deadlock\nno longer occurs in the aforementioned situation. (BZ#1243404)\n\n * Previously, in the scenario when a file was opened by file handle\n(fhandle) with its dentry not present in dcache ('cold dcache') and then\nmaking use of the unlink() and close() functions, the inode was not freed\nupon the close() system call. As a consequence, the iput() final was\ndelayed indefinitely. A patch has been provided to fix this bug, and the\ninode is now freed as expected. (BZ#1243406)\n\n * Due to a corrupted Executable and Linkable Format (ELF) header in the\n/proc/vmcore file, the kdump utility failed to provide any information.\nThe underlying source code has been patched, and kdump now provides\ndebugging information for kernel crashes as intended. (BZ#1245195)\n\n * Previously, running the multipath request queue caused regressions in\ncases where paths failed regularly under I/O load. This regression\nmanifested as I/O stalls that exceeded 300 seconds. This update reverts the\nchanges aimed to reduce running the multipath request queue resulting in\nI/O stalls completing ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2015:1623-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-August/msg00020.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~573.3.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:52", "description": "Check the version of kernel", "cvss3": {}, "published": "2016-02-17T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2016:0185 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7872", "CVE-2015-5157"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882396", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882396", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2016:0185 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882396\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-02-17 06:27:32 +0100 (Wed, 17 Feb 2016)\");\n script_cve_id(\"CVE-2015-5157\", \"CVE-2015-7872\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2016:0185 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\n * It was found that the Linux kernel's keys subsystem did not correctly\ngarbage collect uninstantiated keyrings. A local attacker could use this\nflaw to crash the system or, potentially, escalate their privileges on the\nsystem. (CVE-2015-7872, Important)\n\n * A flaw was found in the way the Linux kernel handled IRET faults during\nthe processing of NMIs. An unprivileged, local user could use this flaw to\ncrash the system or, potentially (although highly unlikely), escalate their\nprivileges on the system. (CVE-2015-5157, Moderate)\n\nThis update also fixes the following bugs:\n\n * Previously, processing packets with a lot of different IPv6 source\naddresses caused the kernel to return warnings concerning soft-lockups due\nto high lock contention and latency increase. With this update, lock\ncontention is reduced by backing off concurrent waiting threads on the\nlock. As a result, the kernel no longer issues warnings in the described\nscenario. (BZ#1285370)\n\n * Prior to this update, block device readahead was artificially limited.\nAs a consequence, the read performance was poor, especially on RAID\ndevices. Now, per-device readahead limits are used for each device instead\nof a global limit. As a result, read performance has improved, especially\non RAID devices. (BZ#1287550)\n\n * After injecting an EEH error, the host was previously not recovering and\nobserving I/O hangs in HTX tool logs. This update makes sure that when one\nor both of EEH_STATE_MMIO_ACTIVE and EEH_STATE_MMIO_ENABLED flags is marked\nin the PE state, the PE's IO path is regarded as enabled as well. As a\nresult, the host no longer hangs and recovers as expected. (BZ#1289101)\n\n * The genwqe device driver was previously using the GFP_ATOMIC flag for\nallocating consecutive memory pages from the kernel's atomic memory pool,\neven in non-atomic situations. This could lead to allocation failures\nduring memory pressure. With this update, the genwqe driver's memory\nallocations use the GFP_KERNEL flag, and the driver can allocate memory\neven during memory pressure situations. (BZ#1289450)\n\n * The nx842 co-processor for IBM Power Systems could in some circumstances\nprovide invalid data due to a data corruption bug during uncompression.\nWith this update, all compression and uncompression calls to the nx842\nco-processor contain a cyclic redundancy check (CRC) flag, which forces all\ncompression and uncompression operations to check data integrity and\nprevents the co-processor from providing corrupted data. (BZ#1289451)\n\n * A failed 'updatepp' operation on the little-endian variant o ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:0185\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-February/021705.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.10.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:27", "description": "Oracle Linux Local Security Checks ELSA-2016-0185", "cvss3": {}, "published": "2016-02-18T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0185", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7872", "CVE-2015-5157"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122884", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122884", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0185.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122884\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-02-18 07:27:24 +0200 (Thu, 18 Feb 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0185\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0185 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0185\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0185.html\");\n script_cve_id(\"CVE-2015-7872\", \"CVE-2015-5157\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.10.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:06", "description": "Oracle Linux Local Security Checks ELSA-2016-0045-1", "cvss3": {}, "published": "2016-01-21T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0045-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122852", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122852", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0045-1.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122852\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-21 07:29:49 +0200 (Thu, 21 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0045-1\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0045-1 - kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0045-1\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0045-1.html\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~408.0.0.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~408.0.0.0.1.el5~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~408.0.0.0.1.el5PAE~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~408.0.0.0.1.el5debug~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~408.0.0.0.1.el5xen~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~408.0.0.0.1.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~408.0.0.0.1.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~408.0.0.0.1.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~408.0.0.0.1.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:46", "description": "Oracle Linux Local Security Checks ELSA-2015-3073", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3073", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3073.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123033\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:53 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3073\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3073 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3073\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3073.html\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.11.el5uek~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.11.el5uekdebug~1.5.7~2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.11.el5uek~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.11.el5uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.32~400.37.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.32~400.37.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.32~400.37.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.32~400.37.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.32~400.37.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.32~400.37.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.11.el6uek~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"mlnx_en\", rpm:\"mlnx_en~2.6.32~400.37.11.el6uekdebug~1.5.7~0.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.11.el6uek~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ofa\", rpm:\"ofa~2.6.32~400.37.11.el6uekdebug~1.5.1~4.0.58\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:39", "description": "The kernel in use by the Management Plane of PAN-OS is vulnerable to CVE-2015-5364 and CVE-2015-5366.", "cvss3": {}, "published": "2016-10-25T00:00:00", "type": "openvas", "title": "Palo Alto PAN-OS Kernel Vulnerabilities (PAN-SA-2016-0025)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2018-10-16T00:00:00", "id": "OPENVAS:1361412562310140016", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_panos_pan_sa-2016_0025.nasl 11922 2018-10-16 10:24:25Z asteins $\n#\n# Palo Alto PAN-OS Kernel Vulnerabilities (PAN-SA-2016-0025)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:paloaltonetworks:pan-os';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140016\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 11922 $\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_name(\"Palo Alto PAN-OS Kernel Vulnerabilities (PAN-SA-2016-0025)\");\n\n script_xref(name:\"URL\", value:\"https://securityadvisories.paloaltonetworks.com/Home/Detail/58\");\n\n script_tag(name:\"summary\", value:\"The kernel in use by the Management Plane of PAN-OS is vulnerable to CVE-2015-5364 and CVE-2015-5366.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"solution\", value:\"Update to PAN-OS 5.0.20 and later, PAN-OS 5.1.13 and later, PAN-OS 6.0.15 and later, PAN-OS 7.0.11 and later, PAN-OS 7.1.5 and later\");\n\n script_tag(name:\"affected\", value:\"PAN-OS 5.0.19 and earlier, PAN-OS 5.1.12 and earlier, PAN-OS 6.0.14 and earlier, PAN-OS 6.1.X, PAN-OS 7.0.10 and prior, PAN-OS 7.1.4 and earlier\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-16 12:24:25 +0200 (Tue, 16 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-25 14:26:55 +0200 (Tue, 25 Oct 2016)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Palo Alto PAN-OS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_palo_alto_panOS_version.nasl\");\n script_mandatory_keys(\"palo_alto_pan_os/version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );\n\nmodel = get_kb_item( \"palo_alto_pan_os/model\" );\n\nif( version =~ \"^5\\.0\" )\n fix = '5.0.20';\nelse if( version =~ \"^5\\.1\" )\n fix = '5.1.13';\nelse if( version =~ \"^6\\.0\" )\n fix = '6.0.15';\nelse if( version =~ \"^7\\.0\" )\n fix = '7.0.11';\nelse if( version =~ \"^7\\.1\" )\n fix = '7.1.5';\n\nif( ! fix ) exit( 0 );\n\nif( version_is_less( version:version, test_version:fix ) )\n{\n report = 'Installed version: ' + version + '\\n' +\n 'Fixed version: ' + fix;\n\n if( model )\n report += '\\nModel: ' + model;\n\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:50", "description": "Oracle Linux Local Security Checks ELSA-2015-3072", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3072", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123032", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123032", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3072.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123032\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:53 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3072\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3072 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3072\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3072.html\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.250.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.250.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.250.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.250.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.250.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.250.11.el5uek\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~2.6.39~400.250.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~2.6.39~400.250.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~2.6.39~400.250.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~2.6.39~400.250.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~2.6.39~400.250.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~2.6.39~400.250.11.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-01-20T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2016:0045-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871541", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871541", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2016:0045-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871541\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-20 06:15:56 +0100 (Wed, 20 Jan 2016)\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2016:0045-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\n * Two flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0045-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-January/msg00021.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-debuginfo\", rpm:\"kernel-PAE-debuginfo~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common\", rpm:\"kernel-debuginfo-common~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~408.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:57", "description": "Check the version of kernel", "cvss3": {}, "published": "2015-08-14T00:00:00", "type": "openvas", "title": "CentOS Update for kernel CESA-2015:1623 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882245", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2015:1623 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882245\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-14 05:34:33 +0200 (Fri, 14 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2015:1623 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\n kernel, the core of any Linux\noperating system.\n\nTwo flaws were found in the way the Linux kernel's networking\nimplementation handled UDP packets with incorrect checksum values. A remote\nattacker could potentially use these flaws to trigger an infinite loop in\nthe kernel, resulting in a denial of service on the system, or cause a\ndenial of service in applications using the edge triggered epoll\nfunctionality. (CVE-2015-5364, CVE-2015-5366, Important)\n\nThis update also fixes the following bugs:\n\n * When removing a directory, and a reference was held to that directory by\na reference to a negative child dentry, the directory dentry was previously\nnot killed. In addition, once the negative child dentry was killed, an\nunlinked and unused dentry was present in the cache. As a consequence,\ndeadlock could be caused by forcing the dentry eviction while the file\nsystem in question was frozen. With this update, all unused dentries are\nunhashed and evicted just after a successful directory removal, which\navoids the deadlock, and the system no longer hangs in the aforementioned\nscenario. (BZ#1243400)\n\n * Due to the broken s_umount lock ordering, a race condition occurred when\nan unlinked file was closed and the sync (or syncfs) utility was run at the\nsame time. As a consequence, deadlock occurred on a frozen file system\nbetween sync and a process trying to unfreeze the file system. With this\nupdate, sync (or syncfs) is skipped on a frozen file system, and deadlock\nno longer occurs in the aforementioned situation. (BZ#1243404)\n\n * Previously, in the scenario when a file was opened by file handle\n(fhandle) with its dentry not present in dcache ('cold dcache') and then\nmaking use of the unlink() and close() functions, the inode was not freed\nupon the close() system call. As a consequence, the iput() final was\ndelayed indefinitely. A patch has been provided to fix this bug, and the\ninode is now freed as expected. (BZ#1243406)\n\n * Due to a corrupted Executable and Linkable Format (ELF) header in the\n/proc/vmcore file, the kdump utility failed to provide any information.\nThe underlying source code has been patched, and kdump now provides\ndebugging information for kernel crashes as intended. (BZ#1245195)\n\n * Previously, running the multipath request queue caused regressions in\ncases where paths failed regularly under I/O load. This regression\nmanifested as I/O stalls that exceeded 300 seconds. This update reverts the\nchanges aimed to reduce running the multipath request queue resulting in\nI/O stalls completing in a timely manner. (BZ#1246095)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1623\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-August/021327.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~573.3.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:32", "description": "Oracle Linux Local Security Checks ELSA-2016-0045", "cvss3": {}, "published": "2016-01-21T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2016-0045", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2019-03-14T00:00:00", "id": "OPENVAS:1361412562310122855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122855", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2016-0045.nasl 14180 2019-03-14 12:29:16Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122855\");\n script_version(\"$Revision: 14180 $\");\n script_tag(name:\"creation_date\", value:\"2016-01-21 07:29:52 +0200 (Thu, 21 Jan 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:29:16 +0100 (Thu, 14 Mar 2019) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2016-0045\");\n script_tag(name:\"insight\", value:\"ELSA-2016-0045 - kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2016-0045\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2016-0045.html\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE\", rpm:\"kernel-PAE~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-PAE-devel\", rpm:\"kernel-PAE-devel~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~2.6.18~408.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~408.el5~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~408.el5PAE~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~408.el5debug~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ocfs2\", rpm:\"ocfs2~2.6.18~408.el5xen~1.4.10~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~408.el5~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~408.el5PAE~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~408.el5debug~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"oracleasm\", rpm:\"oracleasm~2.6.18~408.el5xen~2.0.5~1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:05", "description": "Oracle Linux Local Security Checks ELSA-2015-1623", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1623", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5364", "CVE-2015-5366"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123034", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123034", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1623.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123034\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 09:46:54 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1623\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1623 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1623\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1623.html\");\n script_cve_id(\"CVE-2015-5364\", \"CVE-2015-5366\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~573.3.1.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:52", "description": "Oracle Linux Local Security Checks ELSA-2015-2552", "cvss3": {}, "published": "2015-12-09T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2552", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122797", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-2552.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122797\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 06:54:00 +0200 (Wed, 09 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-2552\");\n script_tag(name:\"insight\", value:\"ELSA-2015-2552 - kernel security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-2552\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-2552.html\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.3.1.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-12-09T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2015:2552-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871516", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871516", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2015:2552-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871516\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-12-09 11:45:43 +0100 (Wed, 09 Dec 2015)\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2015:2552-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\n the core of any Linux operating system.\n\n * It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n * On Intel Xeon v5 platforms, the processor frequency was always tied to\nthe highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency, and\nprocessor frequency values by determining the range and adjusting the\nminimal and maximal percent limit values. Now, switching p-states on the\naforementioned client platforms proceeds successfully. (BZ#1273926)\n\n * Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing,\na VM became previously unresponsive when connected to Red Hat Enterprise\nVirtualization Hypervisor. The provided patch fixes this bug by dropping\nthe check in MMIO handler, and a VM continues running as expected.\n(BZ#1275150)\n\n * Due to retry-able command errors, the NVMe driver previously leaked I/O\ndescriptors and DMA mappings. As a consequence, the kernel could become\nunresponsive during the hot-unplug operation if a driver was removed.\nThis update fixes the driver memory leak bug on command retries, and the\nkernel no longer hangs in this situation. (BZ#1279792)\n\n * The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no longer\noccurs in this situation. (BZ#1279793)\n\n * When running PowerPC (PPC) KVM guests and the host was experiencing a lot\nof page faults, for example because it was running low on memory, the host\nsometimes triggered an incorrect kind of interrupt in the guest: a data\nstorage exception instead of a data segment exception. This caused a kernel\npanic of the PPC KVM guest. With this update, the host kernel synthesizes a\nsegment fault if the corresponding Segment Lookaside Buffer (SLB) lookup\nfails, which prevents the kernel panic from occurring. (BZ#1281423 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:2552-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-December/msg00021.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~327.3.1.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:10", "description": "Oracle Linux Local Security Checks ELSA-2015-3107", "cvss3": {}, "published": "2015-12-11T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-3107", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122801", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122801", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-3107.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122801\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-12-11 08:40:13 +0200 (Fri, 11 Dec 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-3107\");\n script_tag(name:\"insight\", value:\"ELSA-2015-3107 - Unbreakable Enterprise kernel security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-3107\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-3107.html\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~118.2.2.el7uek~0.4.5~3.el7\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~118.2.2.el7uek\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"dtrace-modules\", rpm:\"dtrace-modules~3.8.13~118.2.2.el6uek~0.4.5~3.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek\", rpm:\"kernel-uek~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug\", rpm:\"kernel-uek-debug~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-debug-devel\", rpm:\"kernel-uek-debug-devel~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-devel\", rpm:\"kernel-uek-devel~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-doc\", rpm:\"kernel-uek-doc~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kernel-uek-firmware\", rpm:\"kernel-uek-firmware~3.8.13~118.2.2.el6uek\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-07T18:46:16", "description": "A security vulnerability has been identified in Citrix XenServer that\n may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all\n currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.", "cvss3": {}, "published": "2015-11-26T00:00:00", "type": "openvas", "title": "Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 (CTX202583)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2020-04-02T00:00:00", "id": "OPENVAS:1361412562310105465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105465", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 (CTX202583)\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:citrix:xenserver\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105465\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"2020-04-02T13:53:24+0000\");\n\n script_name(\"Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 (CTX202583)\");\n\n script_xref(name:\"URL\", value:\"http://support.citrix.com/article/CTX202583\");\n\n script_tag(name:\"vuldetect\", value:\"Check the installed hotfixes.\");\n script_tag(name:\"solution\", value:\"Apply the hotfix referenced in the advisory.\");\n\n script_tag(name:\"summary\", value:\"A security vulnerability has been identified in Citrix XenServer that\n may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all\n currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.\");\n\n script_tag(name:\"affected\", value:\"Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-02 13:53:24 +0000 (Thu, 02 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-11-26 12:28:16 +0100 (Thu, 26 Nov 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Citrix Xenserver Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_xenserver_version.nasl\");\n script_mandatory_keys(\"xenserver/product_version\", \"xenserver/patches\");\n\n exit(0);\n}\n\ninclude(\"citrix_version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\nif( ! hotfixes = get_kb_item(\"xenserver/patches\") )\n exit( 0 );\n\npatches = make_array();\n\npatches['6.5.0'] = make_list( 'XS65ESP1016', 'XS65E017' );\npatches['6.2.0'] = make_list( 'XS62ESP1034' );\npatches['6.1.0'] = make_list( 'XS61E060' );\npatches['6.0.2'] = make_list( 'XS602E048', 'XS602ECC024' );\npatches['6.0.0'] = make_list( 'XS60E053' );\n\ncitrix_xenserver_check_report_is_vulnerable( version:version, hotfixes:hotfixes, patches:patches );\n\nexit( 99 );\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-11-22T00:00:00", "type": "openvas", "title": "Fedora Update for xen FEDORA-2015-668", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310806718", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806718", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for xen FEDORA-2015-668\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806718\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-22 06:49:27 +0100 (Sun, 22 Nov 2015)\");\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-8104\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for xen FEDORA-2015-668\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'xen'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"xen on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-668\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.5.2~2.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:46:26", "description": "The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#952384,\n CVE-2015-7990).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969 bnc#937970 bnc#938706\n bnc#939207).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified\n other impact by using a socket that was not properly bound (bnc#945825).\n - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in\n the Linux kernel allowed local users to cause a denial of service\n (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers\n permanent file-descriptor allocation (bnc#942367).\n\n The following non-security bugs were fixed:\n - alsa: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - btrfs: fix hang when failing to submit bio of directIO (bnc#942688).\n - btrfs: fix memory corruption on failure to submit bio for direct IO\n (bnc#942688).\n - btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - dm-snap: avoid deadock on s-&gt;lock when a read is split (bsc#939826).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - drm/i915: Add bit field to record which pins have received HPD events\n (v3) (bsc#942938).\n - drm/I915: Add enum hpd_pin to intel_encoder (bsc#942938).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).\n - drm/i915: Add messages useful for HPD storm detection debugging (v2)\n (bsc#942938).\n - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)\n (bsc#942938).\n - drm/i915: assert_spin_locked for pipestat interrupt enable/disable\n (bsc#942938).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt\n (bsc#942938).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,\n v2 (bsc#942938).\n - drm/i915: clear crt hotplug compare voltage field before setting\n (bsc#942938).\n - drm/i915: close tiny race in the ilk pcu even interrupt setup\n (bsc#942938).\n - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in\n encoders (v2) (bsc#942938).\n - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)\n (bsc#942938).\n - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch\n platforms (bsc#942938).\n - drm/i915: Enable hotplug interrupts after querying hw capabilities\n (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - drm/i915: fix hotplug event bit tracking (bsc#942938).\n - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).\n - drm/i915: fix hpd interrupt register locking (bsc#942938).\n - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock\n (bsc#942938).\n - drm/i915: fix locking around ironlake_enable|disable_display_irq\n (bsc#942938).\n - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).\n - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler\n (bsc#942938).\n - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: Get rid if the "hotplug_supported_mask" in struct\n drm_i915_private (bsc#942938).\n - drm/i915: implement ibx_hpd_irq_setup (bsc#942938).\n - drm/i915: Make hpd arrays big enough to avoid out of bounds access\n (bsc#942938).\n - drm/i915: Mask out the HPD irq bits before setting them individually\n (bsc#942938).\n - drm/i915: Only print hotplug event message when hotplug bit is set\n (bsc#942938).\n - drm/i915: Only reprobe display on encoder which has received an HPD\n event (v2) (bsc#942938).\n - drm/i915: Queue reenable timer also when enable_hotplug_processing is\n false (bsc#942938).\n - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).\n - drm/i915: Remove i965_hpd_irq_setup (bsc#942938).\n - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).\n - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).\n - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).\n - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()\n (bsc#942938).\n - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets\n (bsc#942938).\n - ehci-pci: enable interrupt on BayTrail (bnc926007).\n - Fixing wording in patch comment (bsc#923002)\n - fix lpfc_send_rscn_event allocation size claims bnc#935757\n - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bnc#947957, VM Functionality).\n - IB/iser: Add Discovery support (bsc#923002).\n - IB/iser: Move informational messages from error to info level\n (bsc#923002).\n - IB/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - inotify: Fix nested sleeps in inotify_read() (bsc#940925).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipv6: probe routes asynchronous in rt6_probe (bsc#936118).\n - ipvs: drop first packet to dead server (bsc#946078).\n - ipvs: Fix reuse connection if real server is dead (bnc#945827).\n - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch\n (bnc#920016).\n - KEYS: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - libiscsi: Exporting new attrs for iscsi session and connection in sysfs\n (bsc#923002).\n - lib/string.c: introduce memchr_inv() (bnc#930788).\n - macvlan: Support bonding events bsc#948521\n - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM\n Functionality).\n - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM\n Functionality).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bnc#947957, VM Functionality).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bnc#947957, VM Functionality).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017,\n bnc#949298).\n - mm: make page pfmemalloc check more robust (bnc#920016).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bnc#947957, VM Functionality).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bnc#947957, VM Functionality).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bnc#947957, VM Functionality).\n - Modified -rt patches: 344 of 435, useless noise elided.\n - Moved iscsi kabi patch to patches.kabi (bsc#923002)\n - netfilter: nf_conntrack_proto_sctp: minimal multihoming support\n (bsc#932350).\n - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786).\n - pci: Add flag indicating device has been assigned by KVM (bnc#777565\n FATE#313819).\n - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).\n - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).\n - PCI: delay configuration of SRIOV capability (bnc#952084).\n - PCI: Refresh First VF Offset and VF Stride when updating NumVFs\n (bnc#952084).\n - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084).\n - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - r8169: remember WOL preferences on driver load (bsc#942305).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202).\n - Rename kabi patch appropriately (bsc#923002)\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204).\n - SCSI: hosts: update to use ida_simple for host_no (bsc#939926)\n - SCSI: kabi: allow iscsi disocvery session support (bsc#923002).\n - scsi_transport_iscsi: Exporting new attrs for iscsi session and\n connection in sysfs (bsc#923002).\n - sg: fix read() error reporting (bsc#926774).\n - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch\n (bsc#935053, bsc#926709). Add bug reference.\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bnc#944989).\n - USB: xhci: do not start a halted endpoint before its new dequeue is set\n (bnc#933721).\n - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721).\n - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb\n (bnc#933721).\n - USB: xhci: Reset a halted endpoint immediately when we encounter a stall\n (bnc#933721).\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - x86/tsc: Change Fast TSC calibration failed from error to info\n (bnc#942605).\n - xfs: add background scanning to clear eofblocks inodes (bnc#930788).\n - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).\n - xfs: add inode id filtering to eofblocks scan (bnc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bnc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bnc#930788).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bnc#930788).\n - xfs: support a tag-based inode_ag_iterator (bnc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#949981).\n - xhci: Allocate correct amount of scratchpad buffers (bnc#933721).\n - xhci: Calculate old endpoints correctly on device reset (bnc#944831).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).\n - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721).\n - xhci: do not report PLC when link is in internal resume state\n (bnc#933721).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bnc#944837).\n - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bnc#945691).\n - xhci: report U3 when link is in resume state (bnc#933721).\n - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721).\n - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256\n (bnc#933721).\n - xhci: Treat not finding the event_seg on COMP_STOP the same as\n COMP_STOP_INVAL (bnc#933721).\n - XHCI: use uninterruptible sleep for waiting for internal operations\n (bnc#939955).\n - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721).\n\n", "cvss3": {}, "published": "2016-02-05T21:12:31", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-8215", "CVE-2015-6252", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "modified": "2016-02-05T21:12:31", "id": "SUSE-SU-2016:0354-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:33:55", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in\n microcode via #DB exception (bsc#954404).\n - CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in\n microcode via #AC exception (bsc#953527).\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#952384).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that occurred\n during userspace execution, which might have allowed local users to gain\n privileges by triggering an NMI (bsc#938706).\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951440).\n - CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by\n validating before applying it (bsc#944296).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified other\n impact by using a socket that was not properly bound (bsc#945825).\n - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in\n the Linux kernel allowed local users to cause a denial of service\n (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered\n permanent file-descriptor allocation (bsc#942367).\n\n The following non-security bugs were fixed:\n - alsa: hda - Disable 64bit address for Creative HDA controllers\n (bsc#814440).\n - btrfs: fix hang when failing to submit bio of directIO (bsc#942688).\n - btrfs: fix memory corruption on failure to submit bio for direct IO\n (bsc#942688).\n - btrfs: fix put dio bio twice when we submit dio bio fail (bsc#942688).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).\n - dm: do not start current request if it would have merged with the\n previous (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn merge heuristic\n (bsc#904348).\n - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).\n - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).\n - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)\n (bsc#942938).\n - drm/i915: Add bit field to record which pins have received HPD events\n (v3) (bsc#942938).\n - drm/i915: Add enum hpd_pin to intel_encoder (bsc#942938).\n - drm/i915: Add messages useful for HPD storm detection debugging (v2)\n (bsc#942938).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt\n (bsc#942938).\n - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in\n encoders (v2) (bsc#942938).\n - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)\n (bsc#942938).\n - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch\n platforms (bsc#942938).\n - drm/i915: Enable hotplug interrupts after querying hw capabilities\n (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).\n - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).\n - drm/i915: Get rid if the "^A" in struct drm_i915_private (bsc#942938).\n - drm/i915: Make hpd arrays big enough to avoid out of bounds access\n (bsc#942938).\n - drm/i915: Mask out the HPD irq bits before setting them individually\n (bsc#942938).\n - drm/i915: Only print hotplug event message when hotplug bit is set\n (bsc#942938).\n - drm/i915: Only reprobe display on encoder which has received an HPD\n event (v2) (bsc#942938).\n - drm/i915: Queue reenable timer also when enable_hotplug_processing is\n false (bsc#942938).\n - drm/i915: Remove i965_hpd_irq_setup (bsc#942938).\n - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).\n - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).\n - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()\n (bsc#942938).\n - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets\n (bsc#942938).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - drm/i915: assert_spin_locked for pipestat interrupt enable/disable\n (bsc#942938).\n - drm/i915: clear crt hotplug compare voltage field before setting\n (bsc#942938).\n - drm/i915: close tiny race in the ilk pcu even interrupt setup\n (bsc#942938).\n - drm/i915: fix hotplug event bit tracking (bsc#942938).\n - drm/i915: fix hpd interrupt register locking (bsc#942938).\n - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock\n (bsc#942938).\n - drm/i915: fix locking around ironlake_enable|disable_display_irq\n (bsc#942938).\n - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler\n (bsc#942938).\n - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: implement ibx_hpd_irq_setup (bsc#942938).\n - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).\n - ehci-pci: enable interrupt on BayTrail (bnc926007).\n - fix lpfc_send_rscn_event allocation size claims bsc#935757\n - hugetlb: simplify migrate_huge_page() (bsc#947957, VM Functionality).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bsc#947957).\n - ib/iser: Add Discovery support (bsc#923002).\n - ib/iser: Move informational messages from error to info level\n (bsc#923002).\n - ib/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - ib/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - inotify: Fix nested sleeps in inotify_read() (bsc#940925).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipv6: probe routes asynchronous in rt6_probe (bsc#936118).\n - ipvs: Fix reuse connection if real server is dead (bsc#945827).\n - ipvs: drop first packet to dead server (bsc#946078).\n - keys: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - lib/string.c: introduce memchr_inv() (bsc#930788).\n - libiscsi: Exporting new attrs for iscsi session and connection in sysfs\n (bsc#923002).\n - macvlan: Support bonding events bsc#948521\n - make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - memory-failure: do code refactor of soft_offline_page() (bsc#947957).\n - memory-failure: fix an error of mce_bad_pages statistics (bsc#947957).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bsc#947957).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bsc#947957).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bsc#947957).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bsc#947957).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bsc#947957).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bsc#940017,\n bsc#949298).\n - mm: make page pfmemalloc check more robust (bsc#920016).\n - netfilter: nf_conntrack_proto_sctp: minimal multihoming support\n (bsc#932350).\n - pci: Add VPD function 0 quirk for Intel Ethernet devices (bsc#943786).\n - pci: Add dev_flags bit to access VPD through function 0 (bsc#943786).\n - pci: Add flag indicating device has been assigned by KVM (bsc#777565).\n - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bsc#952084).\n - pci: Refresh First VF Offset and VF Stride when updating NumVFs\n (bsc#952084).\n - pci: Update NumVFs register when disabling SR-IOV (bsc#952084).\n - pci: delay configuration of SRIOV capability (bsc#952084).\n - pci: set pci sriov page size before reading SRIOV BAR (bsc#952084).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - r8169: remember WOL preferences on driver load (bsc#942305).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bsc#949100).\n - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bsc#942204).\n - scsi: hosts: update to use ida_simple for host_no (bsc#939926)\n - scsi: kabi: allow iscsi disocvery session support (bsc#923002).\n - scsi_transport_iscsi: Exporting new attrs for iscsi session and\n connection in sysfs (bsc#923002).\n - sg: fix read() error reporting (bsc#926774).\n - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb\n (bsc#933721).\n - usb: xhci: Reset a halted endpoint immediately when we encounter a stall\n (bsc#933721).\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bsc#944989).\n - usb: xhci: do not start a halted endpoint before its new dequeue is set\n (bsc#933721).\n - usb: xhci: handle Config Error Change (CEC) in xhci driver (bsc#933721).\n - x86/tsc: Change Fast TSC calibration failed from error to info\n (bsc#942605).\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: add EOFBLOCKS inode tagging/untagging (bsc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bsc#930788).\n - xfs: add background scanning to clear eofblocks inodes (bsc#930788).\n - xfs: add inode id filtering to eofblocks scan (bsc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bsc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bsc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bsc#930788).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bsc#930788).\n - xfs: support a tag-based inode_ag_iterator (bsc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bsc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bsc#949981).\n - xhci: Allocate correct amount of scratchpad buffers (bsc#933721).\n - xhci: Calculate old endpoints correctly on device reset (bsc#944831).\n - xhci: Do not enable/disable RWE on bus suspend/resume (bsc#933721).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bsc#945691).\n - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256\n (bsc#933721).\n - xhci: Treat not finding the event_seg on COMP_STOP the same as\n COMP_STOP_INVAL (bsc#933721).\n - xhci: Workaround for PME stuck issues in Intel xhci (bsc#933721).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bsc#949502).\n - xhci: do not report PLC when link is in internal resume state\n (bsc#933721).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bsc#944837).\n - xhci: fix reporting of 0-sized URBs in control endpoint (bsc#933721).\n - xhci: report U3 when link is in resume state (bsc#933721).\n - xhci: rework cycle bit checking for new dequeue pointers (bsc#933721).\n - xhci: use uninterruptible sleep for waiting for internal operations\n (bsc#939955).\n\n", "cvss3": {}, "published": "2015-11-26T13:10:56", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "modified": "2015-11-26T13:10:56", "id": "SUSE-SU-2015:2108-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:46:49", "description": "The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-7509: Mounting a prepared ext2 filesystem as ext4 could lead to\n a local denial of service (crash) (bsc#956709).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#952384).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969 937970 938706 939207).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified\n other impact by using a socket that was not properly bound (bnc#945825).\n\n The following non-security bugs were fixed:\n - af_xhci: avoid path quiesce of severed path in shutdown() (bnc#946214,\n LTC#131684).\n - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799).\n - alsa: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cachefiles: Avoid deadlocks with fs freezing (bsc#935123).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - dm-snap: avoid deadock on s-&gt;lock when a read is split (bsc#939826).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - drivers: hv: do not do hypercalls when hypercall_page is NULL.\n - drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.\n - drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.\n - drivers: hv: vmbus: add special crash handler (bnc#930770).\n - drivers: hv: vmbus: add special kexec handler.\n - drivers: hv: vmbus: Get rid of some unused definitions.\n - drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.\n - drivers: hv: vmbus: kill tasklets on module unload.\n - drivers: hv: vmbus: prefer "die" notification chain to 'panic'.\n - drivers: hv: vmbus: remove hv_synic_free_cpu() call from\n hv_synic_cleanup().\n - drivers: hv: vmbus: unregister panic notifier on module unload.\n - driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats\n (bsc#950750).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,\n v2 (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - fix lpfc_send_rscn_event allocation size claims bnc#935757\n - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123).\n - fs: Fix deadlocks between sync and fs freezing (bsc#935123).\n - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bnc#947957, VM Functionality).\n - IB/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - Import SP4-RT GA kabi files\n - ipr: Fix incorrect trace indexing (bsc#940913).\n - ipr: Fix invalid array indexing for HRRQ (bsc#940913).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipvs: drop first packet to dead server (bsc#946078).\n - ipvs: Fix reuse connection if real server is dead (bnc#945827).\n - kernel: correct uc_sigmask of the compat signal frame (bnc#946214,\n LTC#130124).\n - kernel: fix incorrect use of DIAG44 in continue_trylock_relax()\n (bnc#946214, LTC#132100).\n - kexec: Fix race between panic() and crash_kexec() called directly\n (bnc#937444).\n - keys: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - lib/string.c: introduce memchr_inv() (bnc#930788).\n - lpfc: Fix cq_id masking problem (bsc#944677).\n - macvlan: Support bonding events bsc#948521\n - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM\n Functionality).\n - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM\n Functionality).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bnc#947957, VM Functionality).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bnc#947957, VM Functionality).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017,\n bnc#949298).\n - mm: fix GFP_THISNODE callers and clarify (bsc#954950, VM Functionality).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bnc#947957, VM Functionality).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bnc#947957, VM Functionality).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bnc#947957, VM Functionality).\n - mm: remove GFP_THISNODE (bsc#954950, VM Functionality).\n - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS\n (fate#304949)).\n - Modified -rt patches: 343 of 434, noise elided.\n - net/core: Add VF link state control policy (bsc#950298).\n - netfilter: xt_recent: fix namespace destroy path (bsc#879378).\n - NFSv4: Fix two infinite loops in the mount code (bsc#954628).\n - panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - pci: Add dev_flags bit to access VPD through function 0 (bnc#943786).\n - pci: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).\n - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).\n - pci: delay configuration of SRIOV capability (bnc#952084).\n - pci: Refresh First VF Offset and VF Stride when updating NumVFs\n (bnc#952084).\n - pci: set pci sriov page size before reading SRIOV BAR (bnc#952084).\n - pci: Update NumVFs register when disabling SR-IOV (bnc#952084).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - qla2xxx: Remove unavailable firmware files (bsc#921081).\n - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down\n (bsc#930835).\n - quota: Fix deadlock with suspend and quotas (bsc#935123).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - rtnetlink: Fix VF IFLA policy (bsc#950298).\n - rtnetlink: fix VF info size (bsc#950298).\n - s390/dasd: fix disconnected device with valid path mask (bnc#946214,\n LTC#132707).\n - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214,\n LTC#132706).\n - s390/dasd: fix list_del corruption after lcu changes (bnc#954984,\n LTC#133077).\n - s390/pci: handle events for unused functions (bnc#946214, LTC#130628).\n - s390/pci: improve handling of hotplug event 0x301 (bnc#946214,\n LTC#130628).\n - s390/pci: improve state check when processing hotplug events\n (bnc#946214, LTC#130628).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - scsi: hosts: update to use ida_simple for host_no (bsc#939926)\n - sg: fix read() error reporting (bsc#926774).\n - sunrpc: refactor rpcauth_checkverf error returns (bsc#955673).\n - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch\n (bsc#935053, bsc#926709). Add bug reference.\n - usbback: correct copy length for partial transfers (bsc#941202).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bnc#944989).\n - veth: extend device features (bsc#879381).\n - vfs: Provide function to get superblock and wait for it to thaw\n (bsc#935123).\n - vmxnet3: adjust ring sizes when interface is down (bsc#950750).\n - vmxnet3: fix ethtool ring buffer size setting (bsc#950750).\n - writeback: Skip writeback for frozen filesystem (bsc#935123).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE\n (fate#317533, bnc#937256).\n - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE\n (fate#317533, bnc#937256).\n - xfs: add background scanning to clear eofblocks inodes (bnc#930788).\n - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).\n - xfs: add inode id filtering to eofblocks scan (bnc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bnc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bnc#930788).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bnc#930788).\n - xfs: support a tag-based inode_ag_iterator (bnc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#949981).\n - xhci: Calculate old endpoints correctly on device reset (bnc#944831).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bnc#944837).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bnc#945691).\n - xhci: silence TD warning (bnc#939955).\n - xhci: use uninterruptible sleep for waiting for internal operations\n (bnc#939955).\n\n", "cvss3": {}, "published": "2015-12-23T18:10:37", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7509", "CVE-2015-8215", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7799", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "modified": "2015-12-23T18:10:37", "id": "SUSE-SU-2015:2350-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:40:04", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav\n lead to a system crash (bsc#956709).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: RDS: There was no verification that an underlying\n transport exists when creating a connection, causing usage of a NULL\n pointer (bsc#952384).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that occurred\n during userspace execution, which might have allowed local users to gain\n privileges by triggering an NMI (bnc#938706).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial\n of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6\n Router Advertisement (RA) message, a different vulnerability than\n CVE-2015-8215 (bnc#944296).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified other\n impact by using a socket that was not properly bound (bnc#945825).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats\n (bsc#950750).\n - Drivers: hv: do not do hypercalls when hypercall_page is NULL.\n - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.\n - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.\n - Drivers: hv: vmbus: Get rid of some unused definitions.\n - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.\n - Drivers: hv: vmbus: add special crash handler (bnc#930770).\n - Drivers: hv: vmbus: add special kexec handler.\n - Drivers: hv: vmbus: kill tasklets on module unload.\n - Drivers: hv: vmbus: prefer "^A" notification chain to 'panic'.\n - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from\n hv_synic_cleanup().\n - Drivers: hv: vmbus: unregister panic notifier on module unload.\n - IB/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - KEYS: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - NFSv4: Fix two infinite loops in the mount code (bsc#954628).\n - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).\n - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786).\n - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).\n - PCI: Refresh First VF Offset and VF Stride when updating NumVFs\n (bnc#952084).\n - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084).\n - PCI: delay configuration of SRIOV capability (bnc#952084).\n - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084).\n - SCSI: hosts: update to use ida_simple for host_no (bsc#939926)\n - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673).\n - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214).\n - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cachefiles: Avoid deadlocks with fs freezing (bsc#935123).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,\n v2 (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - fix lpfc_send_rscn_event allocation size claims bnc#935757\n - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123).\n - fs: Fix deadlocks between sync and fs freezing (bsc#935123).\n - hugetlb: simplify migrate_huge_page() (bnc#947957).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bnc#947957,).\n - ipr: Fix incorrect trace indexing (bsc#940913).\n - ipr: Fix invalid array indexing for HRRQ (bsc#940913).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipvs: Fix reuse connection if real server is dead (bnc#945827).\n - ipvs: drop first packet to dead server (bsc#946078).\n - kernel: correct uc_sigmask of the compat signal frame (bnc#946214).\n - kernel: fix incorrect use of DIAG44 in continue_trylock_relax()\n (bnc#946214).\n - kexec: Fix race between panic() and crash_kexec() called directly\n (bnc#937444).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - lib/string.c: introduce memchr_inv() (bnc#930788).\n - lpfc: Fix cq_id masking problem (bsc#944677).\n - macvlan: Support bonding events bsc#948521\n - memory-failure: do code refactor of soft_offline_page() (bnc#947957).\n - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bnc#947957).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bnc#947957).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bnc#947957).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bnc#947957).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bnc#947957).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017,\n bnc#949298).\n - mm: fix GFP_THISNODE callers and clarify (bsc#954950).\n - mm: remove GFP_THISNODE (bsc#954950).\n - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS).\n - net/core: Add VF link state control policy (bsc#950298).\n - netfilter: xt_recent: fix namespace destroy path (bsc#879378).\n - panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - qla2xxx: Remove unavailable firmware files (bsc#921081).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down\n (bsc#930835).\n - quota: Fix deadlock with suspend and quotas (bsc#935123).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - rtnetlink: Fix VF IFLA policy (bsc#950298).\n - rtnetlink: fix VF info size (bsc#950298).\n - s390/dasd: fix disconnected device with valid path mask (bnc#946214).\n - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214).\n - s390/dasd: fix list_del corruption after lcu changes (bnc#954984).\n - s390/pci: handle events for unused functions (bnc#946214).\n - s390/pci: improve handling of hotplug event 0x301 (bnc#946214).\n - s390/pci: improve state check when processing hotplug events\n (bnc#946214).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - sg: fix read() error reporting (bsc#926774).\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bnc#944989).\n - usbback: correct copy length for partial transfers (bsc#941202).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - veth: extend device features (bsc#879381).\n - vfs: Provide function to get superblock and wait for it to thaw\n (bsc#935123).\n - vmxnet3: adjust ring sizes when interface is down (bsc#950750).\n - vmxnet3: fix ethtool ring buffer size setting (bsc#950750).\n - writeback: Skip writeback for frozen filesystem (bsc#935123).\n - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE\n (bnc#937256).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE\n (bnc#937256).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).\n - xfs: add background scanning to clear eofblocks inodes (bnc#930788).\n - xfs: add inode id filtering to eofblocks scan (bnc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bnc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bnc#930788).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bnc#930788).\n - xfs: support a tag-based inode_ag_iterator (bnc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#949981).\n - xhci: Calculate old endpoints correctly on device reset (bnc#944831).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bnc#945691).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bnc#944837).\n - xhci: silence TD warning (bnc#939955).\n - xhci: use uninterruptible sleep for waiting for internal operations\n (bnc#939955).\n\n", "cvss3": {}, "published": "2015-12-22T16:11:01", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7509", "CVE-2015-8215", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7799", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "modified": "2015-12-22T16:11:01", "id": "SUSE-SU-2015:2339-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:50:20", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to\n receive various security and bugfixes.\n\n Following security bugs were fixed:\n * CVE-2015-7613: A flaw was found in the Linux kernel IPC code that could\n lead to arbitrary code execution. The ipc_addid() function initialized a\n shared object that has unset uid/gid values. Since the fields are not\n initialized, the check can falsely succeed. (bsc#948536)\n * CVE-2015-5156: When a guests KVM network devices is in a bridge\n configuration the kernel can create a situation in which packets are\n fragmented in an unexpected fashion. The GRO functionality can create a\n situation in which multiple SKB's are chained together in a single\n packets fraglist (by design). (bsc#940776)\n * CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel before\n 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs\n that occurred during userspace execution, which might allow local users\n to gain privileges by triggering an NMI (bsc#938706).\n * CVE-2015-6252: A flaw was found in the way the Linux kernel's vhost\n driver treated userspace provided log file descriptor when processing\n the VHOST_SET_LOG_FD ioctl command. The file descriptor was never\n released and continued to consume kernel memory. A privileged local user\n with access to the /dev/vhost-net files could use this flaw to create a\n denial-of-service attack (bsc#942367).\n * CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the\n Linux kernel before 4.1.6 does not initialize a certain bitmap data\n structure, which allows local users to obtain sensitive information from\n kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994)\n * CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#945825)\n * CVE-2015-5283: A NULL pointer dereference flaw was found in SCTP\n implementation allowing a local user to cause system DoS. Creation of\n multiple sockets in parallel when system doesn't have SCTP module loaded\n can lead to kernel panic. (bsc#947155)\n\n The following non-security bugs were fixed:\n - ALSA: hda - Abort the probe without i915 binding for HSW/BDW\n (bsc#936556).\n - Btrfs: Backport subvolume mount option handling (bsc#934962)\n - Btrfs: Handle unaligned length in extent_same (bsc#937609).\n - Btrfs: advertise which crc32c implementation is being used on mount\n (bsc#946057).\n - Btrfs: allow mounting btrfs subvolumes with different ro/rw options.\n - Btrfs: check if previous transaction aborted to avoid fs corruption\n (bnc#942509).\n - Btrfs: clean up error handling in mount_subvol() (bsc#934962).\n - Btrfs: cleanup orphans while looking up default subvolume (bsc#914818).\n - Btrfs: do not update mtime/ctime on deduped inodes (bsc#937616).\n - Btrfs: fail on mismatched subvol and subvolid mount options (bsc#934962).\n - Btrfs: fix chunk allocation regression leading to transaction abort\n (bnc#938550).\n - Btrfs: fix clone / extent-same deadlocks (bsc#937612).\n - Btrfs: fix crash on close_ctree() if cleaner starts new transaction\n (bnc#938891).\n - Btrfs: fix deadlock with extent-same and readpage (bsc#937612).\n - Btrfs: fix file corruption after cloning inline extents (bnc#942512).\n - Btrfs: fix file read corruption after extent cloning and fsync\n (bnc#946902).\n - Btrfs: fix find_free_dev_extent() malfunction in case device tree has\n hole (bnc#938550).\n - Btrfs: fix hang when failing to submit bio of directIO (bnc#942685).\n - Btrfs: fix list transaction-&gt;pending_ordered corruption (bnc#938893).\n - Btrfs: fix memory corruption on failure to submit bio for direct IO\n (bnc#942685).\n - Btrfs: fix memory leak in the extent_same ioctl (bsc#937613).\n - Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942685).\n - Btrfs: fix race between balance and unused block group deletion\n (bnc#938892).\n - Btrfs: fix range cloning when same inode used as source and destination\n (bnc#942511).\n - Btrfs: fix read corruption of compressed and shared extents (bnc#946906).\n - Btrfs: fix uninit variable in clone ioctl (bnc#942511).\n - Btrfs: fix use-after-free in mount_subvol().\n - Btrfs: fix wrong check for btrfs_force_chunk_alloc() (bnc#938550).\n - Btrfs: lock superblock before remounting for rw subvol (bsc#934962).\n - Btrfs: pass unaligned length to btrfs_cmp_data() (bsc#937609).\n - Btrfs: remove all subvol options before mounting top-level (bsc#934962).\n - Btrfs: show subvol= and subvolid= in /proc/mounts (bsc#934962).\n - Btrfs: unify subvol= and subvolid= mounting (bsc#934962).\n - Btrfs: fill ->last_trans for delayed inode in btrfs_fill_inode\n (bnc#942925).\n - Btrfs: fix metadata inconsistencies after directory fsync (bnc#942925).\n - Btrfs: fix stale dir entries after removing a link and fsync\n (bnc#942925).\n - Btrfs: fix stale dir entries after unlink, inode eviction and fsync\n (bnc#942925).\n - Btrfs: fix stale directory entries after fsync log replay (bnc#942925).\n - Btrfs: make btrfs_search_forward return with nodes unlocked (bnc#942925).\n - Btrfs: support NFSv2 export (bnc#929871).\n - Btrfs: update fix for read corruption of compressed and shared extents\n (bsc#948256).\n - Drivers: hv: do not do hypercalls when hypercall_page is NULL.\n - Drivers: hv: vmbus: add special crash handler.\n - Drivers: hv: vmbus: add special kexec handler.\n - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from\n hv_synic_cleanup().\n - Input: evdev - do not report errors form flush() (bsc#939834).\n - Input: synaptics - do not retrieve the board id on old firmwares\n (bsc#929092).\n - Input: synaptics - log queried and quirked dimension values (bsc#929092).\n - Input: synaptics - query min dimensions for fw v8.1.\n - Input: synaptics - remove X1 Carbon 3rd gen from the topbuttonpad list\n (bsc#929092).\n - Input: synaptics - remove X250 from the topbuttonpad list.\n - Input: synaptics - remove obsolete min/max quirk for X240 (bsc#929092).\n - Input: synaptics - skip quirks when post-2013 dimensions (bsc#929092).\n - Input: synaptics - split synaptics_resolution(), query first\n (bsc#929092).\n - Input: synaptics - support min/max board id in min_max_pnpid_table\n (bsc#929092).\n - NFS: Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - NFSv4: do not set SETATTR for O_RDONLY|O_EXCL (bsc#939716).\n - PCI: Move MPS configuration check to pci_configure_device() (bsc#943313).\n - PCI: Set MPS to match upstream bridge (bsc#943313).\n - SCSI: fix regression in scsi_send_eh_cmnd() (bsc#930813).\n - SCSI: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204).\n - SCSI: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398).\n - UAS: fixup for remaining use of dead_list (bnc#934942).\n - USB: storage: use %*ph specifier to dump small buffers (bnc#934942).\n - aio: fix reqs_available handling (bsc#943378).\n - audit: do not generate loginuid log when audit disabled (bsc#941098).\n - blk-merge: do not compute bi_phys_segments from bi_vcnt for cloned bio\n (bnc#934430).\n - blk-merge: fix blk_recount_segments (bnc#934430).\n - blk-merge: recaculate segment if it isn't less than max segments\n (bnc#934430).\n - block: add queue flag for disabling SG merging (bnc#934430).\n - block: blk-merge: fix blk_recount_segments() (bnc#934430).\n - config: disable CONFIG_TCM_RBD on ppc64le and s390x\n - cpufreq: intel_pstate: Add CPU ID for Braswell processor.\n - dlm: fix missing endian conversion of rcom_status flags (bsc#940679).\n - dm cache mq: fix memory allocation failure for large cache devices\n (bsc#942707).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt\n (bsc#942938).\n - drm/i915: Make hpd arrays big enough to avoid out of bounds access\n (bsc#942938).\n - drm/i915: Only print hotplug event message when hotplug bit is set\n (bsc#942938).\n - drm/i915: Queue reenable timer also when enable_hotplug_processing is\n false (bsc#942938).\n - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()\n (bsc#942938).\n - drm/radeon: fix hotplug race at startup (bsc#942307).\n - ethtool, net/mlx4_en: Add 100M, 20G, 56G speeds ethtool reporting\n support (bsc#945710).\n - hrtimer: prevent timer interrupt DoS (bnc#886785).\n - hv: fcopy: add memory barrier to propagate state (bnc#943529).\n - inotify: Fix nested sleeps in inotify_read() (bsc#940925).\n - intel_pstate: Add CPU IDs for Broadwell processors.\n - intel_pstate: Add CPUID for BDW-H CPU.\n - intel_pstate: Add support for SkyLake.\n - intel_pstate: Correct BYT VID values (bnc#907973).\n - intel_pstate: Remove periodic P state boost (bnc#907973).\n - intel_pstate: add sample time scaling (bnc#907973, bnc#924722,\n bnc#916543).\n - intel_pstate: don't touch turbo bit if turbo disabled or unavailable\n (bnc#907973).\n - intel_pstate: remove setting P state to MAX on init (bnc#907973).\n - intel_pstate: remove unneeded sample buffers (bnc#907973).\n - intel_pstate: set BYT MSR with wrmsrl_on_cpu() (bnc#907973).\n - ipr: Fix incorrect trace indexing (bsc#940912).\n - ipr: Fix invalid array indexing for HRRQ (bsc#940912).\n - iwlwifi: dvm: drop non VO frames when flushing (bsc#940545).\n - kABI workaround for ieee80211_ops.flush argument change (bsc#940545).\n - kconfig: Do not print status messages in make -s mode (bnc#942160).\n - kernel/modsign_uefi.c: Check for EFI_RUNTIME_SERVICES in load_uefi_certs\n (bsc#856382).\n - kernel: do full redraw of the 3270 screen on reconnect (bnc#943476,\n LTC#129509).\n - kexec: define kexec_in_progress in !CONFIG_KEXEC case.\n - kvm: Use WARN_ON_ONCE for missing X86_FEATURE_NRIPS (bsc#947537).\n - lpfc: Fix scsi prep dma buf error (bsc#908950).\n - mac80211: add vif to flush call (bsc#940545).\n - md/bitmap: do not abuse i_writecount for bitmap files (bsc#943270).\n - md/bitmap: protect clearing of -&gt;bitmap by mddev-&gt;lock\n (bnc#912183).\n - md/raid5: use -&gt;lock to protect accessing raid5 sysfs attributes\n (bnc#912183).\n - md: fix problems with freeing private data after -&gt;run failure\n (bnc#912183).\n - md: level_store: group all important changes into one place (bnc#912183).\n - md: move GET_BITMAP_FILE ioctl out from mddev_lock (bsc#943270).\n - md: protect -&gt;pers changes with mddev-&gt;lock (bnc#912183).\n - md: remove mddev_lock from rdev_attr_show() (bnc#912183).\n - md: remove mddev_lock() from md_attr_show() (bnc#912183).\n - md: remove need for mddev_lock() in md_seq_show() (bnc#912183).\n - md: split detach operation out from -&gt;stop (bnc#912183).\n - md: tidy up set_bitmap_file (bsc#943270).\n - megaraid_sas: Handle firmware initialization after fast boot\n (bsc#922071).\n - mfd: lpc_ich: Assign subdevice ids automatically (bnc#898159).\n - mm: filemap: Avoid unnecessary barriers and waitqueue lookups -fix\n (VM/FS Performance (bnc#941951)).\n - mm: make page pfmemalloc check more robust (bnc#920016).\n - mm: numa: disable change protection for vma(VM_HUGETLB) (bnc#943573).\n - netfilter: nf_conntrack_proto_sctp: minimal multihoming support\n (bsc#932350).\n - net/mlx4_core: Add ethernet backplane autoneg device capability\n (bsc#945710).\n - net/mlx4_core: Introduce ACCESS_REG CMD and eth_prot_ctrl dev cap\n (bsc#945710).\n - net/mlx4_en: Use PTYS register to query ethtool settings (bsc#945710).\n - net/mlx4_en: Use PTYS register to set ethtool settings (Speed)\n (bsc#945710).\n - rcu: Reject memory-order-induced stall-warning false positives\n (bnc#941908).\n - s390/dasd: fix kernel panic when alias is set offline (bnc#940965,\n LTC#128595).\n - sched: Fix KMALLOC_MAX_SIZE overflow during cpumask allocation\n (bnc#939266).\n - sched: Fix cpu_active_mask/cpu_online_mask race (bsc#936773).\n - sched, numa: do not hint for NUMA balancing on VM_MIXEDMAP mappings\n (bnc#943573).\n - uas: Add US_FL_MAX_SECTORS_240 flag (bnc#934942).\n - uas: Add response iu handling (bnc#934942).\n - uas: Add uas_get_tag() helper function (bnc#934942).\n - uas: Check against unexpected completions (bnc#934942).\n - uas: Cleanup uas_log_cmd_state usage (bnc#934942).\n - uas: Do not log urb status error on cancellation (bnc#934942).\n - uas: Do not use scsi_host_find_tag (bnc#934942).\n - uas: Drop COMMAND_COMPLETED flag (bnc#934942).\n - uas: Drop all references to a scsi_cmnd once it has been aborted\n (bnc#934942).\n - uas: Drop inflight list (bnc#934942).\n - uas: Fix memleak of non-submitted urbs (bnc#934942).\n - uas: Fix resetting flag handling (bnc#934942).\n - uas: Free data urbs on completion (bnc#934942).\n - uas: Log error codes when logging errors (bnc#934942).\n - uas: Reduce number of function arguments for uas_alloc_foo functions\n (bnc#934942).\n - uas: Remove cmnd reference from the cmd urb (bnc#934942).\n - uas: Remove support for old sense ui as used in pre-production hardware\n (bnc#934942).\n - uas: Remove task-management / abort error handling code (bnc#934942).\n - uas: Set max_sectors_240 quirk for ASM1053 devices (bnc#934942).\n - uas: Simplify reset / disconnect handling (bnc#934942).\n - uas: Simplify unlink of data urbs on error (bnc#934942).\n - uas: Use scsi_print_command (bnc#934942).\n - uas: pre_reset and suspend: Fix a few races (bnc#934942).\n - uas: zap_pending: data urbs should have completed at this time\n (bnc#934942).\n - x86/kernel: Do not reserve crashkernel high memory if crashkernel low\n memory reserving failed (bsc#939145).\n - x86/smpboot: Check for cpu_active on cpu initialization (bsc#932285).\n - x86/smpboot: Check for cpu_active on cpu initialization (bsc#936773).\n - xhci: Workaround for PME stuck issues in Intel xhci (bnc#944028).\n - xhci: rework cycle bit checking for new dequeue pointers (bnc#944028).\n - xfs: Fix file type directory corruption for btree directories\n (bsc#941305).\n\n", "cvss3": {}, "published": "2015-10-13T11:09:43", "type": "suse", "title": "Security update for kernel-source (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-6252", "CVE-2015-7613", "CVE-2015-5156", "CVE-2015-5697", "CVE-2015-5283", "CVE-2015-5157", "CVE-2015-6937"], "modified": "2015-10-13T11:09:43", "id": "SUSE-SU-2015:1727-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:14", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers were valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the\n Linux kernel had an incorrect sequence of protocol-initialization steps,\n which allowed local users to cause a denial of service (panic or memory\n corruption) by creating SCTP sockets before all of the steps have\n finished (bnc#947155).\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#926238).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: RDS: There was no verification that an underlying\n transport exists when creating a connection, causing usage of a NULL\n pointer (bsc#952384).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial\n of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6\n Router Advertisement (RA) message, a different vulnerability than\n CVE-2015-8215 (bnc#944296).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236\n (bsc#953796).\n - Btrfs: fix file corruption and data loss after cloning inline extents\n (bnc#956053).\n - Btrfs: fix truncation of compressed and inlined extents (bnc#956053).\n - Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)\n - Fix regression in NFSRDMA server (bsc#951110).\n - KEYS: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - KVM: x86: call irq notifiers with directed EOI (bsc#950862).\n - NVMe: Add shutdown timeout as module parameter (bnc#936076).\n - NVMe: Mismatched host/device page size support (bsc#935961).\n - PCI: Drop "setting latency timer" messages (bsc#956047).\n - SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749).\n - SCSI: hosts: update to use ida_simple for host_no (bsc#939926)\n - SUNRPC: Fix oops when trace sunrpc_task events in nfs client\n (bnc#956703).\n - Sync ppc64le netfilter config options with other archs (bnc#951546)\n - Update kabi files with sbc_parse_cdb symbol change (bsc#954635).\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another\n task (bsc#921949).\n - apparmor: temporary work around for bug while unloading policy\n (boo#941867).\n - audit: correctly record file names with different path name types\n (bsc#950013).\n - audit: create private file name copies when auditing inodes (bsc#950013).\n - cpu: Defer smpboot kthread unparking until CPU known to scheduler\n (bsc#936773).\n - dlm: make posix locks interruptible, (bsc#947241).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,\n v2 (bsc#942938).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - fanotify: fix notification of groups with inode and mount marks\n (bsc#955533).\n - genirq: Make sure irq descriptors really exist when __irq_alloc_descs\n returns (bsc#945626).\n - hv: vss: run only on supported host versions (bnc#949504).\n - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).\n - ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags\n (bsc#947321).\n - ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321).\n - ipv6: Extend the route lookups to low priority metrics (bsc#947321).\n - ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321).\n - ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - ipvs: drop first packet to dead server (bsc#946078).\n - kABI: protect struct ahci_host_priv.\n - kABI: protect struct rt6_info changes from bsc#947321 changes\n (bsc#947321).\n - kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546).\n - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).\n - kabi: Restore kabi in struct se_cmd (bsc#954635).\n - kabi: Restore kabi in struct se_subsystem_api (bsc#954635).\n - kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199).\n - kgr: fix migration of kthreads to the new universe.\n - kgr: wake up kthreads periodically.\n - ktime: add ktime_after and ktime_before helper (bsc#904348).\n - macvlan: Support bonding events (bsc#948521).\n - net: add length argument to skb_copy_and_csum_datagram_iovec\n (bsc#951199).\n - net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec()\n (bsc#951199).\n - pci: Update VPD size with correct length (bsc#924493).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - ring-buffer: Always run per-cpu ring buffer resize with\n schedule_work_on() (bnc#956711).\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - sunrpc/cache: make cache flushing more reliable (bsc#947478).\n - supported.conf: Add missing dependencies of supported modules hwmon_vid\n needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by\n ramoops\n - supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio\n - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).\n - target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831).\n - target/rbd: fix PR info memory leaks (bnc#948831).\n - target: Send UA upon LUN RESET tmr completion (bsc#933514).\n - target: use "^A" when allocating UAs (bsc#933514).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).\n - vmxnet3: adjust ring sizes when interface is down (bsc#950750).\n - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at\n runtime, instead of top-down (bsc#940853).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,\n bnc#955148).\n - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in\n remove_pagetable() (VM Functionality, bnc#955148).\n - xfs: DIO needs an ioend for writes (bsc#949744).\n - xfs: DIO write completion size updates race (bsc#949744).\n - xfs: DIO writes within EOF do not need an ioend (bsc#949744).\n - xfs: always drain dio before extending aio write submission (bsc#949744).\n - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).\n - xfs: do not allocate an ioend for direct I/O completions (bsc#949744).\n - xfs: factor DIO write mapping from get_blocks (bsc#949744).\n - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).\n - xfs: move DIO mapping size calculation (bsc#949744).\n - xfs: using generic_file_direct_write() is unnecessary (bsc#949744).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#951165).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).\n\n", "cvss3": {}, "published": "2015-12-04T14:10:52", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-8215", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7799", "CVE-2015-5283", "CVE-2015-0272", "CVE-2015-8104"], "modified": "2015-12-04T14:10:52", "id": "SUSE-SU-2015:2194-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:57:12", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.51 to receive\n various security and bugfixes.\n\n Following features were added:\n - hwrng: Add a driver for the hwrng found in power7+ systems (fate#315784).\n\n Following security bugs were fixed:\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. (bsc#955354)\n - CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c in\n the Linux kernel attempted to support a FRAGLIST feature without proper\n memory allocation, which allowed guest OS users to cause a denial of\n service (buffer overflow and memory corruption) via a crafted sequence\n of fragmented packets (bnc#940776).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#926238).\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#952384).\n\n The following non-security bugs were fixed:\n - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#954986,\n LTC#131684).\n - alsa: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - alsa: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another\n task (bsc#921949).\n - audit: correctly record file names with different path name types\n (bsc#950013).\n - audit: create private file name copies when auditing inodes (bsc#950013).\n - bcache: Add btree_insert_node() (bnc#951638).\n - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).\n - bcache: backing device set to clean after finishing detach (bsc#951638).\n - bcache: backing device set to clean after finishing detach (bsc#951638).\n - bcache: Clean up keylist code (bnc#951638).\n - bcache: Convert btree_insert_check_key() to btree_insert_node()\n (bnc#951638).\n - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).\n - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).\n - bcache: Explicitly track btree node's parent (bnc#951638).\n - bcache: Fix a bug when detaching (bsc#951638).\n - bcache: Fix a lockdep splat in an error path (bnc#951638).\n - bcache: Fix a shutdown bug (bsc#951638).\n - bcache: Fix more early shutdown bugs (bsc#951638).\n - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).\n - bcache: Insert multiple keys at a time (bnc#951638).\n - bcache: kill closure locking usage (bnc#951638).\n - bcache: Refactor journalling flow control (bnc#951638).\n - bcache: Refactor request_write() (bnc#951638).\n - bcache: Use blkdev_issue_discard() (bnc#951638).\n - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more\n (bsc#958647).\n - btrfs: Adjust commit-transaction condition to avoid NO_SPACE more\n (bsc#958647).\n - btrfs: cleanup: remove no-used alloc_chunk in\n btrfs_check_data_free_space() (bsc#958647).\n - btrfs: cleanup: remove no-used alloc_chunk in\n btrfs_check_data_free_space() (bsc#958647).\n - btrfs: fix condition of commit transaction (bsc#958647).\n - btrfs: fix condition of commit transaction (bsc#958647).\n - btrfs: fix file corruption and data loss after cloning inline extents\n (bnc#956053).\n - btrfs: Fix out-of-space bug (bsc#958647).\n - btrfs: Fix out-of-space bug (bsc#958647).\n - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).\n - btrfs: Fix tail space processing in find_free_dev_extent() (bsc#958647).\n - btrfs: fix the number of transaction units needed to remove a block\n group (bsc#958647).\n - btrfs: fix the number of transaction units needed to remove a block\n group (bsc#958647).\n - btrfs: fix truncation of compressed and inlined extents (bnc#956053).\n - btrfs: Set relative data on clear btrfs_block_group_cache-&gt;pinned\n (bsc#958647).\n - btrfs: Set relative data on clear btrfs_block_group_cache->pinned\n (bsc#958647).\n - btrfs: use global reserve when deleting unused block group after ENOSPC\n (bsc#958647).\n - btrfs: use global reserve when deleting unused block group after ENOSPC\n (bsc#958647).\n - cache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).\n - cpu: Defer smpboot kthread unparking until CPU known to scheduler\n (bsc#936773).\n - cpusets, isolcpus: exclude isolcpus from load balancing in cpusets\n (bsc#957395).\n - cxgb4i: Increased the value of MAX_IMM_TX_PKT_LEN from 128 to 256 bytes\n (bsc#950580).\n - dlm: make posix locks interruptible, (bsc#947241).\n - dmapi: Fix xfs dmapi to not unlock & lock XFS_ILOCK_EXCL (bsc#949744).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - dm-snap: avoid deadock on s-&gt;lock when a read is split (bsc#939826).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - drm: Allocate new master object when client becomes master (bsc#956876,\n bsc#956801).\n - drm: Fix KABI of "struct drm_file" (bsc#956876, bsc#956801).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - drm/i915: clean up backlight conditional build (bsc#941113).\n - drm/i915: debug print on backlight register (bsc#941113).\n - drm/i915: do full backlight setup at enable time (bsc#941113).\n - drm/i915: do not save/restore backlight registers in KMS (bsc#941113).\n - drm/i915: Eliminate lots of WARNs when there's no backlight present\n (bsc#941113).\n - drm/i915: fix gen2-gen3 backlight set (bsc#941113,bsc#953971).\n - drm/i915: Fix gen3 self-refresh watermarks (bsc#953830,bsc#953971).\n - drm/i915: Fix missing backlight update during panel disablement\n (bsc#941113).\n - drm/i915: Fix SRC_COPY width on 830/845g (bsc#758040).\n - drm/i915: gather backlight information at setup (bsc#941113).\n - drm/i915: handle backlight through chip specific functions (bsc#941113).\n - drm/i915: Ignore "digital output" and "not HDMI output" bits for eDP\n detection (bsc#949192).\n - drm/i915: make asle notifications update backlight on all connectors\n (bsc#941113).\n - drm/i915: make backlight info per-connector (bsc#941113).\n - drm/i915: move backlight level setting in enable/disable to hooks\n (bsc#941113).\n - drm/i915: move opregion asle request handling to a work queue\n (bsc#953826).\n - drm/i915: nuke get max backlight functions (bsc#941113).\n - drm/i915/opregion: fix build error on CONFIG_ACPI=n (bsc#953826).\n - drm/i915: restore backlight precision when converting from ACPI\n (bsc#941113).\n - drm/i915/tv: add -&gt;get_config callback (bsc#953830).\n - drm/i915: use backlight legacy combination mode also for i915gm/i945gm\n (bsc#941113).\n - drm/i915: use the initialized backlight max value instead of reading it\n (bsc#941113).\n - drm/i915: vlv does not have pipe field in backlight registers\n (bsc#941113).\n - fanotify: fix notification of groups with inode & mount marks\n (bsc#955533).\n - Fix remove_and_add_spares removes drive added as spare in slot_store\n (bsc#956717).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - hwrng: Add a driver for the hwrng found in power7+ systems\n (fate#315784). in the non-RT kernel to minimize the differences.\n - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - ixgbe: fix broken PFC with X550 (bsc#951864).\n - ixgbe: use correct fcoe ddp max check (bsc#951864).\n - kabi: Fix spurious kabi change in mm/util.c.\n - kABI: protect struct ahci_host_priv.\n - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).\n - kabi: Restore kabi in struct se_cmd (bsc#954635).\n - kabi: Restore kabi in struct se_subsystem_api (bsc#954635).\n - ktime: add ktime_after and ktime_before helper (bsc#904348).\n - mm: factor commit limit calculation (VM Performance).\n - mm: get rid of "vmalloc_info" from /proc/meminfo (VM Performance).\n - mm: hugetlbfs: skip shared VMAs when unmapping private pages to satisfy\n a fault (Automatic NUMA Balancing (fate#315482)).\n - mm: remove PG_waiters from PAGE_FLAGS_CHECK_AT_FREE (bnc#943959).\n - mm: vmscan: never isolate more pages than necessary (VM Performance).\n - Move ktime_after patch to the networking section\n - nfsrdma: Fix regression in NFSRDMA server (bsc#951110).\n - pci: Drop "setting latency timer" messages (bsc#956047).\n - pci: Update VPD size with correct length (bsc#924493).\n - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put()\n call (bsc#955136).\n - perf/x86/intel/uncore: Delete an unnecessary check before pci_dev_put()\n call (bsc#955136).\n - perf/x86/intel/uncore: Fix multi-segment problem of\n perf_event_intel_uncore (bsc#955136).\n - perf/x86/intel/uncore: Fix multi-segment problem of\n perf_event_intel_uncore (bsc#955136).\n - pm, hinernate: use put_page in release_swap_writer (bnc#943959).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - Re-add copy_page_vector_to_user()\n - ring-buffer: Always run per-cpu ring buffer resize with\n schedule_work_on() (bnc#956711).\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n - rpm/constraints.in: Require 14GB worth of disk space on POWER The builds\n started to fail randomly due to ENOSPC errors.\n - rpm/kernel-binary.spec.in: Always build zImage for ARM\n - rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH\n CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since\n 2.6.39 and is enabled in our configs.\n - rpm/kernel-binary.spec.in: Drop the %build_src_dir macro It is the\n parent directory of the O= directory.\n - rpm/kernel-binary.spec.in: really pass down %{?_smp_mflags}\n - rpm/kernel-binary.spec.in: Use parallel make in all invocations Also,\n remove the lengthy comment, since we are using a standard rpm macro now.\n - rpm/kernel-binary.spec.in: Use upstream script to support config.addon\n - s390/dasd: fix disconnected device with valid path mask (bnc#954986,\n LTC#132707).\n - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#954986,\n LTC#132706).\n - s390/dasd: fix list_del corruption after lcu changes (bnc#954986,\n LTC#133077).\n - sched: Call select_idle_sibling() when not affine_sd (Scheduler\n Performance).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - sched, isolcpu: make cpu_isolated_map visible outside scheduler\n (bsc#957395).\n - sched/numa: Check all nodes when placing a pseudo-interleaved group\n (Automatic NUMA Balancing (fate#315482)).\n - sched/numa: Fix math underflow in task_tick_numa() (Automatic NUMA\n Balancing (fate#315482)).\n - sched/numa: Only consider less busy nodes as numa balancing destinations\n (Automatic NUMA Balancing (fate#315482)).\n - sched: Put expensive runtime debugging checks under a separate Kconfig\n entry (Scheduler performance).\n - scsi: hosts: update to use ida_simple for host_no (bsc#939926)\n - sunrpc/cache: make cache flushing more reliable (bsc#947478).\n - sunrpc: Fix oops when trace sunrpc_task events in nfs client\n (bnc#956703).\n - supported.conf: Support peak_pci and sja1000: These 2 CAN drivers are\n supported in the RT kernel for a long time so we can also support them\n - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).\n - target: Send UA upon LUN RESET tmr completion (bsc#933514).\n - target: use "se_dev_entry" when allocating UAs (bsc#933514).\n - Update config files. (bnc#955644)\n - Update kabi files with sbc_parse_cdb symbol change (bsc#954635).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - vmxnet3: adjust ring sizes when interface is down (bsc#950750).\n - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).\n - x86/efi: Fix invalid parameter error when getting hibernation key\n (fate#316350, bsc#956284).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - x86/mm: Add parenthesis for TLB tracepoint size calculation (VM\n Performance (Reduce IPIs during reclaim)).\n - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,\n bnc#955148).\n - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in\n remove_pagetable() (VM Functionality, bnc#955148).\n - x86/tsc: Let high latency PIT fail fast in quick_pit_calibrate()\n (bsc#953717).\n - xen: fix boot crash in EC2 settings (bsc#956147).\n - xen: refresh patches.xen/xen-x86_64-m2p-strict (bsc#956147).\n - xen: Update Xen patches to 3.12.50.\n - xfs: always drain dio before extending aio write submission (bsc#949744).\n - xfs: DIO needs an ioend for writes (bsc#949744).\n - xfs: DIO write completion size updates race (bsc#949744).\n - xfs: DIO writes within EOF do not need an ioend (bsc#949744).\n - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).\n - xfs: do not allocate an ioend for direct I/O completions (bsc#949744).\n - xfs: factor DIO write mapping from get_blocks (bsc#949744).\n - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).\n - xfs: move DIO mapping size calculation (bsc#949744).\n - xfs: using generic_file_direct_write() is unnecessary (bsc#949744).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#951165).\n - xhci: Workaround to get Intel xHCI reset working more reliably\n (bnc#957546).\n - zfcp: fix fc_host port_type with NPIV (bnc#954986, LTC#132479).\n\n", "cvss3": {}, "published": "2015-12-17T16:11:14", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-8215", "CVE-2015-7872", "CVE-2015-5156", "CVE-2015-7990", "CVE-2015-7799", "CVE-2015-0272"], "modified": "2015-12-17T16:11:14", "id": "SUSE-SU-2015:2292-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:34", "description": "This kernel live patch for Linux Kernel 3.12.43-52.6.1 fixes two security\n issues:\n\n - CVE-2015-7613: A race condition in the IPC object implementation in the\n Linux kernel allowed local users to gain privileges by triggering an\n ipc_addid call that leads to uid and gid comparisons against\n uninitialized data, related to msg.c, shm.c, and util.c. (bsc#948701\n bsc#948536)\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request. (bsc#940342 bsc#940338)\n\n", "cvss3": {}, "published": "2015-11-24T19:10:26", "type": "suse", "title": "Security update for Linux Kernel Live Patch 5 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7613", "CVE-2015-5707"], "modified": "2015-11-24T19:10:26", "id": "SUSE-SU-2015:2084-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:03:49", "description": "This kernel live patch for Linux Kernel 3.12.38-44.1 fixes two security\n issues:\n\n - CVE-2015-7613: A race condition in the IPC object implementation in the\n Linux kernel allowed local users to gain privileges by triggering an\n ipc_addid call that leads to uid and gid comparisons against\n uninitialized data, related to msg.c, shm.c, and util.c. (bsc#948701\n bsc#948536)\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request. (bsc#940342 bsc#940338)\n\n", "cvss3": {}, "published": "2015-11-24T19:15:29", "type": "suse", "title": "Security update for Linux Kernel Live Patch 3 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7613", "CVE-2015-5707"], "modified": "2015-11-24T19:15:29", "id": "SUSE-SU-2015:2090-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:48:49", "description": "This kernel live patch for Linux Kernel 3.12.44-52.18.1 fixes two security\n issues:\n\n - CVE-2015-7613: A race condition in the IPC object implementation in the\n Linux kernel allowed local users to gain privileges by triggering an\n ipc_addid call that leads to uid and gid comparisons against\n uninitialized data, related to msg.c, shm.c, and util.c. (bsc#948701\n bsc#948536)\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request. (bsc#940342 bsc#940338)\n\n", "cvss3": {}, "published": "2015-11-24T19:12:18", "type": "suse", "title": "Security update for Linux Kernel Live Patch 7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7613", "CVE-2015-5707"], "modified": "2015-11-24T19:12:18", "id": "SUSE-SU-2015:2086-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:22:35", "description": "This kernel live patch for Linux Kernel 3.12.44-52.10.1 fixes two security\n issues:\n\n - CVE-2015-7613: A race condition in the IPC object implementation in the\n Linux kernel allowed local users to gain privileges by triggering an\n ipc_addid call that leads to uid and gid comparisons against\n uninitialized data, related to msg.c, shm.c, and util.c. (bsc#948701\n bsc#948536)\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request. (bsc#940342 bsc#940338)\n\n", "cvss3": {}, "published": "2015-11-24T19:13:10", "type": "suse", "title": "Security update for Linux Kernel Live Patch 6 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7613", "CVE-2015-5707"], "modified": "2015-11-24T19:13:10", "id": "SUSE-SU-2015:2087-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:27:15", "description": "This kernel live patch for Linux Kernel 3.12.39-47.1 fixes two security\n issues:\n\n - CVE-2015-7613: A race condition in the IPC object implementation in the\n Linux kernel allowed local users to gain privileges by triggering an\n ipc_addid call that leads to uid and gid comparisons against\n uninitialized data, related to msg.c, shm.c, and util.c. (bsc#948701\n bsc#948536)\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request. (bsc#940342 bsc#940338)\n\n", "cvss3": {}, "published": "2015-11-24T19:11:22", "type": "suse", "title": "Security update for Linux Kernel Live Patch 4 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7613", "CVE-2015-5707"], "modified": "2015-11-24T19:11:22", "id": "SUSE-SU-2015:2085-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:15:28", "description": "This kernel live patch for Linux Kernel 3.12.36-38.1 fixes two security\n issues:\n\n - CVE-2015-7613: A race condition in the IPC object implementation in the\n Linux kernel allowed local users to gain privileges by triggering an\n ipc_addid call that leads to uid and gid comparisons against\n uninitialized data, related to msg.c, shm.c, and util.c. (bsc#948701\n bsc#948536)\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request. (bsc#940342 bsc#940338)\n\n", "cvss3": {}, "published": "2015-11-24T19:16:21", "type": "suse", "title": "Security update for Linux Kernel Live Patch 2 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7613", "CVE-2015-5707"], "modified": "2015-11-24T19:16:21", "id": "SUSE-SU-2015:2091-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:39", "description": "This kernel live patch for Linux Kernel 3.12.32-33.1 fixes two security\n issues:\n\n - CVE-2015-7613: A race condition in the IPC object implementation in the\n Linux kernel allowed local users to gain privileges by triggering an\n ipc_addid call that leads to uid and gid comparisons against\n uninitialized data, related to msg.c, shm.c, and util.c. (bsc#948701\n bsc#948536)\n - CVE-2015-5707: Integer overflow in the sg_start_req function in\n drivers/scsi/sg.c in the Linux kernel allowed local users to cause a\n denial of service or possibly have unspecified other impact via a large\n iov_count value in a write request. (bsc#940342 bsc#940338)\n\n", "cvss3": {}, "published": "2015-11-24T19:14:39", "type": "suse", "title": "Security update for Linux Kernel Live Patch 1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-7613", "CVE-2015-5707"], "modified": "2015-11-24T19:14:39", "id": "SUSE-SU-2015:2089-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:03", "description": "This kernel live patch for Linux Kernel 3.12.32-33.1 fixes security issues\n and bugs:\n\n Security issues fixed:\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958601).\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#953052)\n\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#953052).\n\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951542).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#951625).\n\n Non-security bugfix were also done:\n - xfs: Fix lost direct IO write in the last block (bsc#954005).\n - simple fix in kallsyms initialization (bsc#940342 bsc#916225)\n\n", "cvss3": {}, "published": "2016-02-11T21:11:07", "type": "suse", "title": "Security update for kernel live patch 1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-8539", "CVE-2015-7990", "CVE-2015-6937"], "modified": "2016-02-11T21:11:07", "id": "SUSE-SU-2016:0434-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:48", "description": "This kernel live patch for Linux Kernel 3.12.38-44.1 fixes security issues\n and bugs:\n\n Security issues fixed:\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958601).\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#953052)\n\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#953052).\n\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951542).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#951625).\n\n Non-security bugfix were also done:\n - xfs: Fix lost direct IO write in the last block (bsc#954005).\n - simple fix in kallsyms initialization (bsc#940342 bsc#916225)\n\n", "cvss3": {}, "published": "2016-02-08T18:11:26", "type": "suse", "title": "Security update for kernel live patch 3 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-8539", "CVE-2015-7990", "CVE-2015-6937"], "modified": "2016-02-08T18:11:26", "id": "SUSE-SU-2016:0380-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:18:43", "description": "This kernel live patch for Linux Kernel 3.12.44-52.10.1 fixes security\n issues and bugs:\n\n Security issues fixed:\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958601).\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#953052)\n\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#953052).\n\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951542).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#951625).\n\n Non-security bugfix were also done:\n - xfs: Fix lost direct IO write in the last block (bsc#954005).\n - simple fix in kallsyms initialization (bsc#940342 bsc#916225)\n\n", "cvss3": {}, "published": "2016-02-08T18:20:49", "type": "suse", "title": "Security update for kernel live patch 6 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-8539", "CVE-2015-7990", "CVE-2015-6937"], "modified": "2016-02-08T18:20:49", "id": "SUSE-SU-2016:0386-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:59:55", "description": "This kernel live patch for Linux Kernel 3.12.48-52.27.1 fixes security\n issues and bugs:\n\n Security issues fixed:\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958601).\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#953052)\n\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#953052).\n\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951542).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#951625).\n\n Non-security bugfix were also done:\n - xfs: Fix lost direct IO write in the last block (bsc#954005).\n - simple fix in kallsyms initialization (bsc#940342 bsc#916225)\n\n", "cvss3": {}, "published": "2016-02-04T19:14:29", "type": "suse", "title": "Security update for kernel live patch 8 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-8539", "CVE-2015-7990", "CVE-2015-6937"], "modified": "2016-02-04T19:14:29", "id": "SUSE-SU-2016:0337-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:43:03", "description": "This kernel live patch for Linux Kernel 3.12.49-11.1 fixes security issues\n and bugs:\n\n Security issues fixed:\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958601).\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#953052)\n\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#953052).\n\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951542).\n\n Non-security bugfix were also done:\n - xfs: Fix lost direct IO write in the last block (bsc#954005).\n\n", "cvss3": {}, "published": "2016-02-04T19:13:10", "type": "suse", "title": "Security update for kernel live patch SP1 0 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-8539", "CVE-2015-7990", "CVE-2015-6937"], "modified": "2016-02-04T19:13:10", "id": "SUSE-SU-2016:0335-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:55:32", "description": "This kernel live patch for Linux Kernel 3.12.44-52.18.1 fixes security\n issues and bugs:\n\n Security issues fixed:\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958601).\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#953052)\n\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#953052).\n\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951542).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#951625).\n\n Non-security bugfix were also done:\n - xfs: Fix lost direct IO write in the last block (bsc#954005).\n - simple fix in kallsyms initialization (bsc#940342 bsc#916225)\n\n", "cvss3": {}, "published": "2016-02-08T18:22:32", "type": "suse", "title": "Security update for kernel live patch 7 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-8539", "CVE-2015-7990", "CVE-2015-6937"], "modified": "2016-02-08T18:22:32", "id": "SUSE-SU-2016:0387-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:13:40", "description": "This kernel live patch for Linux Kernel 3.12.39-47.1 fixes security issues\n and bugs:\n\n Security issues fixed:\n - CVE-2015-8539: A negatively instantiated user key could have been used\n by a local user to leverage privileges (bnc#958601).\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable\n Datagram Sockets (RDS) implementation allowing a local user to cause\n system DoS. A verification was missing that the underlying transport\n exists when a connection was created. (bsc#953052)\n\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#953052).\n\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951542).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#951625).\n\n Non-security bugfix were also done:\n - xfs: Fix lost direct IO write in the last block (bsc#954005).\n - simple fix in kallsyms initialization (bsc#940342 bsc#916225)\n\n", "cvss3": {}, "published": "2016-02-08T18:13:14", "type": "suse", "title": "Security update for kernel live patch 4 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-8539", "CVE-2015-7990", "CVE-2015-6937"], "modified": "2016-02-08T18:13:14", "id": "SUSE-SU-2016:0381-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2023-12-07T15:44:36", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav lead to a system crash (bsc#956709).\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527).\n\n - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384).\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bnc#938706).\n\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440).\n\n - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296).\n\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-29T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2339-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0272", "CVE-2015-5157", "CVE-2015-5307", "CVE-2015-6937", "CVE-2015-7509", "CVE-2015-7799", "CVE-2015-7872", "CVE-2015-7990", "CVE-2015-8104", "CVE-2015-8215"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-2339-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2339-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87651);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0272\", \"CVE-2015-5157\", \"CVE-2015-5307\", \"CVE-2015-6937\", \"CVE-2015-7509\", \"CVE-2015-7799\", \"CVE-2015-7872\", \"CVE-2015-7990\", \"CVE-2015-8104\", \"CVE-2015-8215\");\n script_bugtraq_id(76005);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2339-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7509: Mounting ext4 filesystems in no-journal\n mode could hav lead to a system crash (bsc#956709).\n\n - CVE-2015-7799: The slhc_init function in\n drivers/net/slip/slhc.c in the Linux kernel did not\n ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted\n PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (host OS panic or hang) by triggering many #DB (aka\n Debug) exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (host OS panic or hang) by triggering many #AC (aka\n Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n\n - CVE-2015-7990: RDS: There was no verification that an\n underlying transport exists when creating a connection,\n causing usage of a NULL pointer (bsc#952384).\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux\n kernel on the x86_64 platform mishandled IRET faults in\n processing NMIs that occurred during userspace\n execution, which might have allowed local users to gain\n privileges by triggering an NMI (bnc#938706).\n\n - CVE-2015-7872: The key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) via crafted\n keyctl commands (bnc#951440).\n\n - CVE-2015-0272: Missing checks allowed remote attackers\n to cause a denial of service (IPv6 traffic disruption)\n via a crafted MTU value in an IPv6 Router Advertisement\n (RA) message, a different vulnerability than\n CVE-2015-8215 (bnc#944296).\n\n - CVE-2015-6937: The __rds_conn_create function in\n net/rds/connection.c in the Linux kernel allowed local\n users to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact by using a socket that was not\n properly bound (bnc#945825).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=814440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=879378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=879381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935123\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5157/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5307/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6937/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7509/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7872/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7990/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8104/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8215/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152339-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?baca640f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-kernel-source-12278=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-kernel-source-12278=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-source-12278=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-kernel-source-12278=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-kernel-source-12278=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-source-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-source-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-syms-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-68.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:42:53", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive various security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in microcode via #DB exception (bsc#954404).\n\n - CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in microcode via #AC exception (bsc#953527).\n\n - CVE-2015-7990: RDS: Verify the underlying transport exists before creating a connection, preventing possible DoS (bsc#952384).\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandled IRET faults in processing NMIs that occurred during userspace execution, which might have allowed local users to gain privileges by triggering an NMI (bsc#938706).\n\n - CVE-2015-7872: Possible crash when trying to garbage collect an uninstantiated keyring (bsc#951440).\n\n - CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by validating before applying it (bsc#944296).\n\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bsc#945825).\n\n - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered permanent file-descriptor allocation (bsc#942367).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-11-30T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2108-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0272", "CVE-2015-5157", "CVE-2015-5307", "CVE-2015-6252", "CVE-2015-6937", "CVE-2015-7872", "CVE-2015-7990", "CVE-2015-8104"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-extra", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-pae-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-trace-extra", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-xen-extra", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-2108-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2108-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87104);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0272\", \"CVE-2015-5157\", \"CVE-2015-5307\", \"CVE-2015-6252\", \"CVE-2015-6937\", \"CVE-2015-7872\", \"CVE-2015-7990\", \"CVE-2015-8104\");\n script_bugtraq_id(76005);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:2108-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to\nreceive various security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-8104: Prevent guest to host DoS caused by\n infinite loop in microcode via #DB exception\n (bsc#954404).\n\n - CVE-2015-5307: Prevent guest to host DoS caused by\n infinite loop in microcode via #AC exception\n (bsc#953527).\n\n - CVE-2015-7990: RDS: Verify the underlying transport\n exists before creating a connection, preventing possible\n DoS (bsc#952384).\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux\n kernel on the x86_64 platform mishandled IRET faults in\n processing NMIs that occurred during userspace\n execution, which might have allowed local users to gain\n privileges by triggering an NMI (bsc#938706).\n\n - CVE-2015-7872: Possible crash when trying to garbage\n collect an uninstantiated keyring (bsc#951440).\n\n - CVE-2015-0272: Prevent remote DoS using IPv6 RA with\n bogus MTU by validating before applying it (bsc#944296).\n\n - CVE-2015-6937: The __rds_conn_create function in\n net/rds/connection.c in the Linux kernel allowed local\n users to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact by using a socket that was not\n properly bound (bsc#945825).\n\n - CVE-2015-6252: The vhost_dev_ioctl function in\n drivers/vhost/vhost.c in the Linux kernel allowed local\n users to cause a denial of service (memory consumption)\n via a VHOST_SET_LOG_FD ioctl call that triggered\n permanent file-descriptor allocation (bsc#942367).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=777565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=814440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=900610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923002\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947957\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5157/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5307/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6252/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6937/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7872/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7990/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8104/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152108-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?911cfa21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-kernel-source-12226=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-kernel-source-12226=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-kernel-source-12226=1\n\nSUSE Linux Enterprise Server 11-EXTRA :\n\nzypper in -t patch slexsp3-kernel-source-12226=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-kernel-source-12226=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-kernel-source-12226=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-trace-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-source-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-default-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-default-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-default-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-default-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-source-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-syms-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-trace-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-extra-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.71.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-extra-3.0.101-0.47.71.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:44:49", "description": "The Linux Kernel was updated to 4.1.13 and fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.\n\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.\n\n - CVE-2015-7990: A local denial of service due to an incomplete fix of CVE-2015-6937 could lead to crashes (local denial of service).\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call.\n\nBugs fixed :\n\n - alsa: hda - apply hp headphone fixups more generically (boo#954876).\n\n - alsa: hda - add fixup for acer aspire one cloudbook 14 (boo#954876).\n\n - alsa: hda - fix headphone noise after dell xps 13 resume back from S3 (boo#954876).\n\n - alsa: hda - fix noise on dell latitude e6440 (boo#954876).\n\n - alsa: hda/hdmi - apply skylake fix-ups to broxton display codec (boo#954647).\n\n - alsa: hda - add codec id for broxton display audio codec (boo#954647).\n\n - alsa: hda/realtek - dell xps one alc3260 speaker no sound after resume back (boo#954647).\n\n - alsa: hda - yet another fix for dell headset mic with alc3266 (boo#954647).\n\n - alsa: hda - fix dell laptop for internal mic/headset mic (boo#954647).\n\n - alsa: hda - remove no physical connection pins from pin_quirk table (boo#954647).\n\n - alsa: hda - add pin quirk for the headset mic jack detection on Dell laptop (boo#954647).\n\n - alsa: hda - fix the headset mic that will not work on dell desktop machine (boo#954647).\n\n - alsa: hda - remove one pin from alc292_standard_pins (boo#954647).\n\n - alsa: hda - add dock support for thinkpad w541 (17aa:2211) (boo#954647).\n\n - alsa: hda/realtek: enable hp amp and mute led on hp folio 9480m [v3] (boo#954647).\n\n - alsa: hda/realtek - support dell headset mode for alc298 (boo#954647).\n\n - alsa: hda/realtek - support headset mode for alc298 (boo#954647).\n\n - x86/evtchn: make use of physdevop_map_pirq.\n\n - blktap: also call blkif_disconnect() when frontend switched to closed (boo#952976).\n\n - blktap: refine mm tracking (boo#952976).\n\n - update xen patches to linux 4.1.13.\n\n - Backport arm64 patches from sle12-sp1-arm.\n\n - Backport pci-ea patches\n\n - Enable drm_ast driver\n\n - Fix thunderx edac store function\n\n - Update arm64 config files. Align arm64 vanilla configuration with default.\n\n - rtlwifi: rtl8821ae: fix lockups on boot (boo#944978).\n\n - ethernet/atheros/alx: add killer e2400 device id (boo#955363).\n\n - drm/i915: don't override output type for ddi hdmi (boo#955190).\n\n - drm/i915: set best_encoder field of connector_state also when disabling (boo#955190).\n\n - drm/i915: add hotplug activation period to hotplug update mask (boo#955365).\n\n - drm/i915: avoid race of intel_crt_detect_hotplug() with hpd interrupt, v2 (boo#955365).\n\n - drm/i915: shut up gen8+ sde irq dmesg noise (boo#954757).\n\n - ipv6: fix tunnel error handling (boo#952579).\n\n - Update config files (boo#951533).\n\n - iwlwifi: add new pci ids for the 8260 series (boo#954421).\n\n - iwlwifi: edit the 3165 series and 8000 series pci ids (boo#954421).\n\n - x86/efi-bgrt: switch pr_err() to pr_debug() for invalid bgrt (boo#953559).\n\n - x86/tsc: let high latency pit fail fast in quick_pit_calibrate() (boo#953717).\n\n - Backport arm64 patches from sle12-sp1-arm branch Backports to fix Seattle xgbe driver. Fix EL2 page table for systems with high amount of memory. Needed for KVM to work. Convert WARN_ON in numa implementation to pr_warn.\n\n - input: elantech - add fujitsu lifebook u745 to force crc_enabled (boo#883192).", "cvss3": {}, "published": "2015-12-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2015-879)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-6937", "CVE-2015-7799", "CVE-2015-7990", "CVE-2015-8104"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-obs-qa-xen", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2015-879.NASL", "href": "https://www.tenable.com/plugins/nessus/87391", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-879.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87391);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-6937\", \"CVE-2015-7799\", \"CVE-2015-7990\", \"CVE-2015-8104\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2015-879)\");\n script_summary(english:\"Check for the openSUSE-2015-879 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Linux Kernel was updated to 4.1.13 and fixes the following \nissues :\n\nSecurity issues fixed :\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (host OS panic or hang) by triggering many #DB (aka\n Debug) exceptions, related to svm.c.\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (host OS panic or hang) by triggering many #AC (aka\n Alignment Check) exceptions, related to svm.c and vmx.c.\n\n - CVE-2015-6937: The __rds_conn_create function in\n net/rds/connection.c in the Linux kernel allowed local\n users to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact by using a socket that was not\n properly bound.\n\n - CVE-2015-7990: A local denial of service due to an\n incomplete fix of CVE-2015-6937 could lead to crashes\n (local denial of service).\n\n - CVE-2015-7799: The slhc_init function in\n drivers/net/slip/slhc.c in the Linux kernel did not\n ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted\n PPPIOCSMAXCID ioctl call.\n\nBugs fixed :\n\n - alsa: hda - apply hp headphone fixups more generically\n (boo#954876).\n\n - alsa: hda - add fixup for acer aspire one cloudbook 14\n (boo#954876).\n\n - alsa: hda - fix headphone noise after dell xps 13 resume\n back from S3 (boo#954876).\n\n - alsa: hda - fix noise on dell latitude e6440\n (boo#954876).\n\n - alsa: hda/hdmi - apply skylake fix-ups to broxton\n display codec (boo#954647).\n\n - alsa: hda - add codec id for broxton display audio codec\n (boo#954647).\n\n - alsa: hda/realtek - dell xps one alc3260 speaker no\n sound after resume back (boo#954647).\n\n - alsa: hda - yet another fix for dell headset mic with\n alc3266 (boo#954647).\n\n - alsa: hda - fix dell laptop for internal mic/headset mic\n (boo#954647).\n\n - alsa: hda - remove no physical connection pins from\n pin_quirk table (boo#954647).\n\n - alsa: hda - add pin quirk for the headset mic jack\n detection on Dell laptop (boo#954647).\n\n - alsa: hda - fix the headset mic that will not work on\n dell desktop machine (boo#954647).\n\n - alsa: hda - remove one pin from alc292_standard_pins\n (boo#954647).\n\n - alsa: hda - add dock support for thinkpad w541\n (17aa:2211) (boo#954647).\n\n - alsa: hda/realtek: enable hp amp and mute led on hp\n folio 9480m [v3] (boo#954647).\n\n - alsa: hda/realtek - support dell headset mode for alc298\n (boo#954647).\n\n - alsa: hda/realtek - support headset mode for alc298\n (boo#954647).\n\n - x86/evtchn: make use of physdevop_map_pirq.\n\n - blktap: also call blkif_disconnect() when frontend\n switched to closed (boo#952976).\n\n - blktap: refine mm tracking (boo#952976).\n\n - update xen patches to linux 4.1.13.\n\n - Backport arm64 patches from sle12-sp1-arm.\n\n - Backport pci-ea patches\n\n - Enable drm_ast driver\n\n - Fix thunderx edac store function\n\n - Update arm64 config files. Align arm64 vanilla\n configuration with default.\n\n - rtlwifi: rtl8821ae: fix lockups on boot (boo#944978).\n\n - ethernet/atheros/alx: add killer e2400 device id\n (boo#955363).\n\n - drm/i915: don't override output type for ddi hdmi\n (boo#955190).\n\n - drm/i915: set best_encoder field of connector_state also\n when disabling (boo#955190).\n\n - drm/i915: add hotplug activation period to hotplug\n update mask (boo#955365).\n\n - drm/i915: avoid race of intel_crt_detect_hotplug() with\n hpd interrupt, v2 (boo#955365).\n\n - drm/i915: shut up gen8+ sde irq dmesg noise\n (boo#954757).\n\n - ipv6: fix tunnel error handling (boo#952579).\n\n - Update config files (boo#951533).\n\n - iwlwifi: add new pci ids for the 8260 series\n (boo#954421).\n\n - iwlwifi: edit the 3165 series and 8000 series pci ids\n (boo#954421).\n\n - x86/efi-bgrt: switch pr_err() to pr_debug() for invalid\n bgrt (boo#953559).\n\n - x86/tsc: let high latency pit fail fast in\n quick_pit_calibrate() (boo#953717).\n\n - Backport arm64 patches from sle12-sp1-arm branch\n Backports to fix Seattle xgbe driver. Fix EL2 page table\n for systems with high amount of memory. Needed for KVM\n to work. Convert WARN_ON in numa implementation to\n pr_warn.\n\n - input: elantech - add fujitsu lifebook u745 to force\n crc_enabled (boo#883192).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=883192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=944978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=948758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956856\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.13-5.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.13-5.4\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.13-5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.13-5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-xen-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.13-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.13-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:29:29", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to receive various security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7613: A flaw was found in the Linux kernel IPC code that could lead to arbitrary code execution. The ipc_addid() function initialized a shared object that has unset uid/gid values. Since the fields are not initialized, the check can falsely succeed. (bsc#948536)\n\n - CVE-2015-5156: When a guests KVM network devices is in a bridge configuration the kernel can create a situation in which packets are fragmented in an unexpected fashion. The GRO functionality can create a situation in which multiple SKB's are chained together in a single packets fraglist (by design). (bsc#940776)\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bsc#938706).\n\n - CVE-2015-6252: A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack (bsc#942367).\n\n - CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.\n (bnc#939994)\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found in the Reliable Datagram Sockets (RDS) implementation allowing a local user to cause system DoS. A verification was missing that the underlying transport exists when a connection was created. (bsc#945825)\n\n - CVE-2015-5283: A NULL pointer dereference flaw was found in SCTP implementation allowing a local user to cause system DoS. Creation of multiple sockets in parallel when system doesn't have SCTP module loaded can lead to kernel panic. (bsc#947155)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-14T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel-source (SUSE-SU-2015:1727-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5156", "CVE-2015-5157", "CVE-2015-5283", "CVE-2015-5697", "CVE-2015-6252", "CVE-2015-6937", "CVE-2015-7613"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-1727-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1727-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86378);\n script_version(\"2.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5156\", \"CVE-2015-5157\", \"CVE-2015-5283\", \"CVE-2015-5697\", \"CVE-2015-6252\", \"CVE-2015-6937\", \"CVE-2015-7613\");\n script_bugtraq_id(76005);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel-source (SUSE-SU-2015:1727-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.48-52.27 to\nreceive various security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7613: A flaw was found in the Linux kernel IPC\n code that could lead to arbitrary code execution. The\n ipc_addid() function initialized a shared object that\n has unset uid/gid values. Since the fields are not\n initialized, the check can falsely succeed. (bsc#948536)\n\n - CVE-2015-5156: When a guests KVM network devices is in a\n bridge configuration the kernel can create a situation\n in which packets are fragmented in an unexpected\n fashion. The GRO functionality can create a situation in\n which multiple SKB's are chained together in a single\n packets fraglist (by design). (bsc#940776)\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux\n kernel before 4.1.6 on the x86_64 platform mishandles\n IRET faults in processing NMIs that occurred during\n userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bsc#938706).\n\n - CVE-2015-6252: A flaw was found in the way the Linux\n kernel's vhost driver treated userspace provided log\n file descriptor when processing the VHOST_SET_LOG_FD\n ioctl command. The file descriptor was never released\n and continued to consume kernel memory. A privileged\n local user with access to the /dev/vhost-net files could\n use this flaw to create a denial-of-service attack\n (bsc#942367).\n\n - CVE-2015-5697: The get_bitmap_file function in\n drivers/md/md.c in the Linux kernel before 4.1.6 does\n not initialize a certain bitmap data structure, which\n allows local users to obtain sensitive information from\n kernel memory via a GET_BITMAP_FILE ioctl call.\n (bnc#939994)\n\n - CVE-2015-6937: A NULL pointer dereference flaw was found\n in the Reliable Datagram Sockets (RDS) implementation\n allowing a local user to cause system DoS. A\n verification was missing that the underlying transport\n exists when a connection was created. (bsc#945825)\n\n - CVE-2015-5283: A NULL pointer dereference flaw was found\n in SCTP implementation allowing a local user to cause\n system DoS. Creation of multiple sockets in parallel\n when system doesn't have SCTP module loaded can lead to\n kernel panic. (bsc#947155)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=856382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=886785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=898159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=907973\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=908950\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=912183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=916543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=920016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=932350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934430\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934942\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=934962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940398\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940679\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940965\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5156/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5157/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5697/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6252/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-6937/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7613/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151727-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f62582a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-668=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-668=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-668=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-668=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2015-668=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-668=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.48-52.27.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.48-52.27.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.48-52.27.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-source\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:31:00", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive various security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel did not ensure that certain slot numbers were valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the Linux kernel had an incorrect sequence of protocol-initialization steps, which allowed local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished (bnc#947155).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux kernel did not properly handle rename actions inside a bind mount, which allowed local users to bypass an intended container protection mechanism by renaming a directory, related to a 'double-chroot attack (bnc#926238).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527).\n\n - CVE-2015-7990: RDS: There was no verification that an underlying transport exists when creating a connection, causing usage of a NULL pointer (bsc#952384).\n\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (OOPS) via crafted keyctl commands (bnc#951440).\n\n - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215 (bnc#944296).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-12-07T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2194-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0272", "CVE-2015-2925", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-7799", "CVE-2015-7872", "CVE-2015-7990", "CVE-2015-8104", "CVE-2015-8215"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2015-2194-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2194-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87214);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-0272\", \"CVE-2015-2925\", \"CVE-2015-5283\", \"CVE-2015-5307\", \"CVE-2015-7799\", \"CVE-2015-7872\", \"CVE-2015-7990\", \"CVE-2015-8104\", \"CVE-2015-8215\");\n script_bugtraq_id(73926);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2194-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive\nvarious security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2015-7799: The slhc_init function in\n drivers/net/slip/slhc.c in the Linux kernel did not\n ensure that certain slot numbers were valid, which\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted\n PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-5283: The sctp_init function in\n net/sctp/protocol.c in the Linux kernel had an incorrect\n sequence of protocol-initialization steps, which allowed\n local users to cause a denial of service (panic or\n memory corruption) by creating SCTP sockets before all\n of the steps have finished (bnc#947155).\n\n - CVE-2015-2925: The prepend_path function in fs/dcache.c\n in the Linux kernel did not properly handle rename\n actions inside a bind mount, which allowed local users\n to bypass an intended container protection mechanism by\n renaming a directory, related to a 'double-chroot attack\n (bnc#926238).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (host OS panic or hang) by triggering many #DB (aka\n Debug) exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel\n allowed guest OS users to cause a denial of service\n (host OS panic or hang) by triggering many #AC (aka\n Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n\n - CVE-2015-7990: RDS: There was no verification that an\n underlying transport exists when creating a connection,\n causing usage of a NULL pointer (bsc#952384).\n\n - CVE-2015-7872: The key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) via crafted\n keyctl commands (bnc#951440).\n\n - CVE-2015-0272: Missing checks allowed remote attackers\n to cause a denial of service (IPv6 traffic disruption)\n via a crafted MTU value in an IPv6 Router Advertisement\n (RA) message, a different vulnerability than\n CVE-2015-8215 (bnc#944296).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=814440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=867595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=933514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=935961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=941867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=942938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=946078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947321\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=948831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=949744\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952758\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956047\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-0272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-2925/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5307/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7872/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7990/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8104/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152194-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e36375c5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2015-945=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2015-945=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-945=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2015-945=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2015-945=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-945=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.51-52.31.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.51-52.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:24:15", "description": "kernel-4.1.13-100.fc21 - Linux v4.1.13 - CVE-2015-8104 kvm: DoS infinite loop in microcode DB exception (rhbz 1278496 1279691) - CVE-2015-5307 kvm: DoS infinite loop in microcode AC exception (rhbz 1277172 1279688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 21 : kernel-4.1.13-100.fc21 (2015-f2c534bc12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-7799", "CVE-2015-7990", "CVE-2015-8104"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-F2C534BC12.NASL", "href": "https://www.tenable.com/plugins/nessus/89459", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-f2c534bc12.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89459);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-7799\", \"CVE-2015-7990\", \"CVE-2015-8104\");\n script_xref(name:\"FEDORA\", value:\"2015-f2c534bc12\");\n\n script_name(english:\"Fedora 21 : kernel-4.1.13-100.fc21 (2015-f2c534bc12)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"kernel-4.1.13-100.fc21 - Linux v4.1.13 - CVE-2015-8104 kvm: DoS\ninfinite loop in microcode DB exception (rhbz 1278496 1279691) -\nCVE-2015-5307 kvm: DoS infinite loop in microcode AC exception (rhbz\n1277172 1279688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1277172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1278496\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172185.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e3663e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"kernel-4.1.13-100.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:24:07", "description": "The 4.2.6 stable update contains a number of important fixes across the tree. kernel-4.2.6-300.fc23 - Fix incorrect size calculations in megaraid with 64K pages (rhbz 1269300) - CVE-2015-8104 kvm: DoS infinite loop in microcode DB exception (rhbz 1278496 1279691) - CVE-2015-5307 kvm: DoS infinite loop in microcode AC exception (rhbz 1277172 1279688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel-4.2.6-300.fc23 (2015-115c302856)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-7799", "CVE-2015-7990", "CVE-2015-8104"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-115C302856.NASL", "href": "https://www.tenable.com/plugins/nessus/89149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-115c302856.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89149);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-7799\", \"CVE-2015-7990\", \"CVE-2015-8104\");\n script_xref(name:\"FEDORA\", value:\"2015-115c302856\");\n\n script_name(english:\"Fedora 23 : kernel-4.2.6-300.fc23 (2015-115c302856)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.2.6 stable update contains a number of important fixes across\nthe tree. kernel-4.2.6-300.fc23 - Fix incorrect size calculations in\nmegaraid with 64K pages (rhbz 1269300) - CVE-2015-8104 kvm: DoS\ninfinite loop in microcode DB exception (rhbz 1278496 1279691) -\nCVE-2015-5307 kvm: DoS infinite loop in microcode AC exception (rhbz\n1277172 1279688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1277172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1278496\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172022.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ae1eb12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.2.6-300.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:25:50", "description": "The 4.2.6 stable update contains a number of important fixes across the tree. kernel-4.2.6-200.fc22 - Fix incorrect size calculations in megaraid with 64K pages (rhbz 1269300) - CVE-2015-8104 kvm: DoS infinite loop in microcode DB exception (rhbz 1278496 1279691) - CVE-2015-5307 kvm: DoS infinite loop in microcode AC exception (rhbz 1277172 1279688)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-03-04T00:00:00", "type": "nessus", "title": "Fedora 22 : kernel-4.2.6-200.fc22 (2015-cd94ad8d7c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5307", "CVE-2015-7799", "CVE-2015-7990", "CVE-2015-8104"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-CD94AD8D7C.NASL", "href": "https://www.tenable.com/plugins/nessus/89412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-cd94ad8d7c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(89412);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5307\", \"CVE-2015-7799\", \"CVE-2015-7990\", \"CVE-2015-8104\");\n script_xref(name:\"FEDORA\", value:\"2015-cd94ad8d7c\");\n\n script_name(english:\"Fedora 22 : kernel-4.2.6-200.fc22 (2015-cd94ad8d7c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.2.6 stable update contains a number of important fixes across\nthe tree. kernel-4.2.6-200.fc22 - Fix incorrect size calculations in\nmegaraid with 64K pages (rhbz 1269300) - CVE-2015-8104 kvm: DoS\ninfinite loop in microcode DB exception (rhbz 1278496 1279691) -\nCVE-2015-5307 kvm: DoS infinite loop in microcode AC exception (rhbz\n1277172 1279688)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1271134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1276437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1277172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1278496\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172100.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b03393c1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/03/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"kernel-4.2.6-200.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:41:16", "description": "It was discovered that virtio networking in the Linux kernel did not handle fragments correctly, leading to kernel memory corruption. A remote attacker could use this to cause a denial of service (system crash) or possibly execute code with administrative privileges.\n(CVE-2015-5156)\n\nBenjamin Randazzo discovered an information leak in the md (multiple device) driver when the bitmap_info.file is disabled. A local privileged attacker could use this to obtain sensitive information from the kernel. (CVE-2015-5697)\n\nMarc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252)\n\nIt was discovered that the Reliable Datagram Sockets (RDS) implementation in the Linux kernel did not verify sockets were properly bound before attempting to send a message, which could cause a NULL pointer dereference. An attacker could use this to cause a denial of service (system crash). (CVE-2015-6937)\n\nBen Hutchings discovered that the Advanced Union Filesystem (aufs) for the Linux kernel did not correctly handle references of memory mapped files from an aufs mount. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2015-7312).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-20T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2777-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5156", "CVE-2015-5697", "CVE-2015-6252", "CVE-2015-6937", "CVE-2015-7312"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-2777-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86468", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2777-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86468);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2015-5156\",\n \"CVE-2015-5697\",\n \"CVE-2015-6252\",\n \"CVE-2015-6937\",\n \"CVE-2015-7312\"\n );\n script_xref(name:\"USN\", value:\"2777-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Utopic HWE) vulnerabilities (USN-2777-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that virtio networking in the Linux kernel did not\nhandle fragments correctly, leading to kernel memory corruption. A\nremote attacker could use this to cause a denial of service (system\ncrash) or possibly execute code with administrative privileges.\n(CVE-2015-5156)\n\nBenjamin Randazzo discovered an information leak in the md (multiple\ndevice) driver when the bitmap_info.file is disabled. A local\nprivileged attacker could use this to obtain sensitive information\nfrom the kernel. (CVE-2015-5697)\n\nMarc-Andre Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged\nattacker could use this to cause a denial of service (resource\nexhaustion). (CVE-2015-6252)\n\nIt was discovered that the Reliable Datagram Sockets (RDS)\nimplementation in the Linux kernel did not verify sockets were\nproperly bound before attempting to send a message, which could cause\na NULL pointer dereference. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2015-6937)\n\nBen Hutchings discovered that the Advanced Union Filesystem (aufs) for\nthe Linux kernel did not correctly handle references of memory mapped\nfiles from an aufs mount. A local attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2015-7312).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-2777-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-7312\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2015-5156\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16.0-51-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '14.04': {\n '3.16.0': {\n 'generic': '3.16.0-51',\n 'generic-lpae': '3.16.0-51',\n 'lowlatency': '3.16.0-51',\n 'powerpc-e500mc': '3.16.0-51',\n 'powerpc-smp': '3.16.0-51',\n 'powerpc64-emb': '3.16.0-51',\n 'powerpc64-smp': '3.16.0-51'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-2777-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2015-5156', 'CVE-2015-5697', 'CVE-2015-6252', 'CVE-2015-6937', 'CVE-2015-7312');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-2777-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:41:46", "description": "It was discovered that an integer overflow error existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.\n(CVE-2015-5707)\n\nMarc-Andre Lureau discovered that the vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion). (CVE-2015-6252)\n\nIt was discovered that the Linux kernel's perf subsystem did not bound callchain backtraces on PowerPC 64. A local attacker could use this to cause a denial of service. (CVE-2015-6526).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-10-02T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-2759-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5707", "CVE-2015-6252", "CVE-2015-6526"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2759-1.NASL", "href": "https://www.tenable.com/plugins/nessus/86244", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2759-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86244);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5707\", \"CVE-2015-6252\", \"CVE-2015-6526\");\n script_xref(name:\"USN\", value:\"2759-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2759-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that an integer overflow error existed in the SCSI\ngeneric (sg) driver in the Linux kernel. A local attacker with write\npermission to a SCSI generic device could use this to cause a denial\nof service (system crash) or potentially escalate their privileges.\n(CVE-2015-5707)\n\nMarc-Andre Lureau discovered that the vhost driver did not properly\nrelease the userspace provided log file descriptor. A privileged\nattacker could use this to cause a denial of service (resource\nexhaustion). (CVE-2015-6252)\n\nIt was discovered that the Linux kernel's perf subsystem did not bound\ncallchain backtraces on PowerPC 64. A local attacker could use this to\ncause a denial of service. (CVE-2015-6526).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2759-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-5707\", \"CVE-2015-6252\", \"CVE-2015-6526\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2759-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-91-generic\", pkgver:\"3.2.0-91.129\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-91-generic-pae\", pkgver:\"3.2.0-91.129\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-91-highbank\", pkgver:\"3.2.0-91.129\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-91-virtual\", pkgver:\"3.2.0-91.129\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:28:45", "description": "This update fixes the CVEs described below.\n\nCVE-2015-0272\n\nIt was discovered that NetworkManager would set IPv6 MTUs based on the values received in IPv6 RAs (Router Advertisements), without sufficiently validating these values. A remote attacker could exploit this attack to disable IPv6 connectivity. This has been mitigated by adding validation in the kernel.\n\nCVE-2015-5156\n\nJason Wang discovered that when a virtio_net device is connected to a bridge in the same VM, a series of TCP packets forwarded through the bridge may cause a heap buffer overflow. A remote attacker could use this to cause a denial of service (crash) or possibly for privilege escalation.\n\nCVE-2015-5364\n\nIt was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker could exploit this flaw to cause a denial of service using a flood of UDP packets with invalid checksums.\n\nCVE-2015-5366\n\nIt was discovered that the Linux kernel does not properly handle invalid UDP checksums. A remote attacker can cause a denial of service against applications that use epoll by injecting a single packet with an invalid checksum.\n\nCVE-2015-5697\n\nA flaw was discovered in the md driver in the Linux kernel leading to an information leak.\n\nCVE-2015-5707\n\nAn integer overflow in the SCSI generic driver in the Linux kernel was discovered. A local user with write permission on a SCSI generic device could potentially exploit this flaw for privilege escalation.\n\nCVE-2015-6937\n\nIt was found that the Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport exists when creating a connection. Depending on how a local RDS application initialised its sockets, a remote attacker might be able to cause a denial of service (crash) by sending a crafted packet.\n\nFor the oldoldstable distribution (squeeze), these problems have been fixed in version 2.6.32-48squeeze14.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u4 or earlier.\n\nFor the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u4 or earlier.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-09-22T00:00:00", "type": "nessus", "title": "Debian DLA-310-1 : linux-2.6 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0272", "CVE-2015-5156", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6937"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:firmware-linux-free", "p-cpe:/a:debian:debian_linux:linux-base", "p-cpe:/a:debian:debian_linux:linux-doc-2.6.32", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64", "p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-2.6.32", "p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32", "p-cpe:/a:debian:debian_linux:linux-source-2.6.32", "p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5", "p-cpe:/a:debian:debian_linux:linux-tools-2.6.32", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686", "p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-310.NASL", "href": "https://www.tenable.com/plugins/nessus/86049", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-310-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86049);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-0272\", \"CVE-2015-5156\", \"CVE-2015-5364\", \"CVE-2015-5366\", \"CVE-2015-5697\", \"CVE-2015-5707\", \"CVE-2015-6937\");\n script_bugtraq_id(75510);\n\n script_name(english:\"Debian DLA-310-1 : linux-2.6 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the CVEs described below.\n\nCVE-2015-0272\n\nIt was discovered that NetworkManager would set IPv6 MTUs based on the\nvalues received in IPv6 RAs (Router Advertisements), without\nsufficiently validating these values. A remote attacker could exploit\nthis attack to disable IPv6 connectivity. This has been mitigated by\nadding validation in the kernel.\n\nCVE-2015-5156\n\nJason Wang discovered that when a virtio_net device is connected to a\nbridge in the same VM, a series of TCP packets forwarded through the\nbridge may cause a heap buffer overflow. A remote attacker could use\nthis to cause a denial of service (crash) or possibly for privilege\nescalation.\n\nCVE-2015-5364\n\nIt was discovered that the Linux kernel does not properly handle\ninvalid UDP checksums. A remote attacker could exploit this flaw to\ncause a denial of service using a flood of UDP packets with invalid\nchecksums.\n\nCVE-2015-5366\n\nIt was discovered that the Linux kernel does not properly handle\ninvalid UDP checksums. A remote attacker can cause a denial of service\nagainst applications that use epoll by injecting a single packet with\nan invalid checksum.\n\nCVE-2015-5697\n\nA flaw was discovered in the md driver in the Linux kernel leading to\nan information leak.\n\nCVE-2015-5707\n\nAn integer overflow in the SCSI generic driver in the Linux kernel was\ndiscovered. A local user with write permission on a SCSI generic\ndevice could potentially exploit this flaw for privilege escalation.\n\nCVE-2015-6937\n\nIt was found that the Reliable Datagram Sockets (RDS) protocol\nimplementation did not verify that an underlying transport exists when\ncreating a connection. Depending on how a local RDS application\ninitialised its sockets, a remote attacker might be able to cause a\ndenial of service (crash) by sending a crafted packet.\n\nFor the oldoldstable distribution (squeeze), these problems have been\nfixed in version 2.6.32-48squeeze14.\n\nFor the oldstable distribution (wheezy), these problems have been\nfixed in version 3.2.68-1+deb7u4 or earlier.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.7-ckt11-1+deb8u4 or earlier.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/09/msg00008.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/linux-2.6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firmware-linux-free\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-tools-2.6.32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"firmware-linux-free\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-base\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-doc-2.6.32\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-486\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-686-bigmem\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-amd64\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-all-i386\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-amd64\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-openvz\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-vserver\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-common-xen\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-686\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-openvz-amd64\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-686-bigmem\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-vserver-amd64\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"linux-headers-2.6.32-5-xen-686\", reference:\"2.6.32-48squeeze14\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)

Description

Related