openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)

2016-02-0300:00:00

www.tenable.com

The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes.

Following security bugs were fixed :

CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075).
CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).
CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock.
(bsc#961509)
CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).
CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).
CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).
CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).
CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).
CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).

The following non-security bugs were fixed :

ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).
ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439).
ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
ALSA: hda - Flush the pending probe work at remove (boo#960710).
ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).
Add Cavium Thunderx network enhancements
Add RHEL to kernel-obs-build
Backport amd xgbe fixes and features
Backport arm64 patches from SLE12-SP1-ARM.
Btrfs: fix the number of transaction units needed to remove a block group (bsc#950178).
Btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#950178).
Documentation: nousb is a module parameter (bnc#954324).
Driver for IBM System i/p VNIC protocol.
Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can’t be built as a module.
Fix PCI generic host controller
Fix kABI breakage for max_dev_sectors addition to queue_limits (boo#961263).
HID: multitouch: Fetch feature reports on demand for Win8 devices (boo#954532).
HID: multitouch: fix input mode switching on some Elan panels (boo#954532).
Implement enable/disable for Display C6 state (boo#960021).
Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).
Linux 4.1.15 (boo#954647 bsc#955422).
Move kabi patch to patches.kabi directory
Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in SLE11-SP3, now replaced with the upstream drivers.
PCI: generic: Pass starting bus number to pci_scan_root_bus().
Revert ‘block: remove artifical max_hw_sectors cap’ (boo#961263).
Set system time through RTC device
Update arm64 config files. Enabled DRM_AST in the vanilla kernel since it is now enabled in the default kernel.
Update config files: CONFIG_IBMVNIC=m
block/sd: Fix device-imposed transfer length limits (boo#961263).
block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).
drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).
drm/i915/skl: Add DC6 Trigger sequence (boo#960021).
drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).
drm/i915/skl: Add the INIT power domain to the MISC I/O power well (boo#960021).
drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).
drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).
drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS (boo#960021).
drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).
drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).
drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).
drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).
drm/i915/skl: Make the Misc I/O power well part of the PLLS domain (boo#960021).
drm/i915/skl: add F0 stepping ID (boo#960021).
drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).
drm/i915: Clear crtc atomic flags at beginning of transaction (boo#960021).
drm/i915: Fix CSR MMIO address check (boo#960021).
drm/i915: Switch to full atomic helpers for plane updates/disable, take two (boo#960021).
drm/i915: set CDCLK if DPLL0 enabled during resuming from S3 (boo#960021).
ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).
genksyms: Handle string literals with spaces in reference files (bsc#958510).
group-source-files: mark module.lds as devel file ld:
cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory
hwrng: core - sleep interruptible in read (bnc#962597).
ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).
kABI fixes for linux-4.1.15.
rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir
rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere.
rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors.
rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs.
rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259
rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed
rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file
rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel should not be added to the bootloader nor are there any KMPs.
rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11 (bnc#865096)
rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now.
thinkpad_acpi: Do not yell on unsupported brightness interfaces (boo#957152).
usb: make ‘nousb’ a clear module parameter (bnc#954324).
usbvision fix overflow of interfaces array (bnc#950998).
x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).
x86/microcode/amd: Extract current patch level read to a function (bsc#913996).
xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).
xhci: refuse loading if nousb is used (bnc#954324).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-116.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(88542);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2015-7550", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2016-0728");

  script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)");
  script_summary(english:"Check for the openSUSE-2016-116 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15
stable release, and also includes security and bugfixes.

Following security bugs were fixed :

  - CVE-2016-0728: A reference leak in keyring handling with
    join_session_keyring() could lead to local attackers
    gain root privileges. (bsc#962075).

  - CVE-2015-7550: A local user could have triggered a race
    between read and revoke in keyctl (bnc#958951).

  - CVE-2015-8767: A case can occur when sctp_accept() is
    called by the user during a heartbeat timeout event
    after the 4-way handshake. Since sctp_assoc_migrate()
    changes both assoc->base.sk and assoc->ep, the
    bh_sock_lock in sctp_generate_heartbeat_event() will be
    taken with the listening socket but released with the
    new association socket. The result is a deadlock on any
    future attempts to take the listening socket lock.
    (bsc#961509)

  - CVE-2015-8539: A negatively instantiated user key could
    have been used by a local user to leverage privileges
    (bnc#958463).

  - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect
    functions in drivers/net/ppp/pptp.c in the Linux kernel
    did not verify an address length, which allowed local
    users to obtain sensitive information from kernel memory
    and bypass the KASLR protection mechanism via a crafted
    application (bnc#959190).

  - CVE-2015-8543: The networking implementation in the
    Linux kernel did not validate protocol identifiers for
    certain protocol families, which allowed local users to
    cause a denial of service (NULL function pointer
    dereference and system crash) or possibly gain
    privileges by leveraging CLONE_NEWUSER support to
    execute a crafted SOCK_RAW application (bnc#958886).

  - CVE-2015-8575: Validate socket address length in
    sco_sock_bind() to prevent information leak
    (bsc#959399).

  - CVE-2015-8551, CVE-2015-8552: xen/pciback: For
    XEN_PCI_OP_disable_msi[|x] only disable if device has
    MSI(X) enabled (bsc#957990).

  - CVE-2015-8550: Compiler optimizations in the XEN PV
    backend drivers could have lead to double fetch
    vulnerabilities, causing denial of service or arbitrary
    code execution (depending on the configuration)
    (bsc#957988).

The following non-security bugs were fixed :

  - ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd
    (bsc#958439).

  - ALSA: hda - Apply click noise workaround for Thinkpads
    generically (bsc#958439).

  - ALSA: hda - Fix noise problems on Thinkpad T440s
    (boo#958504).

  - ALSA: hda - Flush the pending probe work at remove
    (boo#960710).

  - ALSA: hda - Set codec to D3 at reboot/shutdown on
    Thinkpads (bsc#958439).

  - Add Cavium Thunderx network enhancements

  - Add RHEL to kernel-obs-build

  - Backport amd xgbe fixes and features

  - Backport arm64 patches from SLE12-SP1-ARM.

  - Btrfs: fix the number of transaction units needed to
    remove a block group (bsc#950178).

  - Btrfs: use global reserve when deleting unused block
    group after ENOSPC (bsc#950178).

  - Documentation: nousb is a module parameter (bnc#954324).

  - Driver for IBM System i/p VNIC protocol.

  - Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for
    recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still
    disabled as it can't be built as a module.

  - Fix PCI generic host controller

  - Fix kABI breakage for max_dev_sectors addition to
    queue_limits (boo#961263).

  - HID: multitouch: Fetch feature reports on demand for
    Win8 devices (boo#954532).

  - HID: multitouch: fix input mode switching on some Elan
    panels (boo#954532).

  - Implement enable/disable for Display C6 state
    (boo#960021).

  - Input: aiptek - fix crash on detecting device without
    endpoints (bnc#956708).

  - Linux 4.1.15 (boo#954647 bsc#955422).

  - Move kabi patch to patches.kabi directory

  - Obsolete compat-wireless, rts5229 and rts_pstor KMPs
    These are found in SLE11-SP3, now replaced with the
    upstream drivers.

  - PCI: generic: Pass starting bus number to
    pci_scan_root_bus().

  - Revert 'block: remove artifical max_hw_sectors cap'
    (boo#961263).

  - Set system time through RTC device

  - Update arm64 config files. Enabled DRM_AST in the
    vanilla kernel since it is now enabled in the default
    kernel.

  - Update config files: CONFIG_IBMVNIC=m

  - block/sd: Fix device-imposed transfer length limits
    (boo#961263).

  - block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).

  - drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).

  - drm/i915/skl: Add DC6 Trigger sequence (boo#960021).

  - drm/i915/skl: Add support to load SKL CSR firmware
    (boo#960021).

  - drm/i915/skl: Add the INIT power domain to the MISC I/O
    power well (boo#960021).

  - drm/i915/skl: Deinit/init the display at suspend/resume
    (boo#960021).

  - drm/i915/skl: Fix DMC API version in firmware file name
    (boo#960021).

  - drm/i915/skl: Fix
    WaDisableChickenBitTSGBarrierAckForFFSliceCS
    (boo#960021).

  - drm/i915/skl: Fix stepping check for a couple of W/As
    (boo#960021).

  - drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1
    defines (boo#960021).

  - drm/i915/skl: Implement WaDisableVFUnitClockGating
    (boo#960021).

  - drm/i915/skl: Implement enable/disable for Display C5
    state (boo#960021).

  - drm/i915/skl: Make the Misc I/O power well part of the
    PLLS domain (boo#960021).

  - drm/i915/skl: add F0 stepping ID (boo#960021).

  - drm/i915/skl: enable
    WaForceContextSaveRestoreNonCoherent (boo#960021).

  - drm/i915: Clear crtc atomic flags at beginning of
    transaction (boo#960021).

  - drm/i915: Fix CSR MMIO address check (boo#960021).

  - drm/i915: Switch to full atomic helpers for plane
    updates/disable, take two (boo#960021).

  - drm/i915: set CDCLK if DPLL0 enabled during resuming
    from S3 (boo#960021).

  - ethernet/atheros/alx: sanitize buffer sizing and padding
    (boo#952621).

  - genksyms: Handle string literals with spaces in
    reference files (bsc#958510).

  - group-source-files: mark module.lds as devel file ld:
    cannot open linker script file
    /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No
    such file or directory

  - hwrng: core - sleep interruptible in read (bnc#962597).

  - ipv6: distinguish frag queues by device for multicast
    and link-local packets (bsc#955422).

  - kABI fixes for linux-4.1.15.

  - rpm/compute-PATCHVERSION.sh: Skip stale directories in
    the package dir

  - rpm/constraints.in: Bump disk space requirements up a
    bit Require 10GB on s390x, 20GB elsewhere.

  - rpm/constraints.in: Require 14GB worth of disk space on
    POWER The builds started to fail randomly due to ENOSPC
    errors.

  - rpm/kernel-binary.spec.in: Do not explicitly set
    DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is
    a selectable Kconfig option since 2.6.39 and is enabled
    in our configs.

  - rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp
    (bnc#865259)865259

  - rpm/kernel-binary.spec.in: Fix build if no UEFI certs
    are installed

  - rpm/kernel-binary.spec.in: Install libopenssl-devel for
    newer sign-file

  - rpm/kernel-binary.spec.in: No scriptlets in
    kernel-zfcpdump The kernel should not be added to the
    bootloader nor are there any KMPs.

  - rpm/kernel-binary.spec.in: Obsolete the -base package
    from SLE11 (bnc#865096)

  - rpm/kernel-binary.spec.in: Use parallel make in all
    invocations Also, remove the lengthy comment, since we
    are using a standard rpm macro now.

  - thinkpad_acpi: Do not yell on unsupported brightness
    interfaces (boo#957152).

  - usb: make 'nousb' a clear module parameter (bnc#954324).

  - usbvision fix overflow of interfaces array (bnc#950998).

  - x86/microcode/amd: Do not overwrite final patch levels
    (bsc#913996).

  - x86/microcode/amd: Extract current patch level read to a
    function (bsc#913996).

  - xen/pciback: Do not allow MSI-X ops if
    PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).

  - xhci: refuse loading if nousb is used (bnc#954324)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=865096"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=865259"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=913996"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950998"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954324"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954532"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=955422"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=956708"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957152"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957990"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958439"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958504"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958510"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958886"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958951"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=959190"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=959399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960710"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961263"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961509"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962075"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962597"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected the Linux Kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-docs-html-4.1.15-8.3") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-docs-pdf-4.1.15-8.3") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-macros-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-build-4.1.15-8.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-build-debugsource-4.1.15-8.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-qa-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-qa-xen-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-source-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-source-vanilla-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-syms-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-devel-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-devel-4.1.15-8.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
}

VendorProductVersionCPE
novellopensusekernel-debugp-cpe:/a:novell:opensuse:kernel-debug
novellopensusekernel-debug-basep-cpe:/a:novell:opensuse:kernel-debug-base
novellopensusekernel-debug-base-debuginfop-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo
novellopensusekernel-debug-debuginfop-cpe:/a:novell:opensuse:kernel-debug-debuginfo
novellopensusekernel-debug-debugsourcep-cpe:/a:novell:opensuse:kernel-debug-debugsource
novellopensusekernel-debug-develp-cpe:/a:novell:opensuse:kernel-debug-devel
novellopensusekernel-debug-devel-debuginfop-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo
novellopensusekernel-defaultp-cpe:/a:novell:opensuse:kernel-default
novellopensusekernel-default-basep-cpe:/a:novell:opensuse:kernel-default-base
novellopensusekernel-default-base-debuginfop-cpe:/a:novell:opensuse:kernel-default-base-debuginfo

Vendor	Product	Version	CPE
novell	opensuse	kernel-debug	p-cpe:/a:novell:opensuse:kernel-debug
novell	opensuse	kernel-debug-base	p-cpe:/a:novell:opensuse:kernel-debug-base
novell	opensuse	kernel-debug-base-debuginfo	p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo
novell	opensuse	kernel-debug-debuginfo	p-cpe:/a:novell:opensuse:kernel-debug-debuginfo
novell	opensuse	kernel-debug-debugsource	p-cpe:/a:novell:opensuse:kernel-debug-debugsource
novell	opensuse	kernel-debug-devel	p-cpe:/a:novell:opensuse:kernel-debug-devel
novell	opensuse	kernel-debug-devel-debuginfo	p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo
novell	opensuse	kernel-default	p-cpe:/a:novell:opensuse:kernel-default
novell	opensuse	kernel-default-base	p-cpe:/a:novell:opensuse:kernel-default-base
novell	opensuse	kernel-default-base-debuginfo	p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo