CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
54.9%
The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes.
Following security bugs were fixed :
CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075).
CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).
CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock.
(bsc#961509)
CVE-2015-8539: A negatively instantiated user key could have been used by a local user to leverage privileges (bnc#958463).
CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).
CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).
CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).
CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).
CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).
The following non-security bugs were fixed :
ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd (bsc#958439).
ALSA: hda - Apply click noise workaround for Thinkpads generically (bsc#958439).
ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).
ALSA: hda - Flush the pending probe work at remove (boo#960710).
ALSA: hda - Set codec to D3 at reboot/shutdown on Thinkpads (bsc#958439).
Add Cavium Thunderx network enhancements
Add RHEL to kernel-obs-build
Backport amd xgbe fixes and features
Backport arm64 patches from SLE12-SP1-ARM.
Btrfs: fix the number of transaction units needed to remove a block group (bsc#950178).
Btrfs: use global reserve when deleting unused block group after ENOSPC (bsc#950178).
Documentation: nousb is a module parameter (bnc#954324).
Driver for IBM System i/p VNIC protocol.
Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still disabled as it can’t be built as a module.
Fix PCI generic host controller
Fix kABI breakage for max_dev_sectors addition to queue_limits (boo#961263).
HID: multitouch: Fetch feature reports on demand for Win8 devices (boo#954532).
HID: multitouch: fix input mode switching on some Elan panels (boo#954532).
Implement enable/disable for Display C6 state (boo#960021).
Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).
Linux 4.1.15 (boo#954647 bsc#955422).
Move kabi patch to patches.kabi directory
Obsolete compat-wireless, rts5229 and rts_pstor KMPs These are found in SLE11-SP3, now replaced with the upstream drivers.
PCI: generic: Pass starting bus number to pci_scan_root_bus().
Revert ‘block: remove artifical max_hw_sectors cap’ (boo#961263).
Set system time through RTC device
Update arm64 config files. Enabled DRM_AST in the vanilla kernel since it is now enabled in the default kernel.
Update config files: CONFIG_IBMVNIC=m
block/sd: Fix device-imposed transfer length limits (boo#961263).
block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).
drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).
drm/i915/skl: Add DC6 Trigger sequence (boo#960021).
drm/i915/skl: Add support to load SKL CSR firmware (boo#960021).
drm/i915/skl: Add the INIT power domain to the MISC I/O power well (boo#960021).
drm/i915/skl: Deinit/init the display at suspend/resume (boo#960021).
drm/i915/skl: Fix DMC API version in firmware file name (boo#960021).
drm/i915/skl: Fix WaDisableChickenBitTSGBarrierAckForFFSliceCS (boo#960021).
drm/i915/skl: Fix stepping check for a couple of W/As (boo#960021).
drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1 defines (boo#960021).
drm/i915/skl: Implement WaDisableVFUnitClockGating (boo#960021).
drm/i915/skl: Implement enable/disable for Display C5 state (boo#960021).
drm/i915/skl: Make the Misc I/O power well part of the PLLS domain (boo#960021).
drm/i915/skl: add F0 stepping ID (boo#960021).
drm/i915/skl: enable WaForceContextSaveRestoreNonCoherent (boo#960021).
drm/i915: Clear crtc atomic flags at beginning of transaction (boo#960021).
drm/i915: Fix CSR MMIO address check (boo#960021).
drm/i915: Switch to full atomic helpers for plane updates/disable, take two (boo#960021).
drm/i915: set CDCLK if DPLL0 enabled during resuming from S3 (boo#960021).
ethernet/atheros/alx: sanitize buffer sizing and padding (boo#952621).
genksyms: Handle string literals with spaces in reference files (bsc#958510).
group-source-files: mark module.lds as devel file ld:
cannot open linker script file /usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No such file or directory
hwrng: core - sleep interruptible in read (bnc#962597).
ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).
kABI fixes for linux-4.1.15.
rpm/compute-PATCHVERSION.sh: Skip stale directories in the package dir
rpm/constraints.in: Bump disk space requirements up a bit Require 10GB on s390x, 20GB elsewhere.
rpm/constraints.in: Require 14GB worth of disk space on POWER The builds started to fail randomly due to ENOSPC errors.
rpm/kernel-binary.spec.in: Do not explicitly set DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is a selectable Kconfig option since 2.6.39 and is enabled in our configs.
rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp (bnc#865259)865259
rpm/kernel-binary.spec.in: Fix build if no UEFI certs are installed
rpm/kernel-binary.spec.in: Install libopenssl-devel for newer sign-file
rpm/kernel-binary.spec.in: No scriptlets in kernel-zfcpdump The kernel should not be added to the bootloader nor are there any KMPs.
rpm/kernel-binary.spec.in: Obsolete the -base package from SLE11 (bnc#865096)
rpm/kernel-binary.spec.in: Use parallel make in all invocations Also, remove the lengthy comment, since we are using a standard rpm macro now.
thinkpad_acpi: Do not yell on unsupported brightness interfaces (boo#957152).
usb: make ‘nousb’ a clear module parameter (bnc#954324).
usbvision fix overflow of interfaces array (bnc#950998).
x86/microcode/amd: Do not overwrite final patch levels (bsc#913996).
x86/microcode/amd: Extract current patch level read to a function (bsc#913996).
xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).
xhci: refuse loading if nousb is used (bnc#954324).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-116.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(88542);
script_version("2.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2015-7550", "CVE-2015-8539", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2016-0728");
script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2016-116)");
script_summary(english:"Check for the openSUSE-2016-116 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15
stable release, and also includes security and bugfixes.
Following security bugs were fixed :
- CVE-2016-0728: A reference leak in keyring handling with
join_session_keyring() could lead to local attackers
gain root privileges. (bsc#962075).
- CVE-2015-7550: A local user could have triggered a race
between read and revoke in keyctl (bnc#958951).
- CVE-2015-8767: A case can occur when sctp_accept() is
called by the user during a heartbeat timeout event
after the 4-way handshake. Since sctp_assoc_migrate()
changes both assoc->base.sk and assoc->ep, the
bh_sock_lock in sctp_generate_heartbeat_event() will be
taken with the listening socket but released with the
new association socket. The result is a deadlock on any
future attempts to take the listening socket lock.
(bsc#961509)
- CVE-2015-8539: A negatively instantiated user key could
have been used by a local user to leverage privileges
(bnc#958463).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect
functions in drivers/net/ppp/pptp.c in the Linux kernel
did not verify an address length, which allowed local
users to obtain sensitive information from kernel memory
and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).
- CVE-2015-8543: The networking implementation in the
Linux kernel did not validate protocol identifiers for
certain protocol families, which allowed local users to
cause a denial of service (NULL function pointer
dereference and system crash) or possibly gain
privileges by leveraging CLONE_NEWUSER support to
execute a crafted SOCK_RAW application (bnc#958886).
- CVE-2015-8575: Validate socket address length in
sco_sock_bind() to prevent information leak
(bsc#959399).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has
MSI(X) enabled (bsc#957990).
- CVE-2015-8550: Compiler optimizations in the XEN PV
backend drivers could have lead to double fetch
vulnerabilities, causing denial of service or arbitrary
code execution (depending on the configuration)
(bsc#957988).
The following non-security bugs were fixed :
- ALSA: hda - Add a fixup for Thinkpad X1 Carbon 2nd
(bsc#958439).
- ALSA: hda - Apply click noise workaround for Thinkpads
generically (bsc#958439).
- ALSA: hda - Fix noise problems on Thinkpad T440s
(boo#958504).
- ALSA: hda - Flush the pending probe work at remove
(boo#960710).
- ALSA: hda - Set codec to D3 at reboot/shutdown on
Thinkpads (bsc#958439).
- Add Cavium Thunderx network enhancements
- Add RHEL to kernel-obs-build
- Backport amd xgbe fixes and features
- Backport arm64 patches from SLE12-SP1-ARM.
- Btrfs: fix the number of transaction units needed to
remove a block group (bsc#950178).
- Btrfs: use global reserve when deleting unused block
group after ENOSPC (bsc#950178).
- Documentation: nousb is a module parameter (bnc#954324).
- Driver for IBM System i/p VNIC protocol.
- Enable CONFIG_PINCTRL_CHERRYVIEW (boo#954532) Needed for
recent tablets/laptops. CONFIG_PINCTRL_BAYTRAIL is still
disabled as it can't be built as a module.
- Fix PCI generic host controller
- Fix kABI breakage for max_dev_sectors addition to
queue_limits (boo#961263).
- HID: multitouch: Fetch feature reports on demand for
Win8 devices (boo#954532).
- HID: multitouch: fix input mode switching on some Elan
panels (boo#954532).
- Implement enable/disable for Display C6 state
(boo#960021).
- Input: aiptek - fix crash on detecting device without
endpoints (bnc#956708).
- Linux 4.1.15 (boo#954647 bsc#955422).
- Move kabi patch to patches.kabi directory
- Obsolete compat-wireless, rts5229 and rts_pstor KMPs
These are found in SLE11-SP3, now replaced with the
upstream drivers.
- PCI: generic: Pass starting bus number to
pci_scan_root_bus().
- Revert 'block: remove artifical max_hw_sectors cap'
(boo#961263).
- Set system time through RTC device
- Update arm64 config files. Enabled DRM_AST in the
vanilla kernel since it is now enabled in the default
kernel.
- Update config files: CONFIG_IBMVNIC=m
- block/sd: Fix device-imposed transfer length limits
(boo#961263).
- block: bump BLK_DEF_MAX_SECTORS to 2560 (boo#961263).
- drm/i915/skl: Add DC5 Trigger Sequence (boo#960021).
- drm/i915/skl: Add DC6 Trigger sequence (boo#960021).
- drm/i915/skl: Add support to load SKL CSR firmware
(boo#960021).
- drm/i915/skl: Add the INIT power domain to the MISC I/O
power well (boo#960021).
- drm/i915/skl: Deinit/init the display at suspend/resume
(boo#960021).
- drm/i915/skl: Fix DMC API version in firmware file name
(boo#960021).
- drm/i915/skl: Fix
WaDisableChickenBitTSGBarrierAckForFFSliceCS
(boo#960021).
- drm/i915/skl: Fix stepping check for a couple of W/As
(boo#960021).
- drm/i915/skl: Fix the CTRL typo in the DPLL_CRTL1
defines (boo#960021).
- drm/i915/skl: Implement WaDisableVFUnitClockGating
(boo#960021).
- drm/i915/skl: Implement enable/disable for Display C5
state (boo#960021).
- drm/i915/skl: Make the Misc I/O power well part of the
PLLS domain (boo#960021).
- drm/i915/skl: add F0 stepping ID (boo#960021).
- drm/i915/skl: enable
WaForceContextSaveRestoreNonCoherent (boo#960021).
- drm/i915: Clear crtc atomic flags at beginning of
transaction (boo#960021).
- drm/i915: Fix CSR MMIO address check (boo#960021).
- drm/i915: Switch to full atomic helpers for plane
updates/disable, take two (boo#960021).
- drm/i915: set CDCLK if DPLL0 enabled during resuming
from S3 (boo#960021).
- ethernet/atheros/alx: sanitize buffer sizing and padding
(boo#952621).
- genksyms: Handle string literals with spaces in
reference files (bsc#958510).
- group-source-files: mark module.lds as devel file ld:
cannot open linker script file
/usr/src/linux-4.2.5-1/arch/arm/kernel/module.lds: No
such file or directory
- hwrng: core - sleep interruptible in read (bnc#962597).
- ipv6: distinguish frag queues by device for multicast
and link-local packets (bsc#955422).
- kABI fixes for linux-4.1.15.
- rpm/compute-PATCHVERSION.sh: Skip stale directories in
the package dir
- rpm/constraints.in: Bump disk space requirements up a
bit Require 10GB on s390x, 20GB elsewhere.
- rpm/constraints.in: Require 14GB worth of disk space on
POWER The builds started to fail randomly due to ENOSPC
errors.
- rpm/kernel-binary.spec.in: Do not explicitly set
DEBUG_SECTION_MISMATCH CONFIG_DEBUG_SECTION_MISMATCH is
a selectable Kconfig option since 2.6.39 and is enabled
in our configs.
- rpm/kernel-binary.spec.in: Do not obsolete ocfs2-kmp
(bnc#865259)865259
- rpm/kernel-binary.spec.in: Fix build if no UEFI certs
are installed
- rpm/kernel-binary.spec.in: Install libopenssl-devel for
newer sign-file
- rpm/kernel-binary.spec.in: No scriptlets in
kernel-zfcpdump The kernel should not be added to the
bootloader nor are there any KMPs.
- rpm/kernel-binary.spec.in: Obsolete the -base package
from SLE11 (bnc#865096)
- rpm/kernel-binary.spec.in: Use parallel make in all
invocations Also, remove the lengthy comment, since we
are using a standard rpm macro now.
- thinkpad_acpi: Do not yell on unsupported brightness
interfaces (boo#957152).
- usb: make 'nousb' a clear module parameter (bnc#954324).
- usbvision fix overflow of interfaces array (bnc#950998).
- x86/microcode/amd: Do not overwrite final patch levels
(bsc#913996).
- x86/microcode/amd: Extract current patch level read to a
function (bsc#913996).
- xen/pciback: Do not allow MSI-X ops if
PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).
- xhci: refuse loading if nousb is used (bnc#954324)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=865096"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=865259"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=913996"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950178"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950998"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=952621"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954324"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954532"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=954647"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=955422"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=956708"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957152"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957988"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=957990"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958439"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958463"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958504"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958510"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958886"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958951"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=959190"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=959399"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960021"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=960710"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961263"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961509"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962075"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=962597"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected the Linux Kernel packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"patch_publication_date", value:"2016/01/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/03");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-docs-html-4.1.15-8.3") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-docs-pdf-4.1.15-8.3") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-macros-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-build-4.1.15-8.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-build-debugsource-4.1.15-8.2") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-qa-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-qa-xen-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-source-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-source-vanilla-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"kernel-syms-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-devel-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-devel-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-base-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-debuginfo-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-debugsource-4.1.15-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-devel-4.1.15-8.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | kernel-debug-debuginfo | p-cpe:/a:novell:opensuse:kernel-debug-debuginfo |
novell | opensuse | kernel-pv-base | p-cpe:/a:novell:opensuse:kernel-pv-base |
novell | opensuse | kernel-ec2-debugsource | p-cpe:/a:novell:opensuse:kernel-ec2-debugsource |
novell | opensuse | kernel-pv-base-debuginfo | p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo |
novell | opensuse | kernel-xen-debugsource | p-cpe:/a:novell:opensuse:kernel-xen-debugsource |
novell | opensuse | kernel-default-base | p-cpe:/a:novell:opensuse:kernel-default-base |
novell | opensuse | kernel-pae | p-cpe:/a:novell:opensuse:kernel-pae |
novell | opensuse | kernel-vanilla-debugsource | p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource |
novell | opensuse | kernel-default | p-cpe:/a:novell:opensuse:kernel-default |
novell | opensuse | kernel-macros | p-cpe:/a:novell:opensuse:kernel-macros |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8539
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8551
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8552
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8575
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728
bugzilla.opensuse.org/show_bug.cgi?id=865096
bugzilla.opensuse.org/show_bug.cgi?id=865259
bugzilla.opensuse.org/show_bug.cgi?id=913996
bugzilla.opensuse.org/show_bug.cgi?id=950178
bugzilla.opensuse.org/show_bug.cgi?id=950998
bugzilla.opensuse.org/show_bug.cgi?id=952621
bugzilla.opensuse.org/show_bug.cgi?id=954324
bugzilla.opensuse.org/show_bug.cgi?id=954532
bugzilla.opensuse.org/show_bug.cgi?id=954647
bugzilla.opensuse.org/show_bug.cgi?id=955422
bugzilla.opensuse.org/show_bug.cgi?id=956708
bugzilla.opensuse.org/show_bug.cgi?id=957152
bugzilla.opensuse.org/show_bug.cgi?id=957988
bugzilla.opensuse.org/show_bug.cgi?id=957990
bugzilla.opensuse.org/show_bug.cgi?id=958439
bugzilla.opensuse.org/show_bug.cgi?id=958463
bugzilla.opensuse.org/show_bug.cgi?id=958504
bugzilla.opensuse.org/show_bug.cgi?id=958510
bugzilla.opensuse.org/show_bug.cgi?id=958886
bugzilla.opensuse.org/show_bug.cgi?id=958951
bugzilla.opensuse.org/show_bug.cgi?id=959190
bugzilla.opensuse.org/show_bug.cgi?id=959399
bugzilla.opensuse.org/show_bug.cgi?id=960021
bugzilla.opensuse.org/show_bug.cgi?id=960710
bugzilla.opensuse.org/show_bug.cgi?id=961263
bugzilla.opensuse.org/show_bug.cgi?id=961509
bugzilla.opensuse.org/show_bug.cgi?id=962075
bugzilla.opensuse.org/show_bug.cgi?id=962597
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
54.9%