ID ORACLELINUX_ELSA-2016-2006.NASL Type nessus Reporter Tenable Modified 2018-07-24T00:00:00
Description
From Red Hat Security Advisory 2016:2006 :
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es) :
A flaw was found in the Linux kernel's keyring handling code, where
in key_reject_and_link() an uninitialized variable would eventually
lead to arbitrary free address which could allow attacker to use a
use-after-free style attack. (CVE-2016-4470, Important)
A heap-based buffer overflow vulnerability was found in the Linux
kernel's hiddev driver. This flaw could allow a local attacker to
corrupt kernel memory, possible privilege escalation or crashing the
system. (CVE-2016-5829, Moderate)
The CVE-2016-4470 issue was discovered by David Howells (Red Hat
Inc.).
Bug Fix(es) :
Previously, when two NFS shares with different security settings
were mounted, the I/O operations to the kerberos-authenticated mount
caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the
parameter was not unset when performing the I/O operations on the
sec=sys mount. Consequently, writes to both NFS shares had the same
parameters, regardless of their security settings. This update fixes
this problem by moving the NO_CRKEY_TIMEOUT parameter to the
auth->au_flags field. As a result, NFS shares with different security
settings are now handled as expected. (BZ#1366962)
In some circumstances, resetting a Fibre Channel over Ethernet
(FCoE) interface could lead to a kernel panic, due to invalid
information extracted from the FCoE header. This update adds santiy
checking to the cpu number extracted from the FCoE header. This
ensures that subsequent operations address a valid cpu, and eliminates
the kernel panic. (BZ#1359036)
Prior to this update, the following problems occurred with the way
GSF2 transitioned files and directories from the 'unlinked' state to
the 'free' state :
The numbers reported for the df and the du commands in some cases got
out of sync, which caused blocks in the file system to appear missing.
The blocks were not actually missing, but they were left in the
'unlinked' state.
In some circumstances, GFS2 referenced a cluster lock that was already
deleted, which led to a kernel panic.
If an object was deleted and its space reused as a different object,
GFS2 sometimes deleted the existing one, which caused file system
corruption.
With this update, the transition from 'unlinked' to 'free' state has
been fixed. As a result, none of these three problems occur anymore.
(BZ#1359037)
Previously, the GFS2 file system in some cases became unresponsive
due to lock dependency problems between inodes and the cluster lock.
This occurred most frequently on nearly full file systems where files
and directories were being deleted and recreated at the same block
location at the same time. With this update, a set of patches has been
applied to fix these lock dependencies. As a result, GFS2 no longer
hangs in the described circumstances. (BZ#1359038)
When used with controllers that do not support DCMD-
MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite
error reporting loop of error reporting messages. This could cause
difficulties with finding other important log messages, or even it
could cause the disk to overflow. This bug has been fixed by ignoring
the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not
support it and sending the DCMD SUCCESS status to the AEN functions.
As a result, the error messages no longer appear when there is a
change in the status of one of the arrays. (BZ#1359039)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2016:2006 and
# Oracle Linux Security Advisory ELSA-2016-2006 respectively.
#
if (NASL_LEVEL < 3000) exit(0);
include("compat.inc");
if (description)
{
script_id(93857);
script_version("2.5");
script_cvs_date("Date: 2018/07/24 18:56:12");
script_cve_id("CVE-2016-4470", "CVE-2016-5829");
script_xref(name:"RHSA", value:"2016:2006");
script_name(english:"Oracle Linux 6 : kernel (ELSA-2016-2006)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2016:2006 :
An update for kernel is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es) :
* A flaw was found in the Linux kernel's keyring handling code, where
in key_reject_and_link() an uninitialized variable would eventually
lead to arbitrary free address which could allow attacker to use a
use-after-free style attack. (CVE-2016-4470, Important)
* A heap-based buffer overflow vulnerability was found in the Linux
kernel's hiddev driver. This flaw could allow a local attacker to
corrupt kernel memory, possible privilege escalation or crashing the
system. (CVE-2016-5829, Moderate)
The CVE-2016-4470 issue was discovered by David Howells (Red Hat
Inc.).
Bug Fix(es) :
* Previously, when two NFS shares with different security settings
were mounted, the I/O operations to the kerberos-authenticated mount
caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the
parameter was not unset when performing the I/O operations on the
sec=sys mount. Consequently, writes to both NFS shares had the same
parameters, regardless of their security settings. This update fixes
this problem by moving the NO_CRKEY_TIMEOUT parameter to the
auth->au_flags field. As a result, NFS shares with different security
settings are now handled as expected. (BZ#1366962)
* In some circumstances, resetting a Fibre Channel over Ethernet
(FCoE) interface could lead to a kernel panic, due to invalid
information extracted from the FCoE header. This update adds santiy
checking to the cpu number extracted from the FCoE header. This
ensures that subsequent operations address a valid cpu, and eliminates
the kernel panic. (BZ#1359036)
* Prior to this update, the following problems occurred with the way
GSF2 transitioned files and directories from the 'unlinked' state to
the 'free' state :
The numbers reported for the df and the du commands in some cases got
out of sync, which caused blocks in the file system to appear missing.
The blocks were not actually missing, but they were left in the
'unlinked' state.
In some circumstances, GFS2 referenced a cluster lock that was already
deleted, which led to a kernel panic.
If an object was deleted and its space reused as a different object,
GFS2 sometimes deleted the existing one, which caused file system
corruption.
With this update, the transition from 'unlinked' to 'free' state has
been fixed. As a result, none of these three problems occur anymore.
(BZ#1359037)
* Previously, the GFS2 file system in some cases became unresponsive
due to lock dependency problems between inodes and the cluster lock.
This occurred most frequently on nearly full file systems where files
and directories were being deleted and recreated at the same block
location at the same time. With this update, a set of patches has been
applied to fix these lock dependencies. As a result, GFS2 no longer
hangs in the described circumstances. (BZ#1359038)
* When used with controllers that do not support DCMD-
MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite
error reporting loop of error reporting messages. This could cause
difficulties with finding other important log messages, or even it
could cause the disk to overflow. This bug has been fixed by ignoring
the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not
support it and sending the DCMD SUCCESS status to the AEN functions.
As a result, the error messages no longer appear when there is a
change in the status of one of the arrays. (BZ#1359039)"
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kernel packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"patch_publication_date", value:"2016/10/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/05");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = eregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_exists(release:"EL6", rpm:"kernel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-2.6.32-642.6.1.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-abi-whitelists-2.6.32") && rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-642.6.1.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-642.6.1.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-642.6.1.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-642.6.1.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-642.6.1.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-642.6.1.el6")) flag++;
if (rpm_exists(release:"EL6", rpm:"kernel-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-642.6.1.el6")) flag++;
if (rpm_check(release:"EL6", reference:"perf-2.6.32-642.6.1.el6")) flag++;
if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-642.6.1.el6")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}
{"id": "ORACLELINUX_ELSA-2016-2006.NASL", "bulletinFamily": "scanner", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)", "published": "2016-10-05T00:00:00", "modified": "2018-07-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "reporter": "Tenable", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "type": "nessus", "lastseen": "2019-01-16T20:25:03", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the 'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "edition": 2, "hash": "a60d4b99d579422d3cf336e4cbe2f4bed01a61b3b6649741855da80df8e165c2", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "426de8a8f9f96f62954c4e885081eafc", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "29ae70fc54d8caf4b95200f276c32c95", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "b8b76003a5e2eb3117c2d8f4228c38e1", "key": "sourceData"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e37a491e8d12389690ddc07508774539", "key": "href"}, {"hash": "0f14653f3a4ec7cfb9db0da62deba05b", "key": "pluginID"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "published"}, {"hash": "f6a3169a9b109017b874b2e51edfb43e", "key": "modified"}, {"hash": "cf4c39da96e23a028292cd98fec4fbea", "key": "cvelist"}, {"hash": "4a974f9bac2eb50acad8aa6069f208f8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "id": "ORACLELINUX_ELSA-2016-2006.NASL", "lastseen": "2016-10-10T21:25:44", "modified": "2016-10-10T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "93857", "published": "2016-10-05T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/10 14:25:16 $\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_osvdb_id(140046, 140558);\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2016-10-10T21:25:44"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the 'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "edition": 7, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "52fd91b0f791269ec48c2a30ea894364dc19f16e68c16b50cb86a897121d2bb4", "hashmap": [{"hash": "4e9ff411278dd1e0a2396e82da16469b", "key": "modified"}, {"hash": "cd0d1badcd4640189cb6e6c8f485a193", "key": "cpe"}, {"hash": "426de8a8f9f96f62954c4e885081eafc", "key": "description"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b93d518e239a97a2ac778d6515e4e5e4", "key": "sourceData"}, {"hash": "29ae70fc54d8caf4b95200f276c32c95", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e37a491e8d12389690ddc07508774539", "key": "href"}, {"hash": "0f14653f3a4ec7cfb9db0da62deba05b", "key": "pluginID"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "published"}, {"hash": "cf4c39da96e23a028292cd98fec4fbea", "key": "cvelist"}, {"hash": "4a974f9bac2eb50acad8aa6069f208f8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "id": "ORACLELINUX_ELSA-2016-2006.NASL", "lastseen": "2018-08-30T19:49:06", "modified": "2018-07-24T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "93857", "published": "2016-10-05T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 7, "lastseen": "2018-08-30T19:49:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the 'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "edition": 5, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "138811102d90c9077e055785724df0a90519e5084affbf485ea3f36b63bd83f4", "hashmap": [{"hash": "cd0d1badcd4640189cb6e6c8f485a193", "key": "cpe"}, {"hash": "426de8a8f9f96f62954c4e885081eafc", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "29ae70fc54d8caf4b95200f276c32c95", "key": "title"}, {"hash": "43679430b653efcf3efbbde101db116e", "key": "modified"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e37a491e8d12389690ddc07508774539", "key": "href"}, {"hash": "0f14653f3a4ec7cfb9db0da62deba05b", "key": "pluginID"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "published"}, {"hash": "cad8a734e8eb162b6a06da6071c8c77a", "key": "sourceData"}, {"hash": "cf4c39da96e23a028292cd98fec4fbea", "key": "cvelist"}, {"hash": "4a974f9bac2eb50acad8aa6069f208f8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "id": "ORACLELINUX_ELSA-2016-2006.NASL", "lastseen": "2017-10-29T13:41:18", "modified": "2016-12-07T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "93857", "published": "2016-10-05T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/12/07 21:08:17 $\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_osvdb_id(140046, 140558);\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "type": "nessus", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2017-10-29T13:41:18"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the 'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "edition": 3, "hash": "06a8b3f2f93014e87fc7736e2a2c0d6301a537d156f2fed567163d18d2faabdb", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "426de8a8f9f96f62954c4e885081eafc", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "29ae70fc54d8caf4b95200f276c32c95", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e37a491e8d12389690ddc07508774539", "key": "href"}, {"hash": "0f14653f3a4ec7cfb9db0da62deba05b", "key": "pluginID"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "published"}, {"hash": "1473cc95d97afe32f88497f5af8e9307", "key": "modified"}, {"hash": "d09ee98348b5c8e58a58041612287239", "key": "sourceData"}, {"hash": "cf4c39da96e23a028292cd98fec4fbea", "key": "cvelist"}, {"hash": "4a974f9bac2eb50acad8aa6069f208f8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "id": "ORACLELINUX_ELSA-2016-2006.NASL", "lastseen": "2016-10-19T21:25:56", "modified": "2016-10-19T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "93857", "published": "2016-10-05T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/10/19 14:14:44 $\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_osvdb_id(140046, 140558);\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2016-10-19T21:25:56"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the 'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "edition": 8, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8b08856dab4c7a107caf1de7b918ff8db241d21b92ca8aefc0d4010e74aabf58", "hashmap": [{"hash": "4e9ff411278dd1e0a2396e82da16469b", "key": "modified"}, {"hash": "cd0d1badcd4640189cb6e6c8f485a193", "key": "cpe"}, {"hash": "426de8a8f9f96f62954c4e885081eafc", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b93d518e239a97a2ac778d6515e4e5e4", "key": "sourceData"}, {"hash": "29ae70fc54d8caf4b95200f276c32c95", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e37a491e8d12389690ddc07508774539", "key": "href"}, {"hash": "0f14653f3a4ec7cfb9db0da62deba05b", "key": "pluginID"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "published"}, {"hash": "cf4c39da96e23a028292cd98fec4fbea", "key": "cvelist"}, {"hash": "4a974f9bac2eb50acad8aa6069f208f8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "id": "ORACLELINUX_ELSA-2016-2006.NASL", "lastseen": "2018-09-01T23:56:06", "modified": "2018-07-24T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "93857", "published": "2016-10-05T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "type": "nessus", "viewCount": 2}, "differentElements": ["description"], "edition": 8, "lastseen": "2018-09-01T23:56:06"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the 'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "edition": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "8b08856dab4c7a107caf1de7b918ff8db241d21b92ca8aefc0d4010e74aabf58", "hashmap": [{"hash": "4e9ff411278dd1e0a2396e82da16469b", "key": "modified"}, {"hash": "cd0d1badcd4640189cb6e6c8f485a193", "key": "cpe"}, {"hash": "426de8a8f9f96f62954c4e885081eafc", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "b93d518e239a97a2ac778d6515e4e5e4", "key": "sourceData"}, {"hash": "29ae70fc54d8caf4b95200f276c32c95", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e37a491e8d12389690ddc07508774539", "key": "href"}, {"hash": "0f14653f3a4ec7cfb9db0da62deba05b", "key": "pluginID"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "published"}, {"hash": "cf4c39da96e23a028292cd98fec4fbea", "key": "cvelist"}, {"hash": "4a974f9bac2eb50acad8aa6069f208f8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "id": "ORACLELINUX_ELSA-2016-2006.NASL", "lastseen": "2018-07-30T14:07:57", "modified": "2018-07-24T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.3", "pluginID": "93857", "published": "2016-10-05T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2018-07-30T14:07:57"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the 'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "edition": 1, "hash": "7a931b0ab5381655719a090b3cba3eb16395b5efbb3b45cdd1121772ae163038", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "426de8a8f9f96f62954c4e885081eafc", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "929c13eb584e2dbba4fb9984b838e261", "key": "sourceData"}, {"hash": "29ae70fc54d8caf4b95200f276c32c95", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e37a491e8d12389690ddc07508774539", "key": "href"}, {"hash": "0f14653f3a4ec7cfb9db0da62deba05b", "key": "pluginID"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "modified"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "published"}, {"hash": "cf4c39da96e23a028292cd98fec4fbea", "key": "cvelist"}, {"hash": "4a974f9bac2eb50acad8aa6069f208f8", "key": "references"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "id": "ORACLELINUX_ELSA-2016-2006.NASL", "lastseen": "2016-10-05T21:25:45", "modified": "2016-10-05T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "93857", "published": "2016-10-05T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2016/10/05 13:32:58 $\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-10-05T21:25:45"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2016-5829", "CVE-2016-4470"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the 'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "edition": 4, "enchantments": {}, "hash": "d390685045f0a6c5374c656a4d815bffaa9a9ad16a4b1de78bf674b53893cafb", "hashmap": [{"hash": "426de8a8f9f96f62954c4e885081eafc", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "29ae70fc54d8caf4b95200f276c32c95", "key": "title"}, {"hash": "43679430b653efcf3efbbde101db116e", "key": "modified"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e37a491e8d12389690ddc07508774539", "key": "href"}, {"hash": "0f14653f3a4ec7cfb9db0da62deba05b", "key": "pluginID"}, {"hash": "fe67d7b30483c64e0a4c5ee3a4077c89", "key": "published"}, {"hash": "cad8a734e8eb162b6a06da6071c8c77a", "key": "sourceData"}, {"hash": "cf4c39da96e23a028292cd98fec4fbea", "key": "cvelist"}, {"hash": "4a974f9bac2eb50acad8aa6069f208f8", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=93857", "id": "ORACLELINUX_ELSA-2016-2006.NASL", "lastseen": "2016-12-08T05:37:17", "modified": "2016-12-07T00:00:00", "naslFamily": "Oracle Linux Local Security Checks", "objectVersion": "1.2", "pluginID": "93857", "published": "2016-10-05T00:00:00", "references": ["https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"$Revision: 2.4 $\");\n script_cvs_date(\"$Date: 2016/12/07 21:08:17 $\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_osvdb_id(140046, 140558);\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "title": "Oracle Linux 6 : kernel (ELSA-2016-2006)", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 4, "lastseen": "2016-12-08T05:37:17"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "cd0d1badcd4640189cb6e6c8f485a193"}, {"key": "cvelist", "hash": "cf4c39da96e23a028292cd98fec4fbea"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "b20ac7730361fb24d3dfb2ecc6d41842"}, {"key": "href", "hash": "e37a491e8d12389690ddc07508774539"}, {"key": "modified", "hash": "4e9ff411278dd1e0a2396e82da16469b"}, {"key": "naslFamily", "hash": "e31ed89ab0cbb68ce2c40f17ec1e5483"}, {"key": "pluginID", "hash": "0f14653f3a4ec7cfb9db0da62deba05b"}, {"key": "published", "hash": "fe67d7b30483c64e0a4c5ee3a4077c89"}, {"key": "references", "hash": "4a974f9bac2eb50acad8aa6069f208f8"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "b93d518e239a97a2ac778d6515e4e5e4"}, {"key": "title", "hash": "29ae70fc54d8caf4b95200f276c32c95"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "f64720a925261daae63323001bd520012b1562c45087721837faa2e24b44186e", "viewCount": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-4470", "CVE-2016-5829"]}, {"type": "f5", "idList": ["F5:K28056114", "SOL28056114", "SOL55672042", "F5:K55672042"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2016-2006.NASL", "REDHAT-RHSA-2016-2006.NASL", "SL_20161004_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2016-2018-1.NASL", "OPENSUSE-2016-869.NASL", "FEDORA_2016-73A733F4D9.NASL", "ORACLELINUX_ELSA-2016-3591.NASL", "ORACLELINUX_ELSA-2016-3592.NASL", "F5_BIGIP_SOL28056114.NASL", "SUSE_SU-2016-1999-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882574", "OPENVAS:1361412562310871668", "OPENVAS:1361412562310851367", "OPENVAS:1361412562310808556", "OPENVAS:1361412562310842857", "OPENVAS:1361412562310842855", "OPENVAS:1361412562310842872", "OPENVAS:1361412562310882536", "OPENVAS:1361412562310842873", "OPENVAS:1361412562310871644"]}, {"type": "redhat", "idList": ["RHSA-2016:2006", "RHSA-2016:2076", "RHSA-2016:2074", "RHSA-2016:2128", "RHSA-2016:1532", "RHSA-2016:2133", "RHSA-2016:1541", "RHSA-2016:1657", "RHSA-2016:1539"]}, {"type": "centos", "idList": ["CESA-2016:2006", "CESA-2016:1539"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2006", "ELSA-2016-3592", "ELSA-2016-3591", "ELSA-2016-3624", "ELSA-2016-3593", "ELSA-2016-3623", "ELSA-2016-3625"]}, {"type": "suse", "idList": ["SUSE-SU-2016:2018-1", "OPENSUSE-SU-2016:1798-1", "SUSE-SU-2016:1999-1", "SUSE-SU-2016:1998-1", "SUSE-SU-2016:2175-1", "SUSE-SU-2016:2178-1", "SUSE-SU-2016:2181-1", "SUSE-SU-2016:2174-1", "SUSE-SU-2016:2179-1", "SUSE-SU-2016:2177-1"]}, {"type": "ubuntu", "idList": ["USN-3052-1", "USN-3051-1", "USN-3072-1", "USN-3072-2"]}, {"type": "debian", "idList": ["DEBIAN:DLA-609-1:1025A"]}], "modified": "2019-01-16T20:25:03"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# Oracle Linux Security Advisory ELSA-2016-2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93857);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/07/24 18:56:12\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2016-2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2006 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-October/006394.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "pluginID": "93857", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"]}
{"cve": [{"lastseen": "2018-01-05T11:52:14", "bulletinFamily": "NVD", "description": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", "modified": "2018-01-04T21:30:54", "published": "2016-06-27T06:59:08", "id": "CVE-2016-4470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4470", "type": "cve", "title": "CVE-2016-4470", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-05T11:52:19", "bulletinFamily": "NVD", "description": "Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.", "modified": "2018-01-04T21:31:04", "published": "2016-06-27T06:59:14", "id": "CVE-2016-5829", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5829", "type": "cve", "title": "CVE-2016-5829", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2016-12-03T05:27:36", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nMitigating this vulnerability\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Permit management access to F5 products only over a secure network, and limit shell access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system. \n\u00c2 \n * Lockdown management port access and configure the self IP port lockdown feature to disallow unneeded\u00c2 ports on all all self IP addresses. For more information, refer to SOL13250: Overview of port lockdown behavior (10.x - 11.x) or SOL17333: Overview of port lockdown behavior (12.x).\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2016-10-31T00:00:00", "published": "2016-10-21T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/28/sol28056114.html", "id": "SOL28056114", "type": "f5", "title": "SOL28056114 - Linux kernel vulnerability CVE-2016-5829", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-19T23:05:04", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned IDs 622495 and 622496 (BIG-IP), ID 622257 (BIG-IQ and F5 iWorkflow), ID 622259 (Enterprise Manager), and INSTALLER-2785 (Traffix SDC) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H624273 on the **Diagnostics** > **Identified** > **Medium** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP AAM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP AFM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP Analytics | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP APM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP ASM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP DNS | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Medium | Linux kernel \nBIG-IP Edge Gateway | 11.2.1 \n10.2.1 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP GTM | 11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP Link Controller | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 \n10.2.1 - 10.2.4 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP PEM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP PSM | 11.4.0 - 11.4.1 \n10.2.1 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP WebAccelerator | 11.2.1 \n10.2.1 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP WOM | 11.2.1 \n10.2.1 - 10.2.4 | None | Medium | Linux kernel \nBIG-IP WebSafe | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 | Medium | Linux kernel \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Medium | Linux kernel \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | 5.2.0 - 5.3.0 | Medium | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.0.2 | 2.1.0 - 2.3.0 | Medium | Linux kernel \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | 5.0.0 \n4.0.0 - 4.4.0 | None | Low | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nTo mitigate this vulnerability, you should consider the following recommendations:\n\n * Permit management access to F5 products only over a secure network, and limit shell access to only trusted users. For more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x - 13.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n * Lock down management port access and configure the self IP port lockdown feature to disallow unneeded ports on all self IP addresses. For more information, refer to [K13250: Overview of port lockdown behavior (10.x - 11.x)](<https://support.f5.com/csp/article/K13250>) or [K17333: Overview of port lockdown behavior (12.x - 13.x)](<https://support.f5.com/csp/article/K17333>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "modified": "2017-10-31T22:48:00", "published": "2016-10-22T03:11:00", "id": "F5:K28056114", "href": "https://support.f5.com/csp/article/K28056114", "title": "Linux kernel vulnerability CVE-2016-5829", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-10-23T05:25:14", "bulletinFamily": "software", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.\n\nMitigation\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n * SOL9502: BIG-IP hotfix matrix\n * SOL15106: Managing BIG-IQ product hotfixes\n * SOL15113: BIG-IQ hotfix matrix\n * SOL6664: Obtaining and installing OPSWAT hotfixes\n * SOL10942: Installing OPSWAT hotfixes on BIG-IP APM systems\n", "modified": "2016-10-22T00:00:00", "published": "2016-10-22T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/k/55/sol55672042.html", "id": "SOL55672042", "type": "f5", "title": "SOL55672042 - Linux kernel vulnerability CVE-2016-4470", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-19T23:04:59", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 623119 (BIG-IP), ID 623155 (BIG-IQ), and ID 623156 (Enterprise Manager) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H624225 on the **Diagnostics** > **Identified** > **Medium** screen. \n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP AAM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP AFM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP Analytics | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP APM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP ASM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP DNS | 12.0.0 - 12.1.2 | 13.0.0 \n12.1.2 HF1 | Medium | Linux kernel \nBIG-IP Edge Gateway | 11.2.1 | 10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP GTM | 11.4.0 - 11.6.1 \n11.2.1 | 11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP Link Controller | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 \n10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP PEM | 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 \n11.5.4 HF3 | Medium | Linux kernel \nBIG-IP PSM | 11.4.0 - 11.4.1 | 10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP WebAccelerator | 11.2.1 | 10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP WOM | 11.2.1 | 10.2.1 - 10.2.4 | Medium | Linux kernel \nBIG-IP WebSafe | 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | 13.0.0 \n12.1.2 HF1 \n11.6.2 | Not vulnerable \n\n \n\n| None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | 3.1.1 | None | Medium | Linux kernel \nBIG-IQ Cloud | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Device | 4.2.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Security | 4.0.0 - 4.5.0 | None | Medium | Linux kernel \nBIG-IQ ADC | 4.5.0 | None | Medium | Linux kernel \nBIG-IQ Centralized Management | 5.0.0 - 5.1.0 \n4.6.0 | 5.2.0 - 5.3.0 | Medium | Linux kernel \nBIG-IQ Cloud and Orchestration | 1.0.0 | None | Medium | Linux kernel \nF5 iWorkflow | 2.0.0 - 2.0.2 | 2.1.0 - 2.3.0 | Medium | Linux kernel \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nTraffix SDC | 5.0.0 \n4.0.0 - 4.4.0 | None | Low | Linux kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K10942: Installing OPSWAT hotfixes on BIG-IP APM systems](<https://support.f5.com/csp/article/K10942>)\n", "modified": "2017-10-31T21:08:00", "published": "2016-10-23T07:33:00", "id": "F5:K55672042", "href": "https://support.f5.com/csp/article/K55672042", "title": "Linux kernel vulnerability CVE-2016-4470", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2018-11-23T15:10:14", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-10-05T00:00:00", "id": "OPENVAS:1361412562310871668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871668", "title": "RedHat Update for kernel RHSA-2016:2006-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2016:2006-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871668\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-05 05:42:58 +0200 (Wed, 05 Oct 2016)\");\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2016:2006-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nSecurity Fix(es):\n\n * A flaw was found in the Linux kernel's keyring handling code, where in\nkey_reject_and_link() an uninitialized variable would eventually lead to\narbitrary free address which could allow attacker to use a use-after-free\nstyle attack. (CVE-2016-4470, Important)\n\n * A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to corrupt\nkernel memory, possible privilege escalation or crashing the system.\n(CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n * Previously, when two NFS shares with different security settings were\nmounted, the I/O operations to the kerberos-authenticated mount caused the\nRPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not\nunset when performing the I/O operations on the sec=sys mount.\nConsequently, writes to both NFS shares had the same parameters, regardless\nof their security settings. This update fixes this problem by moving the\nNO_CRKEY_TIMEOUT parameter to the auth- au_flags field. As a result, NFS\nshares with different security settings are now handled as expected.\n(BZ#1366962)\n\n * In some circumstances, resetting a Fibre Channel over Ethernet (FCoE)\ninterface could lead to a kernel panic, due to invalid information\nextracted from the FCoE header. This update adds santiy checking to the cpu\nnumber extracted from the FCoE header. This ensures that subsequent\noperations address a valid cpu, and eliminates the kernel panic.\n(BZ#1359036)\n\n * Prior to this update, the following problems occurred with the way GSF2\ntransitioned files and directories from the 'unlinked' state to the 'free'\nstate:\n\nThe numbers reported for the df and the du commands in some cases got out\nof sync, which caused blocks in the file system to appear missing. The\nblocks were not actually missing, but they were left in the 'unlinked'\nstate.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2\nsometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been\nfixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n * Previously, the GFS2 file system in some cases became unresponsive due to\nlock dependency ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2006-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-October/msg00007.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-i686\", rpm:\"kernel-debuginfo-common-i686~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~2.6.32~642.6.1.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:24", "bulletinFamily": "scanner", "description": "Check the version of kernel", "modified": "2017-07-10T00:00:00", "published": "2016-10-06T00:00:00", "id": "OPENVAS:1361412562310882574", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882574", "title": "CentOS Update for kernel CESA-2016:2006 centos6 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2016:2006 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882574\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-10-06 06:55:55 +0200 (Thu, 06 Oct 2016)\");\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2016:2006 centos6 \");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel packages contain the Linux \nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in\nkey_reject_and_link() an uninitialized variable would eventually lead to\narbitrary free address which could allow attacker to use a use-after-free\nstyle attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to corrupt\nkernel memory, possible privilege escalation or crashing the system.\n(CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n* Previously, when two NFS shares with different security settings were\nmounted, the I/O operations to the kerberos-authenticated mount caused the\nRPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not\nunset when performing the I/O operations on the sec=sys mount.\nConsequently, writes to both NFS shares had the same parameters, regardless\nof their security settings. This update fixes this problem by moving the\nNO_CRKEY_TIMEOUT parameter to the auth- au_flags field. As a result, NFS\nshares with different security settings are now handled as expected.\n(BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE)\ninterface could lead to a kernel panic, due to invalid information\nextracted from the FCoE header. This update adds santiy checking to the cpu\nnumber extracted from the FCoE header. This ensures that subsequent\noperations address a valid cpu, and eliminates the kernel panic.\n(BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2\ntransitioned files and directories from the 'unlinked' state to the 'free'\nstate:\n\nThe numbers reported for the df and the du commands in some cases got out\nof sync, which caused blocks in the file system to appear missing. The\nblocks were not actually missing, but they were left in the 'unlinked'\nstate.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2\nsometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has been\nfixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to\nlock dependency problems between inodes and the cluster lock. This occurred\nmost frequently on nearly full file systems where files and ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"kernel on CentOS 6\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:2006\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-October/022117.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~642.6.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:59:27", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-07-15T00:00:00", "id": "OPENVAS:1361412562310851367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851367", "title": "SuSE Update for kernel openSUSE-SU-2016:1798-1 (kernel)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1798_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for kernel openSUSE-SU-2016:1798-1 (kernel)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851367\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-15 05:27:52 +0200 (Fri, 15 Jul 2016)\");\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-4794\", \"CVE-2016-4997\", \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for kernel openSUSE-SU-2016:1798-1 (kernel)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'the kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.1 was updated to 4.1.27 to receive various security\n and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables\n handling could lead to a local privilege escalation. (bsc#986362)\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allow local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n\n - CVE-2016-4794: Use-after-free vulnerability in mm/percpu.c in the Linux\n kernel allowed local users to cause a denial of service (BUG)\n or possibly have unspecified other impact via crafted use of the mmap\n and bpf system calls (bnc#980265).\n\n The following non-security bugs were fixed:\n\n - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with\n head exceeding page size (bsc#978469).\n\n - Refresh patches.xen/xen3-patch-2.6.26 (fix PAT initialization).\n\n - Refresh patches.xen/xen3-patch-2.6.39 (fix ia32_compat inheritance).\n\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position\n updates for /proc/xen/xenbus (bsc#970275).\n\n - Refresh patches.xen/xen3-patch-3.16 (drop redundant addition of a\n comment).\n\n - Refresh patches.xen/xen3-patch-4.1.7-8.\n\n - base: make module_create_drivers_dir race-free (bnc#983977).\n\n - ipvs: count pre-established TCP states as active (bsc#970114).\n\n - net: thunderx: Fix TL4 configuration for secondary Qsets (bsc#986530).\n\n - net: thunderx: Fix link status reporting (bsc#986530).\");\n script_tag(name:\"affected\", value:\"kernel on openSUSE Leap 42.1\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:1798_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.27~24.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.27~24.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-obs-qa-xen\", rpm:\"kernel-obs-qa-xen~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.27~24.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.27~24.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.27~24.2\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.27~24.1\", rls:\"openSUSELeap42.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:46:40", "bulletinFamily": "scanner", "description": "Check the version of kernel", "modified": "2017-07-10T00:00:00", "published": "2016-07-10T00:00:00", "id": "OPENVAS:1361412562310808556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808556", "title": "Fedora Update for kernel FEDORA-2016-73a733f4d9", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-73a733f4d9\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808556\");\n script_version(\"$Revision: 6631 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:36:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-07-10 07:19:32 +0200 (Sun, 10 Jul 2016)\");\n script_cve_id(\"CVE-2016-1583\", \"CVE-2016-4470\", \"CVE-2016-4998\", \"CVE-2016-5829\", \"CVE-2016-5728\", \"CVE-2016-1237\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-73a733f4d9\");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n\n script_tag(name: \"insight\", value: \"The kernel meta package\");\n\n script_tag(name: \"affected\", value: \"kernel on Fedora 23\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"FEDORA\", value: \"2016-73a733f4d9\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVENSYS4VXRLKHNVGHP4I4USAPYJ2RFT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.5.7~202.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:59:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-08-11T00:00:00", "id": "OPENVAS:1361412562310842857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842857", "title": "Ubuntu Update for linux USN-3052-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3052-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842857\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-11 05:37:50 +0200 (Thu, 11 Aug 2016)\");\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5243\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3052-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the keyring\n implementation in the Linux kernel did not ensure a data structure was\n initialized before referencing it after an error condition occurred. A local\n attacker could use this to cause a denial of service (system crash).\n (CVE-2016-4470)\n\nKangjie Lu discovered an information leak in the netlink implementation of\nthe Linux kernel. A local attacker could use this to obtain sensitive\ninformation from kernel memory. (CVE-2016-5243)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3052-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3052-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-generic\", ver:\"3.13.0-93.140\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-generic-lpae\", ver:\"3.13.0-93.140\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-lowlatency\", ver:\"3.13.0-93.140\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-powerpc-e500\", ver:\"3.13.0-93.140\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-powerpc-e500mc\", ver:\"3.13.0-93.140\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-powerpc-smp\", ver:\"3.13.0-93.140\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-powerpc64-emb\", ver:\"3.13.0-93.140\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-powerpc64-smp\", ver:\"3.13.0-93.140\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:00:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-08-11T00:00:00", "id": "OPENVAS:1361412562310842855", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842855", "title": "Ubuntu Update for linux-lts-trusty USN-3051-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-3051-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842855\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-11 05:37:43 +0200 (Thu, 11 Aug 2016)\");\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5243\");\n script_tag(name:\"cvss_base\", value:\"4.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-3051-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the keyring\n implementation in the Linux kernel did not ensure a data structure was initialized\n before referencing it after an error condition occurred. A local attacker could use\n this to cause a denial of service (system crash). (CVE-2016-4470)\n\nKangjie Lu discovered an information leak in the netlink implementation of\nthe Linux kernel. A local attacker could use this to obtain sensitive\ninformation from kernel memory. (CVE-2016-5243)\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3051-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3051-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-generic\", ver:\"3.13.0-93.140~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-93-generic-lpae\", ver:\"3.13.0-93.140~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T13:00:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-08-30T00:00:00", "id": "OPENVAS:1361412562310842872", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842872", "title": "Ubuntu Update for linux USN-3072-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3072-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842872\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:43:33 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-5244\", \"CVE-2016-5696\", \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3072-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kangjie Lu discovered an information leak\n in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A\n local attacker could use this to obtain potentially sensitive information from\n kernel memory. (CVE-2016-5244)\n\nYue Cao et al discovered a flaw in the TCP implementation's handling of\nchallenge acks in the Linux kernel. A remote attacker could use this to\ncause a denial of service (reset connection) or inject content into an TCP\nstream. (CVE-2016-5696)\n\nIt was discovered that a heap based buffer overflow existed in the USB HID\ndriver in the Linux kernel. A local attacker could use this cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2016-5829)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3072-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3072-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-109-generic\", ver:\"3.2.0-109.150\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-109-generic-pae\", ver:\"3.2.0-109.150\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-109-highbank\", ver:\"3.2.0-109.150\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-109-omap\", ver:\"3.2.0-109.150\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-109-powerpc-smp\", ver:\"3.2.0-109.150\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-109-powerpc64-smp\", ver:\"3.2.0-109.150\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-109-virtual\", ver:\"3.2.0-109.150\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:47:20", "bulletinFamily": "scanner", "description": "Check the version of kernel", "modified": "2017-07-10T00:00:00", "published": "2016-08-08T00:00:00", "id": "OPENVAS:1361412562310882536", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882536", "title": "CentOS Update for kernel CESA-2016:1539 centos7 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kernel CESA-2016:1539 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882536\");\n script_version(\"$Revision: 6658 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:51:48 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-08 15:11:55 +0530 (Mon, 08 Aug 2016)\");\n script_cve_id(\"CVE-2015-8660\", \"CVE-2016-2143\", \"CVE-2016-4470\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2016:1539 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of kernel\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help \nof detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kernel packages contain the Linux kernel, \nthe core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting\nall of these bug fixes in this advisory. To see the complete list of bug\nfixes, users are directed to the related Knowledge Article:\n'https://access.redhat.com/articles/2460971'.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in\nkey_reject_and_link() an uninitialised variable would eventually lead to\narbitrary free address which could allow attacker to use a use-after-free\nstyle attack. (CVE-2016-4470, Important)\n\n* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel\nthrough 4.3.3 attempts to merge distinct setattr operations, which allows\nlocal users to bypass intended access restrictions and modify the\nattributes of arbitrary overlay files via a crafted application.\n(CVE-2015-8660, Moderate)\n\n* It was reported that on s390x, the fork of a process with four page table\nlevels will cause memory corruption with a variety of symptoms. All\nprocesses are created with three level page table and a limit of 4TB for\nthe address space. If the parent process has four page table levels with a\nlimit of 8PB, the function that duplicates the address space will try to\ncopy memory areas outside of the address space limit for the child process.\n(CVE-2016-2143, Moderate)\n\nRed Hat would like to thank Nathan Williams for reporting CVE-2015-8660.\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n* The glibc headers and the Linux headers share certain definitions of\nkey structures that are required to be defined in kernel and in userspace.\nIn some instances both userspace and sanitized kernel headers have to be\nincluded in order to get the structure definitions required by the user\nprogram. Unfortunately because the glibc and Linux headers don't\ncoordinate this can result in compilation errors. The glibc headers have\ntherefore been fixed to coordinate with Linux UAPI-based headers. With\nthe header coordination compilation errors no longer occur. (BZ#1331285)\n\n* When running the TCP/IPv6 traffic over the mlx4_en networking interface\non the big endian architectures, call traces reporting about a 'hw csum\nfailure' could occur. With this update, the mlx4_en driver has been fixed\nby correction of the checksum calculation for the big endian\narchitectures. As a result, the call trace error no longer appears\nin the log messages. (BZ# ... \n\n Description truncated, for more information please check the Reference URL\");\n script_tag(name: \"affected\", value: \"kernel on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n\n script_xref(name: \"CESA\", value: \"2016:1539\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2016-August/022025.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.28.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:59:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-08-30T00:00:00", "id": "OPENVAS:1361412562310842873", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842873", "title": "Ubuntu Update for linux-ti-omap4 USN-3072-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-3072-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842873\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:43:37 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2016-5244\", \"CVE-2016-5696\", \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-3072-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Kangjie Lu discovered an information leak\n in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A\n local attacker could use this to obtain potentially sensitive information from\n kernel memory. (CVE-2016-5244)\n\nYue Cao et al discovered a flaw in the TCP implementation's handling of\nchallenge acks in the Linux kernel. A remote attacker could use this to\ncause a denial of service (reset connection) or inject content into an TCP\nstream. (CVE-2016-5696)\n\nIt was discovered that a heap based buffer overflow existed in the USB HID\ndriver in the Linux kernel. A local attacker could use this cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2016-5829)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3072-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3072-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1487-omap4\", ver:\"3.2.0-1487.114\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-19T12:59:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-08-04T00:00:00", "id": "OPENVAS:1361412562310871644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871644", "title": "RedHat Update for kernel RHSA-2016:1539-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2016:1539-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871644\");\n script_version(\"$Revision: 12380 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:03:48 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-08-04 16:27:46 +0530 (Thu, 04 Aug 2016)\");\n script_cve_id(\"CVE-2015-8660\", \"CVE-2016-2143\", \"CVE-2016-4470\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2016:1539-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting\nall of these bug fixes in this advisory. To see the complete list of bug\nfixes, users are directed to the related Knowledge Article.\n\nSecurity Fix(es):\n\n * A flaw was found in the Linux kernel's keyring handling code, where in\nkey_reject_and_link() an uninitialised variable would eventually lead to\narbitrary free address which could allow attacker to use a use-after-free\nstyle attack. (CVE-2016-4470, Important)\n\n * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel\nthrough 4.3.3 attempts to merge distinct setattr operations, which allows\nlocal users to bypass intended access restrictions and modify the\nattributes of arbitrary overlay files via a crafted application.\n(CVE-2015-8660, Moderate)\n\n * It was reported that on s390x, the fork of a process with four page table\nlevels will cause memory corruption with a variety of symptoms. All\nprocesses are created with three level page table and a limit of 4TB for\nthe address space. If the parent process has four page table levels with a\nlimit of 8PB, the function that duplicates the address space will try to\ncopy memory areas outside of the address space limit for the child process.\n(CVE-2016-2143, Moderate)\n\nRed Hat would like to thank Nathan Williams for reporting CVE-2015-8660.\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n * The glibc headers and the Linux headers share certain definitions of\nkey structures that are required to be defined in kernel and in userspace.\nIn some instances both userspace and sanitized kernel headers have to be\nincluded in order to get the structure definitions required by the user\nprogram. Unfortunately because the glibc and Linux headers don't\ncoordinate this can result in compilation errors. The glibc headers have\ntherefore been fixed to coordinate with Linux UAPI-based headers. With\nthe header coordination compilation errors no longer occur. (BZ#1331285)\n\n * When running the TCP/IPv6 traffic over the mlx4_en networking interface\non the big endian architectures, call traces reporting about a 'hw csum\nfailure' could occur. With this update, the mlx4_en driver has been fixed\nby correction of the checksum calculation for the big endian\narchitectures. As a result, the call trace error no longer app ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux\n Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:1539-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-August/msg00004.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/2460971\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~327.28.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:25:03", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ# 1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ# 1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)", "modified": "2018-11-10T00:00:00", "published": "2016-10-05T00:00:00", "id": "REDHAT-RHSA-2016-2006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93858", "title": "RHEL 6 : kernel (RHSA-2016:2006)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2006. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93858);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/10 11:49:55\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2016:2006)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ# 1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ# 1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5829\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2006\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:25:04", "bulletinFamily": "scanner", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ# 1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ# 1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)", "modified": "2018-11-10T00:00:00", "published": "2016-10-06T00:00:00", "id": "CENTOS_RHSA-2016-2006.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93867", "title": "CentOS 6 : kernel (CESA-2016:2006)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2006 and \n# CentOS Errata and Security Advisory 2016:2006 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93867);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:32\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n script_xref(name:\"RHSA\", value:\"2016:2006\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2016:2006)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the Linux kernel's keyring handling code, where\nin key_reject_and_link() an uninitialized variable would eventually\nlead to arbitrary free address which could allow attacker to use a\nuse-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux\nkernel's hiddev driver. This flaw could allow a local attacker to\ncorrupt kernel memory, possible privilege escalation or crashing the\nsystem. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n* Previously, when two NFS shares with different security settings\nwere mounted, the I/O operations to the kerberos-authenticated mount\ncaused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\nparameter was not unset when performing the I/O operations on the\nsec=sys mount. Consequently, writes to both NFS shares had the same\nparameters, regardless of their security settings. This update fixes\nthis problem by moving the NO_CRKEY_TIMEOUT parameter to the\nauth->au_flags field. As a result, NFS shares with different security\nsettings are now handled as expected. (BZ# 1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet\n(FCoE) interface could lead to a kernel panic, due to invalid\ninformation extracted from the FCoE header. This update adds santiy\nchecking to the cpu number extracted from the FCoE header. This\nensures that subsequent operations address a valid cpu, and eliminates\nthe kernel panic. (BZ# 1359036)\n\n* Prior to this update, the following problems occurred with the way\nGSF2 transitioned files and directories from the 'unlinked' state to\nthe 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n(BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive\ndue to lock dependency problems between inodes and the cluster lock.\nThis occurred most frequently on nearly full file systems where files\nand directories were being deleted and recreated at the same block\nlocation at the same time. With this update, a set of patches has been\napplied to fix these lock dependencies. As a result, GFS2 no longer\nhangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD-\nMR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite\nerror reporting loop of error reporting messages. This could cause\ndifficulties with finding other important log messages, or even it\ncould cause the disk to overflow. This bug has been fixed by ignoring\nthe DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not\nsupport it and sending the DCMD SUCCESS status to the AEN functions.\nAs a result, the error messages no longer appear when there is a\nchange in the status of one of the arrays. (BZ#1359039)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-October/022117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?999a2721\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:25:04", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - A flaw was found in the Linux kernel's keyring handling\n code, where in key_reject_and_link() an uninitialized\n variable would eventually lead to arbitrary free address\n which could allow attacker to use a use-after-free style\n attack. (CVE-2016-4470, Important)\n\n - A heap-based buffer overflow vulnerability was found in\n the Linux kernel's hiddev driver. This flaw could allow\n a local attacker to corrupt kernel memory, possible\n privilege escalation or crashing the system.\n (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n - Previously, when two NFS shares with different security\n settings were mounted, the I/O operations to the\n kerberos-authenticated mount caused the\n RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\n parameter was not unset when performing the I/O\n operations on the sec=sys mount. Consequently, writes to\n both NFS shares had the same parameters, regardless of\n their security settings. This update fixes this problem\n by moving the NO_CRKEY_TIMEOUT parameter to the\n auth->au_flags field. As a result, NFS shares with\n different security settings are now handled as expected.\n\n - In some circumstances, resetting a Fibre Channel over\n Ethernet (FCoE) interface could lead to a kernel panic,\n due to invalid information extracted from the FCoE\n header. This update adds santiy checking to the cpu\n number extracted from the FCoE header. This ensures that\n subsequent operations address a valid cpu, and\n eliminates the kernel panic.\n\n - Prior to this update, the following problems occurred\n with the way GSF2 transitioned files and directories\n from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n\n - Previously, the GFS2 file system in some cases became\n unresponsive due to lock dependency problems between\n inodes and the cluster lock. This occurred most\n frequently on nearly full file systems where files and\n directories were being deleted and recreated at the same\n block location at the same time. With this update, a set\n of patches has been applied to fix these lock\n dependencies. As a result, GFS2 no longer hangs in the\n described circumstances.\n\n - When used with controllers that do not support DCMD-\n MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go\n into infinite error reporting loop of error reporting\n messages. This could cause difficulties with finding\n other important log messages, or even it could cause the\n disk to overflow. This bug has been fixed by ignoring\n the DCMD MR_DCMD_PD_LIST_QUERY query for controllers\n which do not support it and sending the DCMD SUCCESS\n status to the AEN functions. As a result, the error\n messages no longer appear when there is a change in the\n status of one of the arrays.", "modified": "2018-12-28T00:00:00", "published": "2016-10-06T00:00:00", "id": "SL_20161004_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93892", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93892);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-5829\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the Linux kernel's keyring handling\n code, where in key_reject_and_link() an uninitialized\n variable would eventually lead to arbitrary free address\n which could allow attacker to use a use-after-free style\n attack. (CVE-2016-4470, Important)\n\n - A heap-based buffer overflow vulnerability was found in\n the Linux kernel's hiddev driver. This flaw could allow\n a local attacker to corrupt kernel memory, possible\n privilege escalation or crashing the system.\n (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat\nInc.).\n\nBug Fix(es) :\n\n - Previously, when two NFS shares with different security\n settings were mounted, the I/O operations to the\n kerberos-authenticated mount caused the\n RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the\n parameter was not unset when performing the I/O\n operations on the sec=sys mount. Consequently, writes to\n both NFS shares had the same parameters, regardless of\n their security settings. This update fixes this problem\n by moving the NO_CRKEY_TIMEOUT parameter to the\n auth->au_flags field. As a result, NFS shares with\n different security settings are now handled as expected.\n\n - In some circumstances, resetting a Fibre Channel over\n Ethernet (FCoE) interface could lead to a kernel panic,\n due to invalid information extracted from the FCoE\n header. This update adds santiy checking to the cpu\n number extracted from the FCoE header. This ensures that\n subsequent operations address a valid cpu, and\n eliminates the kernel panic.\n\n - Prior to this update, the following problems occurred\n with the way GSF2 transitioned files and directories\n from the 'unlinked' state to the 'free' state :\n\nThe numbers reported for the df and the du commands in some cases got\nout of sync, which caused blocks in the file system to appear missing.\nThe blocks were not actually missing, but they were left in the\n'unlinked' state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already\ndeleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object,\nGFS2 sometimes deleted the existing one, which caused file system\ncorruption.\n\nWith this update, the transition from 'unlinked' to 'free' state has\nbeen fixed. As a result, none of these three problems occur anymore.\n\n - Previously, the GFS2 file system in some cases became\n unresponsive due to lock dependency problems between\n inodes and the cluster lock. This occurred most\n frequently on nearly full file systems where files and\n directories were being deleted and recreated at the same\n block location at the same time. With this update, a set\n of patches has been applied to fix these lock\n dependencies. As a result, GFS2 no longer hangs in the\n described circumstances.\n\n - When used with controllers that do not support DCMD-\n MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go\n into infinite error reporting loop of error reporting\n messages. This could cause difficulties with finding\n other important log messages, or even it could cause the\n disk to overflow. This bug has been fixed by ignoring\n the DCMD MR_DCMD_PD_LIST_QUERY query for controllers\n which do not support it and sending the DCMD SUCCESS\n status to the AEN functions. As a result, the error\n messages no longer appear when there is a change in the\n status of one of the arrays.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1610&L=scientific-linux-errata&F=&S=&P=959\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22b94682\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-642.6.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-642.6.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:24:48", "bulletinFamily": "scanner", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. The following security bugs were fixed :\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allowed\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (memory corruption) by leveraging\n in-container root access to provide a crafted offset\n value that triggers an unintended decrement\n (bnc#986362).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-29T00:00:00", "published": "2016-09-02T00:00:00", "id": "SUSE_SU-2016-2018-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=93284", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2018-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2018-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93284);\n script_version(\"2.9\");\n script_cvs_date(\"Date: 2018/11/29 12:03:39\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-4997\", \"CVE-2016-5829\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2018-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. The following security bugs were fixed :\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allowed\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (memory corruption) by leveraging\n in-container root access to provide a crafted offset\n value that triggers an unintended decrement\n (bnc#986362).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4997/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5829/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162018-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86792a21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-12685=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-12685=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-12685=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-12685=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-80.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-80.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:24:29", "bulletinFamily": "scanner", "description": "The openSUSE Leap 42.1 was updated to 4.1.27 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-4997: A buffer overflow in 32bit\n compat_setsockopt iptables handling could lead to a\n local privilege escalation. (bsc#986362)\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allow\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755).\n\n - CVE-2016-4794: Use-after-free vulnerability in\n mm/percpu.c in the Linux kernel allowed local users to\n cause a denial of service (BUG) or possibly have\n unspecified other impact via crafted use of the mmap and\n bpf system calls (bnc#980265).\n\nThe following non-security bugs were fixed :\n\n - Refresh patches.xen/xen-netback-coalesce: Restore\n copying of SKBs with head exceeding page size\n (bsc#978469).\n\n - Refresh patches.xen/xen3-patch-2.6.26 (fix PAT\n initialization).\n\n - Refresh patches.xen/xen3-patch-2.6.39 (fix ia32_compat\n inheritance).\n\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic\n file position updates for /proc/xen/xenbus (bsc#970275).\n\n - Refresh patches.xen/xen3-patch-3.16 (drop redundant\n addition of a comment).\n\n - Refresh patches.xen/xen3-patch-4.1.7-8.\n\n - base: make module_create_drivers_dir race-free\n (bnc#983977).\n\n - ipvs: count pre-established TCP states as active\n (bsc#970114).\n\n - net: thunderx: Fix TL4 configuration for secondary Qsets\n (bsc#986530).\n\n - net: thunderx: Fix link status reporting (bsc#986530).", "modified": "2018-04-30T00:00:00", "published": "2016-07-15T00:00:00", "id": "OPENSUSE-2016-869.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92308", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-869)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-869.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92308);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/04/30 12:52:27\");\n\n script_cve_id(\"CVE-2016-4470\", \"CVE-2016-4794\", \"CVE-2016-4997\", \"CVE-2016-5829\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-869)\");\n script_summary(english:\"Check for the openSUSE-2016-869 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 was updated to 4.1.27 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-4997: A buffer overflow in 32bit\n compat_setsockopt iptables handling could lead to a\n local privilege escalation. (bsc#986362)\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allow\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755).\n\n - CVE-2016-4794: Use-after-free vulnerability in\n mm/percpu.c in the Linux kernel allowed local users to\n cause a denial of service (BUG) or possibly have\n unspecified other impact via crafted use of the mmap and\n bpf system calls (bnc#980265).\n\nThe following non-security bugs were fixed :\n\n - Refresh patches.xen/xen-netback-coalesce: Restore\n copying of SKBs with head exceeding page size\n (bsc#978469).\n\n - Refresh patches.xen/xen3-patch-2.6.26 (fix PAT\n initialization).\n\n - Refresh patches.xen/xen3-patch-2.6.39 (fix ia32_compat\n inheritance).\n\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic\n file position updates for /proc/xen/xenbus (bsc#970275).\n\n - Refresh patches.xen/xen3-patch-3.16 (drop redundant\n addition of a comment).\n\n - Refresh patches.xen/xen3-patch-4.1.7-8.\n\n - base: make module_create_drivers_dir race-free\n (bnc#983977).\n\n - ipvs: count pre-established TCP states as active\n (bsc#970114).\n\n - net: thunderx: Fix TL4 configuration for secondary Qsets\n (bsc#986530).\n\n - net: thunderx: Fix link status reporting (bsc#986530).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986572\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.27-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.27-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.27-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.27-24.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-xen-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.27-24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.27-24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:24:29", "bulletinFamily": "scanner", "description": "The 4.5.7-202 kernel update contains a number of important security\nfixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2016-10-18T00:00:00", "published": "2016-07-15T00:00:00", "id": "FEDORA_2016-73A733F4D9.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92256", "title": "Fedora 23 : kernel (2016-73a733f4d9)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-73a733f4d9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92256);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/18 16:52:29 $\");\n\n script_cve_id(\"CVE-2016-1237\", \"CVE-2016-1583\", \"CVE-2016-4470\", \"CVE-2016-4998\", \"CVE-2016-5728\", \"CVE-2016-5829\");\n script_xref(name:\"FEDORA\", value:\"2016-73a733f4d9\");\n\n script_name(english:\"Fedora 23 : kernel (2016-73a733f4d9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.5.7-202 kernel update contains a number of important security\nfixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.5.7-202.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:24:39", "bulletinFamily": "scanner", "description": "Description of changes:\n\n[2.6.39-400.283.2.el6uek]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: \n24393863] {CVE-2016-4470}", "modified": "2016-10-19T00:00:00", "published": "2016-08-08T00:00:00", "id": "ORACLELINUX_ELSA-2016-3592.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92780", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3592)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3592.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92780);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/19 14:25:11 $\");\n\n script_cve_id(\"CVE-2016-4470\");\n\n script_name(english:\"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3592)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.283.2.el6uek]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: \n24393863] {CVE-2016-4470}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-August/006258.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-August/006259.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-2.6.39-400.283.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-2.6.39-400.283.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-debug-devel-2.6.39-400.283.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-devel-2.6.39-400.283.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-doc-2.6.39-400.283.2.el5uek\")) flag++;\nif (rpm_exists(release:\"EL5\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL5\", reference:\"kernel-uek-firmware-2.6.39-400.283.2.el5uek\")) flag++;\n\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.283.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.283.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.283.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.283.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.283.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.283.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:24:39", "bulletinFamily": "scanner", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-118.9.2.el7uek]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: \n24393864] {CVE-2016-4470}", "modified": "2016-10-19T00:00:00", "published": "2016-08-08T00:00:00", "id": "ORACLELINUX_ELSA-2016-3591.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92779", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3591)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3591.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92779);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/19 14:25:11 $\");\n\n script_cve_id(\"CVE-2016-4470\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3591)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-118.9.2.el7uek]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: \n24393864] {CVE-2016-4470}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-August/006256.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-August/006257.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.9.2.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.9.2.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.9.2.el6uek-0.4.5-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.9.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.9.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.9.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.9.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.9.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.9.2.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.9.2.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.9.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.9.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.9.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.9.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.9.2.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.9.2.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:24:39", "bulletinFamily": "scanner", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - KEYS: potential uninitialized variable (Dan Carpenter)\n [Orabug: 24393864] (CVE-2016-4470)", "modified": "2018-07-25T00:00:00", "published": "2016-08-08T00:00:00", "id": "ORACLEVM_OVMSA-2016-0095.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92783", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0095)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0095.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92783);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/07/25 14:27:29\");\n\n script_cve_id(\"CVE-2016-4470\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0095)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - KEYS: potential uninitialized variable (Dan Carpenter)\n [Orabug: 24393864] (CVE-2016-4470)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-August/000511.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b98fa998\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! ereg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.9.2.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.9.2.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:25:12", "bulletinFamily": "scanner", "description": "The key_reject_and_link function in security/keys/key.c in the Linux\nkernel through 4.6.3 does not ensure that a certain data structure is\ninitialized, which allows local users to cause a denial of service\n(system crash) via vectors involving a crafted keyctl request2\ncommand. (CVE-2016-4470)", "modified": "2019-01-04T00:00:00", "published": "2016-10-24T00:00:00", "id": "F5_BIGIP_SOL55672042.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=94206", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K55672042)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K55672042.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94206);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2016-4470\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K55672042)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The key_reject_and_link function in security/keys/key.c in the Linux\nkernel through 4.6.3 does not ensure that a certain data structure is\ninitialized, which allows local users to cause a denial of service\n(system crash) via vectors involving a crafted keyctl request2\ncommand. (CVE-2016-4470)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=(CVE-2016-4470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K55672042\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K55672042.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K55672042\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.4HF3\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.4HF3\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.4HF3\",\"10.2.1-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.4HF3\",\"10.2.1-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.4HF3\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.2\",\"11.5.4HF3\",\"10.2.1-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.4HF3\",\"10.2.1-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\",\"11.2.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.4HF3\",\"10.2.1-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"12.0.0-12.1.2\",\"11.4.0-11.6.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"13.0.0\",\"12.1.2HF1\",\"11.6.2\",\"11.5.4HF3\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.4.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.2.1\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.2.1\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.1-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T19:42:48", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the \"unlinked\" state to the \"free\" state:\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing. The blocks were not actually missing, but they were left in the \"unlinked\" state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from \"unlinked\" to \"free\" state has been fixed. As a result, none of these three problems occur anymore. (BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock. This occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions. As a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)", "modified": "2018-06-06T20:24:18", "published": "2016-10-04T23:56:02", "id": "RHSA-2016:2006", "href": "https://access.redhat.com/errata/RHSA-2016:2006", "type": "redhat", "title": "(RHSA-2016:2006) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:55", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\nThis issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n* Previously, the BUG_ON() signal appeared in the fs_clear_inode() function where the nfs_have_writebacks() function reported a positive value for nfs_inode->npages. As a consequence, a kernel panic occurred. This update performs a serialization by holding the inode i_lock over the check of PagePrivate and locking the request, which fixes this bug. (BZ#1365161)", "modified": "2016-10-18T14:40:04", "published": "2016-10-18T14:37:45", "id": "RHSA-2016:2074", "href": "https://access.redhat.com/errata/RHSA-2016:2074", "type": "redhat", "title": "(RHSA-2016:2074) Important: kernel security and bug fix update", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:22", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\nThis issue was discovered by David Howells (Red Hat Inc.).", "modified": "2016-10-18T17:58:58", "published": "2016-10-18T17:53:29", "id": "RHSA-2016:2076", "href": "https://access.redhat.com/errata/RHSA-2016:2076", "type": "redhat", "title": "(RHSA-2016:2076) Important: kernel security update", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:46:07", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. (CVE-2016-4470, Important)\n\n* A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)\n\nRed Hat would like to thank Phil Oester for reporting CVE-2016-5195. The CVE-2016-4470 issue was discovered by David Howells (Red Hat).\n\nEnhancement(s):\n\n* This update fixes a tape write problem by fixing the use of the sas_is_tlr_enabled API in the mpt3sas driver. The driver now checks whether Transport Layer Recovery (TLR) is enabled before enabling the MPI2_SCSIIO_CONTROL_TLR_ON flag. (BZ#1372352)", "modified": "2016-10-31T19:24:02", "published": "2016-10-31T19:16:52", "id": "RHSA-2016:2128", "href": "https://access.redhat.com/errata/RHSA-2016:2128", "type": "redhat", "title": "(RHSA-2016:2128) Important: kernel security and enhancement update", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T19:41:40", "bulletinFamily": "unix", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate)\n\nRed Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nThe kernel-rt packages have been upgraded to upstream version 3.10.0-327.rt56.194.el6rt, which provides a number of bug fixes over the previous version. (BZ#1343658)\n\nThis update also fixes the following bugs:\n\n* Previously, use of the get/put_cpu_var() function in function refill_stock() from the memcontrol cgroup code lead to a \"scheduling while atomic\" warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1348710)\n\n* Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time. This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348711)", "modified": "2018-06-07T08:58:29", "published": "2016-08-02T17:34:07", "id": "RHSA-2016:1532", "href": "https://access.redhat.com/errata/RHSA-2016:1532", "type": "redhat", "title": "(RHSA-2016:1532) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:41", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)\n\n* A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. (CVE-2016-4470, Important)\n\nRed Hat would like to thank Phil Oester for reporting CVE-2016-5195. The CVE-2016-4470 issue was discovered by David Howells (Red Hat).", "modified": "2016-11-01T14:18:34", "published": "2016-11-01T14:16:38", "id": "RHSA-2016:2133", "href": "https://access.redhat.com/errata/RHSA-2016:2133", "type": "redhat", "title": "(RHSA-2016:2133) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:43:32", "bulletinFamily": "unix", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate)\n\nRed Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nThe kernel-rt packages have been upgraded to the kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug fixes over the previous version. (BZ#1350307)\n\nThis update also fixes the following bugs:\n\n* Previously, use of the get/put_cpu_var() function in function refill_stock() from the memcontrol cgroup code lead to a \"scheduling while atomic\" warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1347171)\n\n* Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time. This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348523)", "modified": "2018-03-19T16:29:53", "published": "2016-08-02T17:46:48", "id": "RHSA-2016:1541", "href": "https://access.redhat.com/errata/RHSA-2016:1541", "type": "redhat", "title": "(RHSA-2016:1541) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:42:44", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting\nall of these bug fixes in this advisory. To see the complete list of bug\nfixes, users are directed to the related Knowledge Article:\nhttps://access.redhat.com/articles/2460971.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in\nkey_reject_and_link() an uninitialised variable would eventually lead to\narbitrary free address which could allow attacker to use a use-after-free\nstyle attack. (CVE-2016-4470, Important)\n\n* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel\nthrough 4.3.3 attempts to merge distinct setattr operations, which allows\nlocal users to bypass intended access restrictions and modify the\nattributes of arbitrary overlay files via a crafted application.\n(CVE-2015-8660, Moderate)\n\n* It was reported that on s390x, the fork of a process with four page table\nlevels will cause memory corruption with a variety of symptoms. All\nprocesses are created with three level page table and a limit of 4TB for\nthe address space. If the parent process has four page table levels with a\nlimit of 8PB, the function that duplicates the address space will try to\ncopy memory areas outside of the address space limit for the child process.\n(CVE-2016-2143, Moderate)\n\nRed Hat would like to thank Nathan Williams for reporting CVE-2015-8660.\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n* The glibc headers and the Linux headers share certain definitions of\nkey structures that are required to be defined in kernel and in userspace.\nIn some instances both userspace and sanitized kernel headers have to be\nincluded in order to get the structure definitions required by the user\nprogram. Unfortunately because the glibc and Linux headers don't\ncoordinate this can result in compilation errors. The glibc headers have\ntherefore been fixed to coordinate with Linux UAPI-based headers. With\nthe header coordination compilation errors no longer occur. (BZ#1331285)\n\n* When running the TCP/IPv6 traffic over the mlx4_en networking interface\non the big endian architectures, call traces reporting about a \"hw csum\nfailure\" could occur. With this update, the mlx4_en driver has been fixed\nby correction of the checksum calculation for the big endian\narchitectures. As a result, the call trace error no longer appears\nin the log messages. (BZ#1337431)\n\n* Under significant load, some applications such as logshifter could\ngenerate bursts of log messages too large for the system logger to spool.\nDue to a race condition, log messages from that application could then be\nlost even after the log volume dropped to manageable levels. This update\nfixes the kernel mechanism used to notify the transmitter end of the\nsocket used by the system logger that more space is available on the\nreceiver side, removing a race condition which previously caused the\nsender to stop transmitting new messages and allowing all log messages\nto be processed correctly. (BZ#1337513)\n\n* Previously, after heavy open or close of the Accelerator Function Unit\n(AFU) contexts, the interrupt packet went out and the AFU context did not\nsee any interrupts. Consequently, a kernel panic could occur. The provided\npatch set fixes handling of the interrupt requests, and kernel panic no\nlonger occurs in the described situation. (BZ#1338886)\n\n* net: recvfrom would fail on short buffer. (BZ#1339115)\n* Backport rhashtable changes from upstream. (BZ#1343639)\n* Server Crashing after starting Glusterd & creating volumes. (BZ#1344234)\n* RAID5 reshape deadlock fix. (BZ#1344313)\n* BDX perf uncore support fix. (BZ#1347374)", "modified": "2018-04-12T03:32:44", "published": "2016-08-02T17:46:40", "id": "RHSA-2016:1539", "href": "https://access.redhat.com/errata/RHSA-2016:1539", "type": "redhat", "title": "(RHSA-2016:1539) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-12-11T17:44:00", "bulletinFamily": "unix", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important)\n\n* A flaw was found in the implementation of the Linux kernel's handling of networking challenge ack where an attacker is able to determine the shared counter which could be used to determine sequence numbers for TCP stream injection. (CVE-2016-5696, Important)\n\nRed Hat would like to thank Jann Horn for reporting CVE-2016-4565 and Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting CVE-2016-5696. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).", "modified": "2016-08-23T11:54:57", "published": "2016-08-23T11:48:14", "id": "RHSA-2016:1657", "href": "https://access.redhat.com/errata/RHSA-2016:1657", "type": "redhat", "title": "(RHSA-2016:1657) Important: kernel security update", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-03T18:25:31", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:2006\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)\n\n* A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate)\n\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n* Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962)\n\n* In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036)\n\n* Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the \"unlinked\" state to the \"free\" state:\n\nThe numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing. The blocks were not actually missing, but they were left in the \"unlinked\" state.\n\nIn some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic.\n\nIf an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption.\n\nWith this update, the transition from \"unlinked\" to \"free\" state has been fixed. As a result, none of these three problems occur anymore. (BZ#1359037)\n\n* Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock. This occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038)\n\n* When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions. As a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-October/022117.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2006.html", "modified": "2016-10-05T14:03:13", "published": "2016-10-05T14:03:13", "href": "http://lists.centos.org/pipermail/centos-announce/2016-October/022117.html", "id": "CESA-2016:2006", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-03T18:26:54", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2016:1539\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting\nall of these bug fixes in this advisory. To see the complete list of bug\nfixes, users are directed to the related Knowledge Article:\nhttps://access.redhat.com/articles/2460971.\n\nSecurity Fix(es):\n\n* A flaw was found in the Linux kernel's keyring handling code, where in\nkey_reject_and_link() an uninitialised variable would eventually lead to\narbitrary free address which could allow attacker to use a use-after-free\nstyle attack. (CVE-2016-4470, Important)\n\n* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel\nthrough 4.3.3 attempts to merge distinct setattr operations, which allows\nlocal users to bypass intended access restrictions and modify the\nattributes of arbitrary overlay files via a crafted application.\n(CVE-2015-8660, Moderate)\n\n* It was reported that on s390x, the fork of a process with four page table\nlevels will cause memory corruption with a variety of symptoms. All\nprocesses are created with three level page table and a limit of 4TB for\nthe address space. If the parent process has four page table levels with a\nlimit of 8PB, the function that duplicates the address space will try to\ncopy memory areas outside of the address space limit for the child process.\n(CVE-2016-2143, Moderate)\n\nRed Hat would like to thank Nathan Williams for reporting CVE-2015-8660.\nThe CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).\n\nBug Fix(es):\n\n* The glibc headers and the Linux headers share certain definitions of\nkey structures that are required to be defined in kernel and in userspace.\nIn some instances both userspace and sanitized kernel headers have to be\nincluded in order to get the structure definitions required by the user\nprogram. Unfortunately because the glibc and Linux headers don't\ncoordinate this can result in compilation errors. The glibc headers have\ntherefore been fixed to coordinate with Linux UAPI-based headers. With\nthe header coordination compilation errors no longer occur. (BZ#1331285)\n\n* When running the TCP/IPv6 traffic over the mlx4_en networking interface\non the big endian architectures, call traces reporting about a \"hw csum\nfailure\" could occur. With this update, the mlx4_en driver has been fixed\nby correction of the checksum calculation for the big endian\narchitectures. As a result, the call trace error no longer appears\nin the log messages. (BZ#1337431)\n\n* Under significant load, some applications such as logshifter could\ngenerate bursts of log messages too large for the system logger to spool.\nDue to a race condition, log messages from that application could then be\nlost even after the log volume dropped to manageable levels. This update\nfixes the kernel mechanism used to notify the transmitter end of the\nsocket used by the system logger that more space is available on the\nreceiver side, removing a race condition which previously caused the\nsender to stop transmitting new messages and allowing all log messages\nto be processed correctly. (BZ#1337513)\n\n* Previously, after heavy open or close of the Accelerator Function Unit\n(AFU) contexts, the interrupt packet went out and the AFU context did not\nsee any interrupts. Consequently, a kernel panic could occur. The provided\npatch set fixes handling of the interrupt requests, and kernel panic no\nlonger occurs in the described situation. (BZ#1338886)\n\n* net: recvfrom would fail on short buffer. (BZ#1339115)\n* Backport rhashtable changes from upstream. (BZ#1343639)\n* Server Crashing after starting Glusterd & creating volumes. (BZ#1344234)\n* RAID5 reshape deadlock fix. (BZ#1344313)\n* BDX perf uncore support fix. (BZ#1347374)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-August/022025.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1539.html", "modified": "2016-08-03T14:05:49", "published": "2016-08-03T14:05:49", "href": "http://lists.centos.org/pipermail/centos-announce/2016-August/022025.html", "id": "CESA-2016:1539", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:42:58", "bulletinFamily": "unix", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bnc#986362).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n\n The following non-security bugs were fixed:\n - RDMA/cxgb4: Configure 0B MRs to match HW implementation (bsc#909589).\n - RDMA/cxgb4: Do not hang threads forever waiting on WR replies\n (bsc#909589).\n - RDMA/cxgb4: Fix locking issue in process_mpa_request (bsc#909589).\n - RDMA/cxgb4: Handle NET_XMIT return codes (bsc#909589).\n - RDMA/cxgb4: Increase epd buff size for debug interface (bsc#909589).\n - RDMA/cxgb4: Limit MRs to less than 8GB for T4/T5 devices (bsc#909589).\n - RDMA/cxgb4: Serialize CQ event upcalls with CQ destruction (bsc#909589).\n - RDMA/cxgb4: Wake up waiters after flushing the qp (bsc#909589).\n - bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit (bsc#982544).\n - iucv: call skb_linearize() when needed (bnc#979915, LTC#141240).\n - kabi: prevent spurious modversion changes after bsc#982544 fix\n (bsc#982544).\n - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n - mm: Fix DIF failures on ext3 filesystems (bsc#971030).\n - net/qlge: Avoids recursive EEH error (bsc#954847).\n - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in\n br_validate_ipv6 (bsc#982544).\n - netfilter: bridge: do not leak skb in error paths (bsc#982544).\n - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n - qeth: delete napi struct when removing a qeth device (bnc#979915,\n LTC#143590).\n - s390/mm: fix asce_bits handling with dynamic pagetable levels\n (bnc#979915, LTC#141456).\n - s390/pci: fix use after free in dma_init (bnc#979915, LTC#141626).\n - s390: fix test_fp_ctl inline assembly contraints (bnc#979915,\n LTC#143138).\n - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency\n (bnc#988498).\n - sched/cputime: Fix cpu_timer_sample_group() double accounting\n (bnc#988498).\n - sched: Provide update_curr callbacks for stop/idle scheduling classes\n (bnc#988498).\n - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n\n", "modified": "2016-08-09T21:09:10", "published": "2016-08-09T21:09:10", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html", "id": "SUSE-SU-2016:2018-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:12", "bulletinFamily": "unix", "description": "The openSUSE Leap 42.1 was updated to 4.1.27 to receive various security\n and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables\n handling could lead to a local privilege escalation. (bsc#986362)\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allow local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n - CVE-2016-4794: Use-after-free vulnerability in mm/percpu.c in the Linux\n kernel allowed local users to cause a denial of service (BUG)\n or possibly have unspecified other impact via crafted use of the mmap\n and bpf system calls (bnc#980265).\n\n The following non-security bugs were fixed:\n - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with\n head exceeding page size (bsc#978469).\n - Refresh patches.xen/xen3-patch-2.6.26 (fix PAT initialization).\n - Refresh patches.xen/xen3-patch-2.6.39 (fix ia32_compat inheritance).\n - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position\n updates for /proc/xen/xenbus (bsc#970275).\n - Refresh patches.xen/xen3-patch-3.16 (drop redundant addition of a\n comment).\n - Refresh patches.xen/xen3-patch-4.1.7-8.\n - base: make module_create_drivers_dir race-free (bnc#983977).\n - ipvs: count pre-established TCP states as active (bsc#970114).\n - net: thunderx: Fix TL4 configuration for secondary Qsets (bsc#986530).\n - net: thunderx: Fix link status reporting (bsc#986530).\n\n", "modified": "2016-07-14T14:08:15", "published": "2016-07-14T14:08:15", "id": "OPENSUSE-SU-2016:1798-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00014.html", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:36:24", "bulletinFamily": "unix", "description": "This update for the Linux Kernel 3.12.60-52_49 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n\n", "modified": "2016-08-09T17:18:11", "published": "2016-08-09T17:18:11", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html", "id": "SUSE-SU-2016:1999-1", "title": "Security update for Linux Kernel Live Patch 14 for SLE 12 (important)", "type": "suse", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:35:13", "bulletinFamily": "unix", "description": "This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bsc#984764).\n\n", "modified": "2016-08-09T17:17:48", "published": "2016-08-09T17:17:48", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html", "id": "SUSE-SU-2016:1998-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 15 for SLE 12 (important)", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:39:50", "bulletinFamily": "unix", "description": "This update for the Linux Kernel 3.12.59-60_45 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bsc#991667).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bsc#986573).\n\n", "modified": "2016-08-29T15:10:19", "published": "2016-08-29T15:10:19", "id": "SUSE-SU-2016:2175-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html", "title": "Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:02:22", "bulletinFamily": "unix", "description": "This update for the Linux Kernel 3.12.53-60_30 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bsc#991667).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bsc#986573).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bsc#986377).\n\n", "modified": "2016-08-29T15:12:03", "published": "2016-08-29T15:12:03", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html", "id": "SUSE-SU-2016:2178-1", "title": "Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:21:45", "bulletinFamily": "unix", "description": "This update for the Linux Kernel 3.12.49-11 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bsc#991667).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bsc#986573).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bsc#986377).\n\n", "modified": "2016-08-29T15:09:29", "published": "2016-08-29T15:09:29", "id": "SUSE-SU-2016:2174-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html", "title": "Security update for Linux Kernel Live Patch 0 for SLE 12 SP1 (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:46:39", "bulletinFamily": "unix", "description": "This update for the Linux Kernel 3.12.51-60_20 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bsc#991667).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bsc#986573).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bsc#986377).\n\n", "modified": "2016-08-29T15:14:14", "published": "2016-08-29T15:14:14", "id": "SUSE-SU-2016:2181-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html", "title": "Security update for Linux Kernel Live Patch 1 for SLE 12 SP1 (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:35:28", "bulletinFamily": "unix", "description": "This update for the Linux Kernel 3.12.51-60_25 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bsc#991667).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bsc#986573).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bsc#986377).\n\n", "modified": "2016-08-29T15:12:47", "published": "2016-08-29T15:12:47", "id": "SUSE-SU-2016:2179-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html", "title": "Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:19:23", "bulletinFamily": "unix", "description": "This update for the Linux Kernel 3.12.57-60_35 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bsc#991667).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bsc#986573).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bsc#986377).\n\n", "modified": "2016-08-29T15:13:28", "published": "2016-08-29T15:13:28", "id": "SUSE-SU-2016:2180-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html", "title": "Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:44:10", "bulletinFamily": "unix", "description": "[2.6.32-642.6.1]\n- [net] tcp: make challenge acks less predictable (Florian Westphal) [1355606 1355607] {CVE-2016-5696}\n- [fs] sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags (Scott Mayhew) [1366962 1294939]\n- [usbhid] hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Yauheni Kaliuta) [1359999 1360008] {CVE-2016-5829}\n[2.6.32-642.5.1]\n- [scsi] megaraid_sas: Do not fire MR_DCMD_PD_LIST_QUERY to controllers which do not support it (Tomas Henzl) [1359039 1352826]\n- [scsi] libfc: sanity check cpu number extracted from xid (Chris Leech) [1359036 1351356]\n- [security] keys: potential uninitialized variable (Mateusz Guzik) [1345945 1345946] {CVE-2016-4470}\n- [fs] gfs2: Lock holder cleanup (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Large-filesystem fix for 32-bit systems (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Get rid of gfs2_ilookup (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Fix gfs2_lookup_by_inum lock inversion (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Initialize iopen glock holder for new inodes (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Release iopen glock in gfs2_create_inode error cases (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Wait for iopen glock dequeues (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Re-add an omission from upstream (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Eliminate parameter non_block on gfs2_inode_lookup (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Don't filter out I_FREEING inodes anymore (Robert S Peterson) [1359038 1238861]\n- [fs] gfs2: Check if iopen is held when deleting inode (Robert S Peterson) [1359037 1173286]\n- [fs] gfs2: Don't do glock put when inode creation fails (Robert S Peterson) [1359037 1173286]\n- [fs] gfs2: Prevent delete work from occurring on glocks used for create (Robert S Peterson) [1359037 1173286]\n- [fs] gfs2: Always use iopen glock for gl_deletes (Robert S Peterson) [1359037 1173286]\n- [fs] gfs2: Update master statfs buffer with sd_statfs_spin locked (Robert S Peterson) [1359037 1173286]", "modified": "2016-10-04T00:00:00", "published": "2016-10-04T00:00:00", "id": "ELSA-2016-2006", "href": "http://linux.oracle.com/errata/ELSA-2016-2006.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:45:45", "bulletinFamily": "unix", "description": "[2.6.39-400.283.2]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393863] {CVE-2016-4470}", "modified": "2016-08-04T00:00:00", "published": "2016-08-04T00:00:00", "id": "ELSA-2016-3592", "href": "http://linux.oracle.com/errata/ELSA-2016-3592.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:47:46", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-118.9.2]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393864] {CVE-2016-4470}", "modified": "2016-08-04T00:00:00", "published": "2016-08-04T00:00:00", "id": "ELSA-2016-3591", "href": "http://linux.oracle.com/errata/ELSA-2016-3591.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:12", "bulletinFamily": "unix", "description": "[2.6.39-400.286.2]\n- HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798694] {CVE-2016-5829}\n[2.6.39-400.286.1]\n- Revert 'rds: skip rx/tx work when destroying connection' (Brian Maly) [Orabug: 24790158]\n[2.6.39-400.285.1]\n- netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24690302] {CVE-2016-3134}\n- ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24587406] \n- TTY: do not reset master's packet mode (Jiri Slaby) [Orabug: 24569399] \n- ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 24500401] \n- rds: skip rx/tx work when destroying connection (Wengang Wang) [Orabug: 24314773] \n- Revert 'IPoIB: serialize changing on tx_outstanding' (Wengang Wang) [Orabug: 23745787] \n- xen/events: document behaviour when scanning the start word for events (Dongli Zhang) [Orabug: 23083945] \n- xen/events: mask events when changing their VCPU binding (Dongli Zhang) [Orabug: 23083945] \n- xen/events: initialize local per-cpu mask for all possible events (Dongli Zhang) [Orabug: 23083945] \n- IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570922] \n- NFS: Remove BUG_ON() calls from the generic writeback code (Trond Myklebust) [Orabug: 22386565] \n- ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218262] \n- oracleasm: Classify device connectivity issues as global errors (Martin K. Petersen) [Orabug: 21760143] ", "modified": "2016-10-06T00:00:00", "published": "2016-10-06T00:00:00", "id": "ELSA-2016-3624", "href": "http://linux.oracle.com/errata/ELSA-2016-3624.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:44:02", "bulletinFamily": "unix", "description": "kernel-uek\n[4.1.12-37.6.2]\n- KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393865] {CVE-2016-4470}\n- ovl: fix permission checking for setattr (Miklos Szeredi) [Orabug: 24393742] {CVE-2015-8660}", "modified": "2016-08-04T00:00:00", "published": "2016-08-04T00:00:00", "id": "ELSA-2016-3593", "href": "http://linux.oracle.com/errata/ELSA-2016-3593.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:42:03", "bulletinFamily": "unix", "description": "kernel-uek\n[3.8.13-118.13.2]\n- HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798695] {CVE-2016-5829}\n[3.8.13-118.13.1]\n- Revert 'rds: skip rx/tx work when destroying connection' (Brian Maly) [Orabug: 24790116]\n[3.8.13-118.12.1]\n- scsi_sysfs: protect against double execution of __scsi_remove_device() (Vitaly Kuznetsov) [Orabug: 23720563] \n- ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24691666] \n- netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24690304] {CVE-2016-3134}\n- NFSv4: Fail I/O if the state recovery fails irrevocably (Trond Myklebust) [Orabug: 24681407] \n- rds: skip rx/tx work when destroying connection (Wengang Wang) [Orabug: 24395795] \n- ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 23747627] \n- sched/core: Clear the root_domain cpumasks in init_rootdomain() (Xunlei Pang) [Orabug: 23518545] \n- ocfs2: move dquot_initialize() in ocfs2_delete_inode() somewhat later (Jan Kara) [Orabug: 23097098] \n- fuse: fix typo while displaying fuse numa mount option (Ashish Samant) \n- IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Wengang Wang) [Orabug: 22570521] \n- ocfs2: return non-zero st_blocks for inline data (John Haxby) [Orabug: 22218260] \n- watchdog: update watchdog_thresh properly (Michal Hocko) [Orabug: 21868337] ", "modified": "2016-10-06T00:00:00", "published": "2016-10-06T00:00:00", "id": "ELSA-2016-3623", "href": "http://linux.oracle.com/errata/ELSA-2016-3623.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T01:46:19", "bulletinFamily": "unix", "description": "kernel-uek\n[4.1.12-61.1.13]\n- HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24803597] {CVE-2016-5829}\n[4.1.12-61.1.12]\n- ocfs2: Fix start offset to ocfs2_zero_range_for_truncate() (Ashish Samant) [Orabug: 24790230]\n[4.1.12-61.1.11]\n- ocfs2: Fix double put of recount tree in ocfs2_lock_refcount_tree() (Ashish Samant) [Orabug: 24691860] \n- megaraid_sas: Don't issue kill adapter for MFI controllers in case of PD list DCMD failure (Sumit Saxena) [Orabug: 24506797] \n- netfilter: x_tables: speed up jump target validation (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES (Pablo Neira Ayuso) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: remove unused comefrom hookmask argument (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: introduce and use xt_copy_counters_from_user (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: do compat validation via translate_table (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: xt_compat_match_from_user doesn't need a retval (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: ip6_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: ip_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: arp_tables: simplify translate_compat_table args (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: don't reject valid target size on some architectures (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: validate all offsets and sizes in a rule (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: check for bogus target offset (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: check standard target size too (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: add compat version of xt_check_entry_offsets (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: assert minimum target size (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: kill check_entry helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: add and use xt_check_entry_offsets (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: validate targets of jumps (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: don't move to non-existent next rule (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: fix unconditional helper (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}\n- netfilter: x_tables: check for size overflow (Florian Westphal) [Orabug: 24691226] {CVE-2016-3134}", "modified": "2016-10-06T00:00:00", "published": "2016-10-06T00:00:00", "id": "ELSA-2016-3625", "href": "http://linux.oracle.com/errata/ELSA-2016-3625.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:42", "bulletinFamily": "unix", "description": "It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470)\n\nKangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243)", "modified": "2016-08-10T00:00:00", "published": "2016-08-10T00:00:00", "id": "USN-3052-1", "href": "https://usn.ubuntu.com/3052-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:05", "bulletinFamily": "unix", "description": "It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470)\n\nKangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243)", "modified": "2016-08-10T00:00:00", "published": "2016-08-10T00:00:00", "id": "USN-3051-1", "href": "https://usn.ubuntu.com/3051-1/", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:07", "bulletinFamily": "unix", "description": "Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244)\n\nYue Cao et al discovered a flaw in the TCP implementation\u2019s handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696)\n\nIt was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel. A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829)", "modified": "2016-08-29T00:00:00", "published": "2016-08-29T00:00:00", "id": "USN-3072-1", "href": "https://usn.ubuntu.com/3072-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:10:16", "bulletinFamily": "unix", "description": "Kangjie Lu discovered an information leak in the Reliable Datagram Sockets (RDS) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-5244)\n\nYue Cao et al discovered a flaw in the TCP implementation\u2019s handling of challenge acks in the Linux kernel. A remote attacker could use this to cause a denial of service (reset connection) or inject content into an TCP stream. (CVE-2016-5696)\n\nIt was discovered that a heap based buffer overflow existed in the USB HID driver in the Linux kernel. A local attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-5829)", "modified": "2016-08-29T00:00:00", "published": "2016-08-29T00:00:00", "id": "USN-3072-2", "href": "https://usn.ubuntu.com/3072-2/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-18T13:49:07", "bulletinFamily": "unix", "description": "Package : linux\nVersion : 3.2.81-2\nCVE ID : CVE-2016-3857 CVE-2016-4470 CVE-2016-5696 CVE-2016-5829 \n CVE-2016-6136 CVE-2016-6480 CVE-2016-6828 CVE-2016-7118\nDebian Bug : 827561\n\nThis update fixes the CVEs described below.\n\nCVE-2016-3857\n\n Chiachih Wu reported two bugs in the ARM OABI compatibility layer\n that can be used by local users for privilege escalation. The\n OABI compatibility layer is enabled in all kernel flavours for\n armel and armhf.\n\nCVE-2016-4470\n\n Wade Mealing of the Red Hat Product Security Team reported that\n in some error cases the KEYS subsystem will dereference an\n uninitialised pointer. A local user can use the keyctl()\n system call for denial of service (crash) or possibly for\n privilege escalation.\n\nCVE-2016-5696\n\n Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V.\n Krishnamurthy of the University of California, Riverside; and Lisa\n M. Marvel of the United States Army Research Laboratory discovered\n that Linux's implementation of the TCP Challenge ACK feature\n results in a side channel that can be used to find TCP connections\n between specific IP addresses, and to inject messages into those\n connections.\n\n Where a service is made available through TCP, this may allow\n remote attackers to impersonate another connected user to the\n server or to impersonate the server to another connected user. In\n case the service uses a protocol with message authentication\n (e.g. TLS or SSH), this vulnerability only allows denial of\n service (connection failure). An attack takes tens of seconds, so\n short-lived TCP connections are also unlikely to be vulnerable.\n\n This may be mitigated by increasing the rate limit for TCP\n Challenge ACKs so that it is never exceeded:\n sysctl net.ipv4.tcp_challenge_ack_limit=1000000000\n\nCVE-2016-5829\n\n Several heap-based buffer overflow vulnerabilities were found in\n the hiddev driver, allowing a local user with access to a HID\n device to cause a denial of service or potentially escalate their\n privileges.\n\nCVE-2016-6136\n\n Pengfei Wang discovered that the audit subsystem has a\n 'double-fetch' or 'TOCTTOU' bug in its handling of special\n characters in the name of an executable. Where audit logging of\n execve() is enabled, this allows a local user to generate\n misleading log messages.\n\nCVE-2016-6480\n\n Pengfei Wang discovered that the aacraid driver for Adaptec RAID\n controllers has a 'double-fetch' or 'TOCTTOU' bug in its\n validation of 'FIB' messages passed through the ioctl() system\n call. This has no practical security impact in current Debian\n releases.\n\nCVE-2016-6828\n\n Marco Grassi reported a 'use-after-free' bug in the TCP\n implementation, which can be triggered by local users. The\n security impact is unclear, but might include denial of service or\n privilege escalation.\n\nCVE-2016-7118\n\n Marcin Szewczyk reported that calling fcntl() on a file descriptor\n for a directory on an aufs filesystem would result in am 'oops'.\n This allows local users to cause a denial of service. This is a\n Debian-specific regression introduced in version 3.2.81-1.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.81-2. This version also fixes a build failure (bug #827561) for\ncustom kernels with CONFIG_MODULES disabled, a regression in version\n3.2.81-1. It also updates the PREEMPT_RT featureset to version\n3.2.81-rt117.\n\nFor Debian 8 "Jessie", CVE-2016-3857 has no impact; CVE-2016-4470 and\nCVE-2016-5829 were fixed in linux version 3.16.7-ckt25-2+deb8u3 or\nearlier; and the remaining issues are fixed in version 3.16.36-1+deb8u1.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "modified": "2016-09-03T11:54:21", "published": "2016-09-03T11:54:21", "id": "DEBIAN:DLA-609-1:1025A", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201609/msg00002.html", "title": "[SECURITY] [DLA 609-1] linux security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}