The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented :
The ext2 filesystem got reenabled and supported to allow support for ‘XIP’ (Execute In Place) (FATE#320805). The following security bugs were fixed :
CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#1021258).
CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).
CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. A user/process inside guest could have used this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest. (bsc#1020602).
CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851).
CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).
CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).
CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product:
Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:
A-31349935 (bnc#1014746).
CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540).
CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).
CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).
CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).
CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).
CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).
CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).
CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502).
CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475).
CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).
CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197).
CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misused the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).
CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).
CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).
CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462).
CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748).
CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).
CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152).
CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a ‘double fetch’ vulnerability (bnc#987542).
CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a ‘double fetch’ vulnerability (bnc#991608).
CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 bnc#986365).
CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569).
CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).
CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).
CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:0471-1.
# The text itself is copyright (C) SUSE.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(97205);
script_version("3.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2014-9904", "CVE-2015-8956", "CVE-2015-8962", "CVE-2015-8963", "CVE-2015-8964", "CVE-2016-10088", "CVE-2016-4470", "CVE-2016-4998", "CVE-2016-5696", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6130", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8658", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9806", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-5551");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to
receive various security and bugfixes. The following feature was
implemented :
- The ext2 filesystem got reenabled and supported to allow
support for 'XIP' (Execute In Place) (FATE#320805). The
following security bugs were fixed :
- CVE-2017-5551: The tmpfs filesystem implementation in
the Linux kernel preserved the setgid bit during a
setxattr call, which allowed local users to gain group
privileges by leveraging the existence of a setgid
program with restrictions on execute permissions
(bsc#1021258).
- CVE-2016-7097: The filesystem implementation in the
Linux kernel preserved the setgid bit during a setxattr
call, which allowed local users to gain group privileges
by leveraging the existence of a setgid program with
restrictions on execute permissions (bnc#995968).
- CVE-2017-2583: A Linux kernel built with the
Kernel-based Virtual Machine (CONFIG_KVM) support was
vulnerable to an incorrect segment selector(SS) value
error. A user/process inside guest could have used this
flaw to crash the guest resulting in DoS or potentially
escalate their privileges inside guest. (bsc#1020602).
- CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux
kernel allowed local users to obtain sensitive
information from kernel memory or cause a denial of
service (use-after-free) via a crafted application that
leverages instruction emulation for fxrstor, fxsave,
sgdt, and sidt (bnc#1019851).
- CVE-2016-10088: The sg implementation in the Linux
kernel did not properly restrict write operations in
situations where the KERNEL_DS option is set, which
allowed local users to read or write to arbitrary kernel
memory locations or cause a denial of service
(use-after-free) by leveraging access to a /dev/sg
device, related to block/bsg.c and drivers/scsi/sg.c.
NOTE: this vulnerability exists because of an incomplete
fix for CVE-2016-9576 (bnc#1017710).
- CVE-2016-8645: The TCP stack in the Linux kernel
mishandled skb truncation, which allowed local users to
cause a denial of service (system crash) via a crafted
application that made sendto system calls, related to
net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c
(bnc#1009969).
- CVE-2016-8399: An elevation of privilege vulnerability
in the kernel networking subsystem could enable a local
malicious application to execute arbitrary code within
the context of the kernel. This issue is rated as
Moderate because it first requires compromising a
privileged process and current compiler optimizations
restrict access to the vulnerable code. Product:
Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:
A-31349935 (bnc#1014746).
- CVE-2016-9806: Race condition in the netlink_dump
function in net/netlink/af_netlink.c in the Linux kernel
allowed local users to cause a denial of service (double
free) or possibly have unspecified other impact via a
crafted application that made sendmsg system calls,
leading to a free operation associated with a new dump
that started earlier than anticipated (bnc#1013540).
- CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux
kernel did not properly initialize Code Segment (CS) in
certain error cases, which allowed local users to obtain
sensitive information from kernel stack memory via a
crafted application (bnc#1013038).
- CVE-2016-9793: The sock_setsockopt function in
net/core/sock.c in the Linux kernel mishandled negative
values of sk_sndbuf and sk_rcvbuf, which allowed local
users to cause a denial of service (memory corruption
and system crash) or possibly have unspecified other
impact by leveraging the CAP_NET_ADMIN capability for a
crafted setsockopt system call with the (1)
SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option
(bnc#1013531).
- CVE-2016-7910: Use-after-free vulnerability in the
disk_seqf_stop function in block/genhd.c in the Linux
kernel allowed local users to gain privileges by
leveraging the execution of a certain stop operation
even if the corresponding start operation had failed
(bnc#1010716).
- CVE-2015-8962: Double free vulnerability in the
sg_common_write function in drivers/scsi/sg.c in the
Linux kernel allowed local users to gain privileges or
cause a denial of service (memory corruption and system
crash) by detaching a device during an SG_IO ioctl call
(bnc#1010501).
- CVE-2016-7913: The xc2028_set_config function in
drivers/media/tuners/tuner-xc2028.c in the Linux kernel
allowed local users to gain privileges or cause a denial
of service (use-after-free) via vectors involving
omission of the firmware name from a certain data
structure (bnc#1010478).
- CVE-2016-7911: Race condition in the get_task_ioprio
function in block/ioprio.c in the Linux kernel allowed
local users to gain privileges or cause a denial of
service (use-after-free) via a crafted ioprio_get system
call (bnc#1010711).
- CVE-2015-8964: The tty_set_termios_ldisc function in
drivers/tty/tty_ldisc.c in the Linux kernel allowed
local users to obtain sensitive information from kernel
memory by reading a tty data structure (bnc#1010507).
- CVE-2015-8963: Race condition in kernel/events/core.c in
the Linux kernel allowed local users to gain privileges
or cause a denial of service (use-after-free) by
leveraging incorrect handling of an swevent data
structure during a CPU unplug operation (bnc#1010502).
- CVE-2016-7914: The assoc_array_insert_into_terminal_node
function in lib/assoc_array.c in the Linux kernel did
not check whether a slot is a leaf, which allowed local
users to obtain sensitive information from kernel memory
or cause a denial of service (invalid pointer
dereference and out-of-bounds read) via an application
that uses associative-array data structures, as
demonstrated by the keyutils test suite (bnc#1010475).
- CVE-2016-8633: drivers/firewire/net.c in the Linux
kernel allowed remote attackers to execute arbitrary
code via crafted fragmented packets (bnc#1008833).
- CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux
kernel allowed local users to bypass integer overflow
checks, and cause a denial of service (memory
corruption) or have unspecified other impact, by
leveraging access to a vfio PCI device file for a
VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine
confusion bug (bnc#1007197).
- CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the
Linux kernel misused the kzalloc function, which allowed
local users to cause a denial of service (integer
overflow) or have unspecified other impact by leveraging
access to a vfio PCI device file (bnc#1007197).
- CVE-2016-7042: The proc_keys_show function in
security/keys/proc.c in the Linux kernel uses an
incorrect buffer size for certain timeout data, which
allowed local users to cause a denial of service (stack
memory corruption and panic) by reading the /proc/keys
file (bnc#1004517).
- CVE-2015-8956: The rfcomm_sock_bind function in
net/bluetooth/rfcomm/sock.c in the Linux kernel allowed
local users to obtain sensitive information or cause a
denial of service (NULL pointer dereference) via vectors
involving a bind system call on a Bluetooth RFCOMM
socket (bnc#1003925).
- CVE-2016-8658: Stack-based buffer overflow in the
brcmf_cfg80211_start_ap function in
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021
1.c in the Linux kernel allowed local users to cause a
denial of service (system crash) or possibly have
unspecified other impact via a long SSID Information
Element in a command to a Netlink socket (bnc#1004462).
- CVE-2016-7425: The arcmsr_iop_message_xfer function in
drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did
not restrict a certain length field, which allowed local
users to gain privileges or cause a denial of service
(heap-based buffer overflow) via an
ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
- CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in
the Linux kernel allowed local users to cause a denial
of service (NULL pointer dereference and system crash)
by using an ABORT_TASK command to abort a device write
operation (bnc#994748).
- CVE-2016-6828: The tcp_check_send_head function in
include/net/tcp.h in the Linux kernel did not properly
maintain certain SACK state after a failed data copy,
which allowed local users to cause a denial of service
(tcp_xmit_retransmit_queue use-after-free and system
crash) via a crafted SACK option (bnc#994296).
- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel
did not properly determine the rate of challenge ACK
segments, which made it easier for remote attackers to
hijack TCP sessions via a blind in-window attack
(bnc#989152).
- CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb
function in drivers/s390/char/sclp_ctl.c in the Linux
kernel allowed local users to obtain sensitive
information from kernel memory by changing a certain
length value, aka a 'double fetch' vulnerability
(bnc#987542).
- CVE-2016-6480: Race condition in the ioctl_send_fib
function in drivers/scsi/aacraid/commctrl.c in the Linux
kernel allowed local users to cause a denial of service
(out-of-bounds access or system crash) by changing a
certain size value, aka a 'double fetch' vulnerability
(bnc#991608).
- CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt
implementation in the netfilter subsystem in the Linux
kernel allowed local users to cause a denial of service
(out-of-bounds read) or possibly obtain sensitive
information from kernel heap memory by leveraging
in-container root access to provide a crafted offset
value that leads to crossing a ruleset blob boundary
(bnc#986362 bnc#986365).
- CVE-2016-5828: The start_thread function in
arch/powerpc/kernel/process.c in the Linux kernel on
powerpc platforms mishandled transactional state, which
allowed local users to cause a denial of service
(invalid process state or TM Bad Thing exception, and
system crash) or possibly have unspecified other impact
by starting and suspending a transaction before an exec
system call (bnc#986569).
- CVE-2014-9904: The snd_compress_check_input function in
sound/core/compress_offload.c in the ALSA subsystem in
the Linux kernel did not properly check for an integer
overflow, which allowed local users to cause a denial of
service (insufficient memory allocation) or possibly
have unspecified other impact via a crafted
SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).
- CVE-2016-5829: Multiple heap-based buffer overflows in
the hiddev_ioctl_usage function in
drivers/hid/usbhid/hiddev.c in the Linux kernel allow
local users to cause a denial of service or possibly
have unspecified other impact via a crafted (1)
HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call
(bnc#986572).
- CVE-2016-4470: The key_reject_and_link function in
security/keys/key.c in the Linux kernel did not ensure
that a certain data structure is initialized, which
allowed local users to cause a denial of service (system
crash) via vectors involving a crafted keyctl request2
command (bnc#984755).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1003153"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1003925"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1004462"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1004517"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1005666"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1007197"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1008833"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1008979"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1009969"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010040"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010475"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010478"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010501"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010502"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010507"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010612"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010711"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1010716"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1011820"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1012422"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1013038"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1013531"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1013540"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1013542"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1014746"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1016482"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1017410"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1017589"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1017710"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1019300"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1019851"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1020602"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1021258"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=881008"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=915183"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=958606"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=961257"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=970083"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=971989"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=976195"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=978094"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=980371"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=980560"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=981038"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=981597"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=981709"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=982282"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=982544"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=983619"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=983721"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=983977"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=984148"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=984419"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=984755"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=985978"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986362"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986365"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986445"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986569"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986572"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986811"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=986941"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=987542"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=987565"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=987576"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=989152"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=990384"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=991608"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=991665"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=993392"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=993890"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=993891"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=994296"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=994748"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=994881"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=995968"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=997708"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=998795"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=999584"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=999600"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=999932"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=999943"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-9904/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-8956/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-8962/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-8963/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2015-8964/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10088/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-4470/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-4998/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-5696/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-5828/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-5829/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-6130/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-6327/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-6480/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-6828/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7042/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7097/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7425/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7910/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7911/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7913/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-7914/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-8399/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-8633/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-8645/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-8658/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-9083/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-9084/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-9756/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-9793/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-9806/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-2583/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-2584/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-5551/"
);
# https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?7188b37b"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
SUSE-SLE-SAP-12-2017-247=1
SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-247=1
SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
SUSE-SLE-Module-Public-Cloud-12-2017-247=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_66-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_66-xen");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
script_set_attribute(attribute:"patch_publication_date", value:"2017/02/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/16");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-devel-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_66-default-1-2.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_66-xen-1-2.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"s390x", reference:"kernel-default-man-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-debuginfo-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debuginfo-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debugsource-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-devel-3.12.61-52.66.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-syms-3.12.61-52.66.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-base-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo |
novell | suse_linux | kernel-default-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-debuginfo |
novell | suse_linux | kernel-default-debugsource | p-cpe:/a:novell:suse_linux:kernel-default-debugsource |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-default-man | p-cpe:/a:novell:suse_linux:kernel-default-man |
novell | suse_linux | kernel-syms | p-cpe:/a:novell:suse_linux:kernel-syms |
novell | suse_linux | kernel-xen | p-cpe:/a:novell:suse_linux:kernel-xen |
novell | suse_linux | kernel-xen-base | p-cpe:/a:novell:suse_linux:kernel-xen-base |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9904
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10088
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4998
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5828
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5829
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6327
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6480
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6828
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7913
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7914
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8399
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8633
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9576
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9793
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2583
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2584
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5551
www.nessus.org/u?7188b37b
bugzilla.suse.com/show_bug.cgi?id=1003153
bugzilla.suse.com/show_bug.cgi?id=1003925
bugzilla.suse.com/show_bug.cgi?id=1004462
bugzilla.suse.com/show_bug.cgi?id=1004517
bugzilla.suse.com/show_bug.cgi?id=1005666
bugzilla.suse.com/show_bug.cgi?id=1007197
bugzilla.suse.com/show_bug.cgi?id=1008833
bugzilla.suse.com/show_bug.cgi?id=1008979
bugzilla.suse.com/show_bug.cgi?id=1009969
bugzilla.suse.com/show_bug.cgi?id=1010040
bugzilla.suse.com/show_bug.cgi?id=1010475
bugzilla.suse.com/show_bug.cgi?id=1010478
bugzilla.suse.com/show_bug.cgi?id=1010501
bugzilla.suse.com/show_bug.cgi?id=1010502
bugzilla.suse.com/show_bug.cgi?id=1010507
bugzilla.suse.com/show_bug.cgi?id=1010612
bugzilla.suse.com/show_bug.cgi?id=1010711
bugzilla.suse.com/show_bug.cgi?id=1010716
bugzilla.suse.com/show_bug.cgi?id=1011820
bugzilla.suse.com/show_bug.cgi?id=1012422
bugzilla.suse.com/show_bug.cgi?id=1013038
bugzilla.suse.com/show_bug.cgi?id=1013531
bugzilla.suse.com/show_bug.cgi?id=1013540
bugzilla.suse.com/show_bug.cgi?id=1013542
bugzilla.suse.com/show_bug.cgi?id=1014746
bugzilla.suse.com/show_bug.cgi?id=1016482
bugzilla.suse.com/show_bug.cgi?id=1017410
bugzilla.suse.com/show_bug.cgi?id=1017589
bugzilla.suse.com/show_bug.cgi?id=1017710
bugzilla.suse.com/show_bug.cgi?id=1019300
bugzilla.suse.com/show_bug.cgi?id=1019851
bugzilla.suse.com/show_bug.cgi?id=1020602
bugzilla.suse.com/show_bug.cgi?id=1021258
bugzilla.suse.com/show_bug.cgi?id=881008
bugzilla.suse.com/show_bug.cgi?id=915183
bugzilla.suse.com/show_bug.cgi?id=958606
bugzilla.suse.com/show_bug.cgi?id=961257
bugzilla.suse.com/show_bug.cgi?id=970083
bugzilla.suse.com/show_bug.cgi?id=971989
bugzilla.suse.com/show_bug.cgi?id=976195
bugzilla.suse.com/show_bug.cgi?id=978094
bugzilla.suse.com/show_bug.cgi?id=980371
bugzilla.suse.com/show_bug.cgi?id=980560
bugzilla.suse.com/show_bug.cgi?id=981038
bugzilla.suse.com/show_bug.cgi?id=981597
bugzilla.suse.com/show_bug.cgi?id=981709
bugzilla.suse.com/show_bug.cgi?id=982282
bugzilla.suse.com/show_bug.cgi?id=982544
bugzilla.suse.com/show_bug.cgi?id=983619
bugzilla.suse.com/show_bug.cgi?id=983721
bugzilla.suse.com/show_bug.cgi?id=983977
bugzilla.suse.com/show_bug.cgi?id=984148
bugzilla.suse.com/show_bug.cgi?id=984419
bugzilla.suse.com/show_bug.cgi?id=984755
bugzilla.suse.com/show_bug.cgi?id=985978
bugzilla.suse.com/show_bug.cgi?id=986362
bugzilla.suse.com/show_bug.cgi?id=986365
bugzilla.suse.com/show_bug.cgi?id=986445
bugzilla.suse.com/show_bug.cgi?id=986569
bugzilla.suse.com/show_bug.cgi?id=986572
bugzilla.suse.com/show_bug.cgi?id=986811
bugzilla.suse.com/show_bug.cgi?id=986941
bugzilla.suse.com/show_bug.cgi?id=987542
bugzilla.suse.com/show_bug.cgi?id=987565
bugzilla.suse.com/show_bug.cgi?id=987576
bugzilla.suse.com/show_bug.cgi?id=989152
bugzilla.suse.com/show_bug.cgi?id=990384
bugzilla.suse.com/show_bug.cgi?id=991608
bugzilla.suse.com/show_bug.cgi?id=991665
bugzilla.suse.com/show_bug.cgi?id=993392
bugzilla.suse.com/show_bug.cgi?id=993890
bugzilla.suse.com/show_bug.cgi?id=993891
bugzilla.suse.com/show_bug.cgi?id=994296
bugzilla.suse.com/show_bug.cgi?id=994748
bugzilla.suse.com/show_bug.cgi?id=994881
bugzilla.suse.com/show_bug.cgi?id=995968
bugzilla.suse.com/show_bug.cgi?id=997708
bugzilla.suse.com/show_bug.cgi?id=998795
bugzilla.suse.com/show_bug.cgi?id=999584
bugzilla.suse.com/show_bug.cgi?id=999600
bugzilla.suse.com/show_bug.cgi?id=999932
bugzilla.suse.com/show_bug.cgi?id=999943
www.suse.com/security/cve/CVE-2014-9904/
www.suse.com/security/cve/CVE-2015-8956/
www.suse.com/security/cve/CVE-2015-8962/
www.suse.com/security/cve/CVE-2015-8963/
www.suse.com/security/cve/CVE-2015-8964/
www.suse.com/security/cve/CVE-2016-10088/
www.suse.com/security/cve/CVE-2016-4470/
www.suse.com/security/cve/CVE-2016-4998/
www.suse.com/security/cve/CVE-2016-5696/
www.suse.com/security/cve/CVE-2016-5828/
www.suse.com/security/cve/CVE-2016-5829/
www.suse.com/security/cve/CVE-2016-6130/
www.suse.com/security/cve/CVE-2016-6327/
www.suse.com/security/cve/CVE-2016-6480/
www.suse.com/security/cve/CVE-2016-6828/
www.suse.com/security/cve/CVE-2016-7042/
www.suse.com/security/cve/CVE-2016-7097/
www.suse.com/security/cve/CVE-2016-7425/
www.suse.com/security/cve/CVE-2016-7910/
www.suse.com/security/cve/CVE-2016-7911/
www.suse.com/security/cve/CVE-2016-7913/
www.suse.com/security/cve/CVE-2016-7914/
www.suse.com/security/cve/CVE-2016-8399/
www.suse.com/security/cve/CVE-2016-8633/
www.suse.com/security/cve/CVE-2016-8645/
www.suse.com/security/cve/CVE-2016-8658/
www.suse.com/security/cve/CVE-2016-9083/
www.suse.com/security/cve/CVE-2016-9084/
www.suse.com/security/cve/CVE-2016-9756/
www.suse.com/security/cve/CVE-2016-9793/
www.suse.com/security/cve/CVE-2016-9806/
www.suse.com/security/cve/CVE-2017-2583/
www.suse.com/security/cve/CVE-2017-2584/
www.suse.com/security/cve/CVE-2017-5551/