Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-1375-1.NASL
HistoryMay 23, 2018 - 12:00 a.m.

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1375-1) (Spectre)

2018-05-2300:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  • CVE-2018-3639: Information leaks using ‘Memory Disambiguation’ feature in modern CPUs were mitigated, aka ‘Spectre Variant 4’ (bnc#1087082). A new boot commandline option was introduced, ‘spec_store_bypass_disable’, which can have following values :

  • auto: Kernel detects whether your CPU model contains an implementation of Speculative Store Bypass and picks the most appropriate mitigation.

  • on: disable Speculative Store Bypass

  • off: enable Speculative Store Bypass

  • prctl: Control Speculative Store Bypass per thread via prctl. Speculative Store Bypass is enabled for a process by default. The state of the control is inherited on fork.

  • seccomp: Same as ‘prctl’ above, but all seccomp threads will disable SSB unless they explicitly opt out. The default is ‘seccomp’, meaning programs need explicit opt-in into the mitigation. Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypas s file, containing :

  • ‘Vulnerable’

  • ‘Mitigation: Speculative Store Bypass disabled’

  • ‘Mitigation: Speculative Store Bypass disabled via prctl’

  • ‘Mitigation: Speculative Store Bypass disabled via prctl and seccomp’

  • CVE-2018-1000199: An address corruption flaw was discovered while modifying a h/w breakpoint via ‘modify_user_hw_breakpoint’ routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)

  • CVE-2018-10675: The do_get_mempolicy function in mm/mempolicy.c allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls (bnc#1091755).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:1375-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(110040);
  script_version("1.9");
  script_cvs_date("Date: 2019/09/10 13:51:47");

  script_cve_id("CVE-2018-1000199", "CVE-2018-10675", "CVE-2018-3639");

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1375-1) (Spectre)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive
various security and bugfixes. The following security bugs were 
fixed :

  - CVE-2018-3639: Information leaks using 'Memory
    Disambiguation' feature in modern CPUs were mitigated,
    aka 'Spectre Variant 4' (bnc#1087082). A new boot
    commandline option was introduced,
    'spec_store_bypass_disable', which can have following
    values :

  - auto: Kernel detects whether your CPU model contains an
    implementation of Speculative Store Bypass and picks the
    most appropriate mitigation.

  - on: disable Speculative Store Bypass

  - off: enable Speculative Store Bypass

  - prctl: Control Speculative Store Bypass per thread via
    prctl. Speculative Store Bypass is enabled for a process
    by default. The state of the control is inherited on
    fork.

  - seccomp: Same as 'prctl' above, but all seccomp threads
    will disable SSB unless they explicitly opt out. The
    default is 'seccomp', meaning programs need explicit
    opt-in into the mitigation. Status can be queried via
    the
    /sys/devices/system/cpu/vulnerabilities/spec_store_bypas
    s file, containing :

  - 'Vulnerable'

  - 'Mitigation: Speculative Store Bypass disabled'

  - 'Mitigation: Speculative Store Bypass disabled via
    prctl'

  - 'Mitigation: Speculative Store Bypass disabled via prctl
    and seccomp'

  - CVE-2018-1000199: An address corruption flaw was
    discovered while modifying a h/w breakpoint via
    'modify_user_hw_breakpoint' routine, an unprivileged
    user/process could use this flaw to crash the system
    kernel resulting in DoS OR to potentially escalate
    privileges on a the system. (bsc#1089895)

  - CVE-2018-10675: The do_get_mempolicy function in
    mm/mempolicy.c allowed local users to cause a denial of
    service (use-after-free) or possibly have unspecified
    other impact via crafted system calls (bnc#1091755).

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1087082"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1087845"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1089895"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1091755"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1092497"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1093215"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1094019"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=985025"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-1000199/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-10675/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-3639/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20181375-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?2e0416a7"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2018-954=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2018-954=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
SUSE-SLE-Module-Public-Cloud-12-2018-954=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_93-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_93-xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/23");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_93-default-1-2.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_93-xen-1-2.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.93.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.93.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
novellsuse_linuxkernel-defaultp-cpe:/a:novell:suse_linux:kernel-default
novellsuse_linuxkernel-default-basep-cpe:/a:novell:suse_linux:kernel-default-base
novellsuse_linuxkernel-default-base-debuginfop-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo
novellsuse_linuxkernel-default-debuginfop-cpe:/a:novell:suse_linux:kernel-default-debuginfo
novellsuse_linuxkernel-default-debugsourcep-cpe:/a:novell:suse_linux:kernel-default-debugsource
novellsuse_linuxkernel-default-develp-cpe:/a:novell:suse_linux:kernel-default-devel
novellsuse_linuxkernel-default-manp-cpe:/a:novell:suse_linux:kernel-default-man
novellsuse_linuxkernel-symsp-cpe:/a:novell:suse_linux:kernel-syms
novellsuse_linuxkernel-xenp-cpe:/a:novell:suse_linux:kernel-xen
novellsuse_linuxkernel-xen-basep-cpe:/a:novell:suse_linux:kernel-xen-base
Rows per page:
1-10 of 171

Related

nessus 94
oraclelinux 9
redhatcve 2
f5 1
prion 2
debiancve 2
osv 2
ubuntucve 3
veracode 2
cve 2
suse 10
openvas 15
centos 3
redhat 33
almalinux 1
ibm 5
fedora 1
threatpost 1
ubuntu 2
virtuozzo 1
alpinelinux 1
slackware 1
zdt 1
photon 1
kaspersky 1
amazon 3
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1374-1) (Spectre)
2018-05-23 00:00:00
SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1368-1) (Spectre)
2018-05-23 00:00:00
SUSE SLES11 Security Update : kernel (SUSE-SU-2018:1376-1) (Spectre)
2018-05-23 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-06-07 00:00:00
kernel security and bug fix update
2018-07-10 00:00:00
kernel security update
2018-05-22 00:00:00
redhatcve
redhatcve
CVE-2018-10675
2019-10-26 12:49:19
CVE-2018-1000199
2020-04-08 04:57:34
f5
f5
K40540405 : Linux kernel vulnerability CVE-2018-10675
2020-12-23 00:00:00
prion
prion
Design/Logic Flaw
2018-05-02 18:29:00
Design/Logic Flaw
2018-05-24 13:29:00
debiancve
debiancve
CVE-2018-10675
2018-05-02 18:29:00
CVE-2018-1000199
2018-05-24 13:29:00
osv
osv
CVE-2018-10675
2018-05-02 18:29:00
xen - security update
2018-05-25 00:00:00
ubuntucve
ubuntucve
CVE-2018-10675
2018-05-02 00:00:00
CVE-2018-1000199
2018-05-01 00:00:00
CVE-2018-3639
2018-05-21 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:24:56
Memory Corruption
2019-01-15 09:23:06
cve
cve
CVE-2018-10675
2018-05-02 18:29:00
CVE-2018-1000199
2018-05-24 13:29:00
suse
suse
Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2) (important)
2018-05-12 00:27:56
Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP2) (important)
2018-05-12 00:17:04
Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP3) (important)
2018-05-12 00:08:59
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1266)
2020-01-23 00:00:00
CentOS Update for kernel CESA-2018:2164 centos6
2018-07-14 00:00:00
Ubuntu Update for qemu USN-3679-1
2018-06-13 00:00:00
centos
centos
kernel, perf, python security update
2018-07-13 16:57:08
libvirt security update
2018-07-03 18:53:48
java security update
2018-05-22 18:16:51
redhat
redhat
(RHSA-2018:2164) Important: kernel security and bug fix update
2018-07-10 15:33:47
(RHSA-2018:3407) Important: libvirt security update
2018-10-30 14:56:41
(RHSA-2018:3396) Important: libvirt security update
2018-10-30 11:46:47
almalinux
almalinux
java-1.8.0-openjdk bug fix and enhancement update
2021-01-21 10:00:00
ibm
ibm
Security Bulletin: a CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis known as Variant 4 or SpectreNG vulnerability affects IBM
2018-12-19 20:55:02
Security Bulletin: IBM Resilient recommends the underlying operating system on Resilient servers be upgraded in response to the vulnerabilities known as SpectreNG (CVE-2018-3639)
2021-04-19 21:33:34
Security Bulletin: Speculative Store Bypass (SSB) vulnerability also known as SpectreNG or Variant 4 affects IBM Spectrum Protect Plus (CVE-2018-3639)
2019-06-27 18:55:02
fedora
fedora
[SECURITY] Fedora 28 Update: libvirt-4.1.0-3.fc28
2018-06-21 15:02:29
threatpost
threatpost
Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4
2018-05-24 15:18:03
ubuntu
ubuntu
Linux kernel vulnerability
2018-05-22 00:00:00
QEMU update
2018-05-21 00:00:00
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3639; new kernel 2.6.32-042stab130.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-05-23 00:00:00
alpinelinux
alpinelinux
CVE-2018-3639
2018-05-22 12:29:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-07-27 21:57:40
zdt
zdt
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit
2018-05-23 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0151
2018-06-22 00:00:00
kaspersky
kaspersky
KLA11893 Microsoft Advisory for Microsoft Products (ESU)
2018-05-21 00:00:00
amazon
amazon
Important: java-1.8.0-openjdk
2018-06-08 18:10:00
Important: java-1.7.0-openjdk
2018-06-08 18:05:00
Important: java-1.7.0-openjdk
2018-06-08 18:32:00
JSON
Related for SUSE_SU-2018-1375-1.NASL
nessus94oraclelinux9redhatcve2f51prion2debiancve2osv2ubuntucve3veracode2cve2suse10openvas15centos3redhat33almalinux1ibm5fedora1threatpost1ubuntu2virtuozzo1alpinelinux1slackware1zdt1photon1kaspersky1amazon3