The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed :
CVE-2018-5390 aka ‘SegmentSmack’: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340)
CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)
CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395)
CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash).
(bnc#1137194)
CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293)
CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a ‘double fetch’ vulnerability.
(bsc#1136922)
CVE-2019-11487: An attacker could have triggered use-after-free via page reference count overflow on slow filesystems with at least of 140 GiB of RAM available. (bnc#1133190)
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1870-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(126811);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/06");
script_cve_id(
"CVE-2018-20836",
"CVE-2018-5390",
"CVE-2018-7191",
"CVE-2019-11478",
"CVE-2019-11487",
"CVE-2019-12456",
"CVE-2019-12614",
"CVE-2019-12818"
);
script_xref(name:"CEA-ID", value:"CEA-2019-0456");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1870-1) (SACK Slowness)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed :
CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with
relatively low bandwidth could have caused lots of CPU usage by
triggering the worst case scenario during IP and/or TCP fragment
reassembly (bsc#1102340)
CVE-2018-7191: In the tun subsystem in the Linux kernel,
dev_get_valid_name was not called before register_netdevice. This
allowed local users to cause a denial of service (NULL pointer
dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
containing a / character. (bnc#1135603)
CVE-2018-20836: A race condition in smp_task_timedout() and
smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead
to a use-after-free. (bnc#1134395)
CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to
cause denial of service (a NULL pointer dereference and system crash).
(bnc#1137194)
CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may have returned NULL. If the caller did not
check for this, it would trigger a NULL pointer dereference. This
would cause denial of service. (bnc#1138293)
CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main()
allowed local users to cause a denial of service or possibly have
unspecified other impact by changing the value of ioc_number between
two kernel reads of that value, aka a 'double fetch' vulnerability.
(bsc#1136922)
CVE-2019-11487: An attacker could have triggered use-after-free via
page reference count overflow on slow filesystems with at least of 140
GiB of RAM available. (bnc#1133190)
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1102340");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112824");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130159");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133190");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134395");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136922");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137194");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138293");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1139751");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-20836/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-5390/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7191/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11487/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12456/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12614/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12818/");
# https://www.suse.com/support/update/announcement/2019/suse-su-20191870-1/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce50e84b");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2019-1870=1
SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-1870=1
SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
SUSE-SLE-Module-Public-Cloud-12-2019-1870=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/06");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-xen");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_118-default-1-2.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.118.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-base-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo |
novell | suse_linux | kernel-default-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-debuginfo |
novell | suse_linux | kernel-default-debugsource | p-cpe:/a:novell:suse_linux:kernel-default-debugsource |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-default-man | p-cpe:/a:novell:suse_linux:kernel-default-man |
novell | suse_linux | kernel-syms | p-cpe:/a:novell:suse_linux:kernel-syms |
novell | suse_linux | kernel-xen | p-cpe:/a:novell:suse_linux:kernel-xen |
novell | suse_linux | kernel-xen-base | p-cpe:/a:novell:suse_linux:kernel-xen-base |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20836
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12818
www.nessus.org/u?ce50e84b
bugzilla.suse.com/show_bug.cgi?id=1102340
bugzilla.suse.com/show_bug.cgi?id=1112824
bugzilla.suse.com/show_bug.cgi?id=1130159
bugzilla.suse.com/show_bug.cgi?id=1133190
bugzilla.suse.com/show_bug.cgi?id=1134395
bugzilla.suse.com/show_bug.cgi?id=1135603
bugzilla.suse.com/show_bug.cgi?id=1136922
bugzilla.suse.com/show_bug.cgi?id=1137194
bugzilla.suse.com/show_bug.cgi?id=1138293
bugzilla.suse.com/show_bug.cgi?id=1139751
www.suse.com/security/cve/CVE-2018-20836/
www.suse.com/security/cve/CVE-2018-5390/
www.suse.com/security/cve/CVE-2018-7191/
www.suse.com/security/cve/CVE-2019-11487/
www.suse.com/security/cve/CVE-2019-12456/
www.suse.com/security/cve/CVE-2019-12614/
www.suse.com/security/cve/CVE-2019-12818/