Security Advisory for SUSE Linux kernel update with security and bugfixe
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
Tenable Nessus | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0529-1) | 20 May 201500:00 | – | nessus |
Tenable Nessus | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3088) | 14 Nov 201400:00 | – | nessus |
Tenable Nessus | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3089) | 19 Nov 201400:00 | – | nessus |
Tenable Nessus | F5 Networks BIG-IP : Linux kernel SCTP vulnerabilities (K15910) | 16 Dec 201400:00 | – | nessus |
Tenable Nessus | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3087) | 14 Nov 201400:00 | – | nessus |
Tenable Nessus | openSUSE Security Update : the Linux Kernel (openSUSE-2015-301) | 14 Apr 201500:00 | – | nessus |
Tenable Nessus | RHEL 6 : kernel (RHSA-2015:0115) | 4 Feb 201500:00 | – | nessus |
Tenable Nessus | RHEL 6 : kernel (RHSA-2015:0043) | 14 Jan 201500:00 | – | nessus |
Tenable Nessus | Ubuntu 12.04 LTS : linux vulnerabilities (USN-2541-1) | 25 Mar 201500:00 | – | nessus |
Tenable Nessus | Oracle Linux 6 : kernel (ELSA-2015-0674) | 12 Mar 201500:00 | – | nessus |
# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.850978");
script_version("2023-03-24T10:19:42+0000");
script_tag(name:"last_modification", value:"2023-03-24 10:19:42 +0000 (Fri, 24 Mar 2023)");
script_tag(name:"creation_date", value:"2015-10-16 15:28:17 +0200 (Fri, 16 Oct 2015)");
script_cve_id("CVE-2014-3673", "CVE-2014-3687", "CVE-2014-7822", "CVE-2014-7841", "CVE-2014-8160", "CVE-2014-8559", "CVE-2014-9419", "CVE-2014-9584");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-08-10 13:29:00 +0000 (Mon, 10 Aug 2020)");
script_tag(name:"qod_type", value:"package");
script_name("SUSE: Security Advisory for kernel (SUSE-SU-2015:0529-1)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The SUSE Linux Enterprise 12 kernel was updated to 3.12.38 to receive
various security and bugfixes.
This update contains the following feature enablements:
- The remote block device (rbd) and ceph drivers have been enabled and are
now supported. (FATE#318350) These can be used e.g. for accessing the
SUSE Enterprise Storage product services.
- Support for Intel Select Bay trail CPUs has been added. (FATE#316038)
The following security issues were fixed:
- CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c
in the Linux kernel through 3.18.1 did not ensure that Thread Local
Storage (TLS) descriptors were loaded before proceeding with other
steps, which made it easier for local users to bypass the ASLR
protection mechanism via a crafted application that reads a TLS base
address (bnc#911326).
- CVE-2014-7822: A flaw was found in the way the Linux kernels splice()
system call validated its parameters. On certain file systems, a local,
unprivileged user could have used this flaw to write past the maximum
file size, and thus crash the system.
- CVE-2014-8160: The connection tracking module could be bypassed if a
specific protocol module was not loaded, e.g. allowing SCTP traffic
while the firewall should have filtered it.
- CVE-2014-9584: The parse_rock_ridge_inode_internal function in
fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a
length value in the Extensions Reference (ER) System Use Field, which
allowed local users to obtain sensitive information from kernel memory
via a crafted iso9660 image (bnc#912654).
The following non-security bugs were fixed:
- audit: Allow login in non-init namespaces (bnc#916107).
- btrfs: avoid unnecessary switch of path locks to blocking mode.
- btrfs: fix directory inconsistency after fsync log replay (bnc#915425).
- btrfs: fix fsync log replay for inodes with a mix of regular refs and
extrefs (bnc#915425).
- btrfs: fix fsync race leading to ordered extent memory leaks
(bnc#917128).
- btrfs: fix fsync when extend references are added to an inode
(bnc#915425).
- btrfs: fix missing error handler if submitting re-read bio fails.
- btrfs: fix race between transaction commit and empty block group removal
(bnc#915550).
- btrfs: fix scrub race leading to use-after-free (bnc#915456).
- btrfs: fix setup_leaf_for_split() to avoid leaf corruption (bnc#915454).
- btrfs: improve free space cache management and space allocation.
- btrfs: make btrfs_search_forward return with nodes unlocked.
- btrfs: ...
Description truncated, please see the referenced URL(s) for more information.");
script_tag(name:"affected", value:"kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"SUSE-SU", value:"2015:0529-1");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2015 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=(SLED12\.0SP0|SLES12\.0SP0)");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLED12.0SP0") {
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-extra", rpm:"kernel-default-extra~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-extra-debuginfo", rpm:"kernel-default-extra-debuginfo~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-debugsource", rpm:"kernel-xen-debugsource~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-macros", rpm:"kernel-macros~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~3.12.38~44.1", rls:"SLED12.0SP0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP0") {
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base-debuginfo", rpm:"kernel-default-base-debuginfo~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-base-debuginfo", rpm:"kernel-xen-base-debuginfo~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-debugsource", rpm:"kernel-xen-debugsource~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-macros", rpm:"kernel-macros~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-man", rpm:"kernel-default-man~3.12.38~44.1", rls:"SLES12.0SP0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo