The remote host is missing an update for the
# Copyright (C) 2018 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) of their respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.851795");
script_version("2020-01-31T08:23:39+0000");
script_tag(name:"last_modification", value:"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)");
script_tag(name:"creation_date", value:"2018-06-22 05:51:28 +0200 (Fri, 22 Jun 2018)");
script_cve_id("CVE-2017-13305", "CVE-2017-17741", "CVE-2017-18241", "CVE-2017-18249", "CVE-2018-1092", "CVE-2018-1093", "CVE-2018-1094", "CVE-2018-12233", "CVE-2018-3639", "CVE-2018-3665", "CVE-2018-5848");
script_tag(name:"cvss_base", value:"7.1");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_tag(name:"qod_type", value:"package");
script_name("openSUSE: Security Advisory for kernel (openSUSE-SU-2018:1773-1)");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The openSUSE Leap 42.3 was updated to 4.4.138
to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-3639: Systems with microprocessors utilizing speculative
execution and speculative execution of memory reads before the addresses
of all prior memory writes are known may allow unauthorized disclosure
of information to an attacker with local user access via a side-channel
analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1085308
bsc#1087082) This update improves the previous Spectre Variant 4 fixes
and also mitigates them on the ARM architecture.
- CVE-2018-3665: The FPU state and registers of x86 CPUs were saved and
restored in a lazy fashion, which opened its disclosure by speculative
side channel attacks. This has been fixed by replacing the lazy
save/restore by eager saving and restoring (bnc#1087086)
- CVE-2018-5848: In the function wmi_set_ie(), the length validation code
did not handle unsigned integer overflow properly. As a result, a large
value of the 'ie_len' argument can cause a buffer overflow (bnc#1097356).
- CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not
properly track an allocated nid, which allowed local users to cause a
denial of service (race condition) or possibly have unspecified other
impact via concurrent threads (bnc#1087036).
- CVE-2017-18241: fs/f2fs/segment.c kernel allowed local users to cause a
denial of service (NULL pointer dereference and panic) by using a
noflush_merge option that triggers a NULL value for a flush_cmd_control
data structure (bnc#1086400).
- CVE-2017-17741: The KVM implementation allowed attackers to obtain
potentially sensitive information from kernel memory, aka a write_mmio
stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and
include/trace/events/kvm.h (bnc#1073311 1091815).
- CVE-2017-13305: A information disclosure vulnerability in the
encrypted-keys. (bnc#1094353).
- CVE-2018-1093: The ext4_valid_block_bitmap function in fs/ext4/balloc.c
allowed attackers to cause a denial of service (out-of-bounds read and
system crash) via a crafted ext4 image because balloc.c and ialloc.c do
not validate bitmap block numbers (bnc#1087095).
- CVE-2018-1094: The ext4_fill_super function in fs/ext4/super.c did not
always initialize the crc32c checksum driver, which allowed attackers to
cause a denial of service (ext4_xattr_inode_hash NULL pointer
dereference and system crash) via a crafted ext4 image (bnc#1087007
1092903).
- CVE-2018-1092: The ext4_iget function in fs/ext4/inode.c mishand ...
Description truncated, please see the referenced URL(s) for more information.");
script_tag(name:"affected", value:"the on openSUSE Leap 42.3");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"openSUSE-SU", value:"2018:1773-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00040.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap42\.3");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap42.3") {
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-docs", rpm:"kernel-docs~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-docs-html", rpm:"kernel-docs-html~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-docs-pdf", rpm:"kernel-docs-pdf~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-macros", rpm:"kernel-macros~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-source-vanilla", rpm:"kernel-source-vanilla~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-base", rpm:"kernel-debug-base~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-base-debuginfo", rpm:"kernel-debug-base-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-debugsource", rpm:"kernel-debug-debugsource~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug-devel-debuginfo", rpm:"kernel-debug-devel-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-base-debuginfo", rpm:"kernel-default-base-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debuginfo", rpm:"kernel-default-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-debugsource", rpm:"kernel-default-debugsource~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-default-devel", rpm:"kernel-default-devel~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-obs-build", rpm:"kernel-obs-build~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-obs-build-debugsource", rpm:"kernel-obs-build-debugsource~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-obs-qa", rpm:"kernel-obs-qa~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla", rpm:"kernel-vanilla~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-base", rpm:"kernel-vanilla-base~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-base-debuginfo", rpm:"kernel-vanilla-base-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-debuginfo", rpm:"kernel-vanilla-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-debugsource", rpm:"kernel-vanilla-debugsource~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-vanilla-devel", rpm:"kernel-vanilla-devel~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kselftests-kmp-debug", rpm:"kselftests-kmp-debug~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kselftests-kmp-debug-debuginfo", rpm:"kselftests-kmp-debug-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kselftests-kmp-default", rpm:"kselftests-kmp-default~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kselftests-kmp-default-debuginfo", rpm:"kselftests-kmp-default-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kselftests-kmp-vanilla", rpm:"kselftests-kmp-vanilla~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kselftests-kmp-vanilla-debuginfo", rpm:"kselftests-kmp-vanilla-debuginfo~4.4.138~59.1", rls:"openSUSELeap42.3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);