ID OPENVAS:1361412562310872111 Type openvas Reporter Copyright (C) 2016 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for kernel FEDORA-2016-9c17cb9648
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.872111");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2016-12-10 06:34:49 +0100 (Sat, 10 Dec 2016)");
script_cve_id("CVE-2016-9777", "CVE-2016-9756", "CVE-2016-9755");
script_tag(name:"cvss_base", value:"6.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"qod_type", value:"package");
script_name("Fedora Update for kernel FEDORA-2016-9c17cb9648");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"affected", value:"kernel on Fedora 23");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_xref(name:"FEDORA", value:"2016-9c17cb9648");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W62BKU2OQ2SYVREJ4B5HIB7I64F7SIFR");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC23");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC23")
{
if ((res = isrpmvuln(pkg:"kernel", rpm:"kernel~4.8.12~100.fc23", rls:"FC23")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310872111", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for kernel FEDORA-2016-9c17cb9648", "description": "The remote host is missing an update for the ", "published": "2016-12-10T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872111", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W62BKU2OQ2SYVREJ4B5HIB7I64F7SIFR", "2016-9c17cb9648"], "cvelist": ["CVE-2016-9777", "CVE-2016-9756", "CVE-2016-9755"], "lastseen": "2019-05-29T18:35:37", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-9756", "CVE-2016-9755", "CVE-2016-9777"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843012", "OPENVAS:1361412562310843017", "OPENVAS:1361412562310843050", "OPENVAS:1361412562310843014", "OPENVAS:1361412562310872115", "OPENVAS:1361412562310843010", "OPENVAS:1361412562310843041", "OPENVAS:1361412562310872105", "OPENVAS:1361412562310843019", "OPENVAS:1361412562310851465"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3169-1.NASL", "FEDORA_2016-9C17CB9648.NASL", "UBUNTU_USN-3190-2.NASL", "UBUNTU_USN-3170-1.NASL", "UBUNTU_USN-3167-1.NASL", "FEDORA_2016-5EC2475E3F.NASL", "OPENSUSE-2017-1.NASL", "UBUNTU_USN-3190-1.NASL", "FEDORA_2016-BBE98C341C.NASL", "UBUNTU_USN-3169-2.NASL"]}, {"type": "fedora", "idList": ["FEDORA:EEB386177DBB", "FEDORA:D6CE3608F49C", "FEDORA:2AD3261A18E6"]}, {"type": "suse", "idList": ["SUSE-SU-2017:0494-1", "SUSE-SU-2017:0333-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:0407-1", "OPENSUSE-SU-2017:0002-1", "SUSE-SU-2017:0471-1", "SUSE-SU-2017:0437-1", "SUSE-SU-2017:1102-1"]}, {"type": "ubuntu", "idList": ["USN-3167-1", "USN-3169-2", "USN-3190-1", "USN-3170-1", "USN-3168-1", "USN-3167-2", "USN-3359-1", "USN-3168-2", "USN-3169-1", "USN-3190-2"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:10916BBD941416F67134F1200DE97709"]}, {"type": "debian", "idList": ["DEBIAN:DLA-772-1:EB721"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3533"]}], "modified": "2019-05-29T18:35:37", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2019-05-29T18:35:37", "rev": 2}, "vulnersScore": 7.4}, "pluginID": "1361412562310872111", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-9c17cb9648\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872111\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-10 06:34:49 +0100 (Sat, 10 Dec 2016)\");\n script_cve_id(\"CVE-2016-9777\", \"CVE-2016-9756\", \"CVE-2016-9755\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-9c17cb9648\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9c17cb9648\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W62BKU2OQ2SYVREJ4B5HIB7I64F7SIFR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.12~100.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T06:28:14", "description": "KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.", "edition": 6, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2016-12-28T07:59:00", "title": "CVE-2016-9777", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9777"], "modified": "2016-12-31T02:59:00", "cpe": ["cpe:/o:linux:linux_kernel:4.8.11"], "id": "CVE-2016-9777", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9777", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.8.11:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:14", "description": "The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-28T07:59:00", "title": "CVE-2016-9755", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9755"], "modified": "2018-08-13T21:47:00", "cpe": ["cpe:/o:linux:linux_kernel:4.8.15"], "id": "CVE-2016-9755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9755", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.8.15:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:14", "description": "arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2016-12-28T07:59:00", "title": "CVE-2016-9756", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9756"], "modified": "2017-01-07T03:00:00", "cpe": ["cpe:/o:linux:linux_kernel:4.8.11"], "id": "CVE-2016-9756", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9756", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.8.11:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9755", "CVE-2016-9756", "CVE-2016-9777"], "description": "The kernel meta package ", "modified": "2016-12-09T22:30:59", "published": "2016-12-09T22:30:59", "id": "FEDORA:EEB386177DBB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.8.12-300.fc25", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9755", "CVE-2016-9756", "CVE-2016-9777"], "description": "The kernel meta package ", "modified": "2016-12-10T02:52:57", "published": "2016-12-10T02:52:57", "id": "FEDORA:D6CE3608F49C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: kernel-4.8.12-100.fc23", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9755", "CVE-2016-9756", "CVE-2016-9777"], "description": "The kernel meta package ", "modified": "2016-12-10T00:29:24", "published": "2016-12-10T00:29:24", "id": "FEDORA:2AD3261A18E6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.8.12-200.fc24", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-9756", "CVE-2016-9755"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-10T00:00:00", "id": "OPENVAS:1361412562310872105", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872105", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-5ec2475e3f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-5ec2475e3f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872105\");\n script_version(\"$Revision: 14225 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 15:32:03 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-10 06:34:34 +0100 (Sat, 10 Dec 2016)\");\n script_cve_id(\"CVE-2016-9777\", \"CVE-2016-9756\", \"CVE-2016-9755\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-5ec2475e3f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-5ec2475e3f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y67Z5IJ7QTUND46T7NZDKD23RC2YVB2F\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.12~200.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-9756", "CVE-2016-9755"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-10T00:00:00", "id": "OPENVAS:1361412562310872115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872115", "type": "openvas", "title": "Fedora Update for kernel FEDORA-2016-bbe98c341c", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for kernel FEDORA-2016-bbe98c341c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872115\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-10 06:34:54 +0100 (Sat, 10 Dec 2016)\");\n script_cve_id(\"CVE-2016-9777\", \"CVE-2016-9756\", \"CVE-2016-9755\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel FEDORA-2016-bbe98c341c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"kernel on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-bbe98c341c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKRWCRC4V4B2BGTVNUQVC62LBTG27FB5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.8.12~300.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:27:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9756"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-01-04T00:00:00", "id": "OPENVAS:1361412562310851465", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851465", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0002-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851465\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-04 09:00:44 +0100 (Wed, 04 Jan 2017)\");\n script_cve_id(\"CVE-2016-9756\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:0002-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 42.1 kernel was updated\n to receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2016-9756: KVM: x86: drop error recovery in em_jmp_far and\n em_ret_far (bsc#1013038).\n\n The following non-security bugs were fixed:\n\n - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression\n (bsc#1014943).\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0002-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.1.36~44.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.1.36~44.3\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv\", rpm:\"kernel-pv~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base\", rpm:\"kernel-pv-base~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-base-debuginfo\", rpm:\"kernel-pv-base-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debuginfo\", rpm:\"kernel-pv-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-debugsource\", rpm:\"kernel-pv-debugsource~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pv-devel\", rpm:\"kernel-pv-devel~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.1.36~44.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.1.36~44.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.1.36~44.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~4.1.36~44.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9794", "CVE-2016-9756"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-01-12T00:00:00", "id": "OPENVAS:1361412562310843019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843019", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-3167-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-3167-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843019\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-12 05:38:53 +0100 (Thu, 12 Jan 2017)\");\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9794\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-3167-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Dmitry Vyukov discovered that the KVM\n implementation in the Linux kernel did not properly initialize the Code Segment\n (CS) in certain error cases. A local attacker could use this to expose sensitive\n information (kernel memory). (CVE-2016-9756)\n\nBaozeng Ding discovered a race condition that could lead to a use-after-\nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2016-9794)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3167-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3167-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1498-omap4\", ver:\"3.2.0-1498.125\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-omap4\", ver:\"3.2.0.1498.93\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9794", "CVE-2016-9756"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-01-12T00:00:00", "id": "OPENVAS:1361412562310843012", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843012", "type": "openvas", "title": "Ubuntu Update for linux USN-3167-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3167-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843012\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-12 05:38:35 +0100 (Thu, 12 Jan 2017)\");\n script_cve_id(\"CVE-2016-9794\", \"CVE-2016-9756\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3167-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Dmitry Vyukov discovered that the KVM\n implementation in the Linux kernel did not properly initialize the Code Segment\n (CS) in certain error cases. A local attacker could use this to expose sensitive\n information (kernel memory).\n\nBaozeng Ding discovered a race condition that could lead to a use-after-\nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2016-9794)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3167-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3167-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-120-generic\", ver:\"3.2.0-120.163\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-120-generic-pae\", ver:\"3.2.0-120.163\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-120-highbank\", ver:\"3.2.0-120.163\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-120-omap\", ver:\"3.2.0-120.163\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-120-powerpc-smp\", ver:\"3.2.0-120.163\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-120-powerpc64-smp\", ver:\"3.2.0-120.163\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-120-virtual\", ver:\"3.2.0-120.163\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.2.0.120.135\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-pae\", ver:\"3.2.0.120.135\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-highbank\", ver:\"3.2.0.120.135\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-omap\", ver:\"3.2.0.120.135\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.2.0.120.135\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.2.0.120.135\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"3.2.0.120.135\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9793", "CVE-2016-9756"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-01-12T00:00:00", "id": "OPENVAS:1361412562310843017", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843017", "type": "openvas", "title": "Ubuntu Update for linux USN-3170-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3170-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843017\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-12 05:38:46 +0100 (Thu, 12 Jan 2017)\");\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3170-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Dmitry Vyukov discovered that the KVM\n implementation in the Linux kernel did not properly initialize the Code Segment\n (CS) in certain error cases. A local attacker could use this to expose sensitive\n information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the\nsetsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability\ncould use this to cause a denial of service (system crash or memory\ncorruption). (CVE-2016-9793)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3170-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3170-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-34-generic\", ver:\"4.8.0-34.36\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-34-generic-lpae\", ver:\"4.8.0-34.36\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-34-lowlatency\", ver:\"4.8.0-34.36\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-34-powerpc-e500mc\", ver:\"4.8.0-34.36\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-34-powerpc-smp\", ver:\"4.8.0-34.36\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-34-powerpc64-emb\", ver:\"4.8.0-34.36\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.8.0.34.43\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.8.0.34.43\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.8.0.34.43\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.8.0.34.43\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.8.0.34.43\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.8.0.34.43\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-01-12T00:00:00", "id": "OPENVAS:1361412562310843014", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843014", "type": "openvas", "title": "Ubuntu Update for linux USN-3169-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3169-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843014\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-12 05:38:39 +0100 (Thu, 12 Jan 2017)\");\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3169-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Dmitry Vyukov discovered that the KVM\n implementation in the Linux kernel did not properly initialize the Code Segment\n (CS) in certain error cases. A local attacker could use this to expose sensitive\n information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the\nsetsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability\ncould use this to cause a denial of service (system crash or memory\ncorruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after-\nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2016-9794)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3169-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3169-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-generic\", ver:\"4.4.0-59.80\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-generic-lpae\", ver:\"4.4.0-59.80\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-lowlatency\", ver:\"4.4.0-59.80\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-powerpc-e500mc\", ver:\"4.4.0-59.80\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-powerpc-smp\", ver:\"4.4.0-59.80\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-powerpc64-emb\", ver:\"4.4.0-59.80\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-powerpc64-smp\", ver:\"4.4.0-59.80\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.59.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.59.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.59.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.59.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.59.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.59.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.59.62\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-01-12T00:00:00", "id": "OPENVAS:1361412562310843010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843010", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3169-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-xenial USN-3169-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843010\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-12 05:38:29 +0100 (Thu, 12 Jan 2017)\");\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-xenial USN-3169-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-xenial'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3169-1 fixed vulnerabilities in the Linux\n kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the\n Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n 14.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\ndid not properly initialize the Code Segment (CS) in certain error cases. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the\nsetsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability\ncould use this to cause a denial of service (system crash or memory\ncorruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after-\nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2016-9794)\");\n script_tag(name:\"affected\", value:\"linux-lts-xenial on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3169-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3169-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-generic\", ver:\"4.4.0-59.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-generic-lpae\", ver:\"4.4.0-59.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-lowlatency\", ver:\"4.4.0-59.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-powerpc-e500mc\", ver:\"4.4.0-59.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-powerpc-smp\", ver:\"4.4.0-59.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-powerpc64-emb\", ver:\"4.4.0-59.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-59-powerpc64-smp\", ver:\"4.4.0-59.80~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.59.46\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.59.46\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.59.46\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.59.46\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.59.46\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.59.46\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.59.46\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-10147", "CVE-2016-10150"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-02-04T00:00:00", "id": "OPENVAS:1361412562310843041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843041", "type": "openvas", "title": "Ubuntu Update for linux USN-3190-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3190-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843041\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-04 05:46:31 +0100 (Sat, 04 Feb 2017)\");\n script_cve_id(\"CVE-2016-10147\", \"CVE-2016-10150\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-9777\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3190-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mikulas Patocka discovered that the asynchronous\n multibuffer cryptographic daemon (mcryptd) in the Linux kernel did not properly\n handle being invoked with incompatible algorithms. A local attacker could use this\n to cause a denial of service (system crash). (CVE-2016-10147)\n\nIt was discovered that a use-after-free existed in the KVM subsystem of\nthe Linux kernel when creating devices. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-10150)\n\nQidan He discovered that the ICMP implementation in the Linux kernel did\nnot properly check the size of an ICMP header. A local attacker with\nCAP_NET_ADMIN could use this to expose sensitive information.\n(CVE-2016-8399)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()\nfunction in the Linux kernel. A local attacker could use to cause a denial\nof service (system crash) or possible execute arbitrary code with\nadministrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\ndid not properly restrict the VCPU index when I/O APIC is enabled, An\nattacker in a guest VM could use this to cause a denial of service (system\ncrash) or possibly gain privileges in the host OS. (CVE-2016-9777)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3190-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3190-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-37-generic\", ver:\"4.8.0-37.39\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-37-generic-lpae\", ver:\"4.8.0-37.39\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-37-lowlatency\", ver:\"4.8.0-37.39\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-37-powerpc-e500mc\", ver:\"4.8.0-37.39\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-37-powerpc-smp\", ver:\"4.8.0-37.39\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-37-powerpc64-emb\", ver:\"4.8.0-37.39\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.8.0.37.46\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.8.0.37.46\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.8.0.37.46\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.8.0.37.46\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.8.0.37.46\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.8.0.37.46\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-10147", "CVE-2016-10150"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-02-10T00:00:00", "id": "OPENVAS:1361412562310843050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843050", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3190-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3190-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843050\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-02-10 05:51:10 +0100 (Fri, 10 Feb 2017)\");\n script_cve_id(\"CVE-2016-10147\", \"CVE-2016-10150\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-9777\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3190-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Mikulas Patocka discovered that the asynchronous multibuffer cryptographic\ndaemon (mcryptd) in the Linux kernel did not properly handle being invoked\nwith incompatible algorithms. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-10147)\n\nIt was discovered that a use-after-free existed in the KVM subsystem of\nthe Linux kernel when creating devices. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-10150)\n\nQidan He discovered that the ICMP implementation in the Linux kernel did\nnot properly check the size of an ICMP header. A local attacker with\nCAP_NET_ADMIN could use this to expose sensitive information.\n(CVE-2016-8399)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build()\nfunction in the Linux kernel. A local attacker could use to cause a denial\nof service (system crash) or possible execute arbitrary code with\nadministrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel\ndid not properly restrict the VCPU index when I/O APIC is enabled, An\nattacker in a guest VM could use this to cause a denial of service (system\ncrash) or possibly gain privileges in the host OS. (CVE-2016-9777)\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 16.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3190-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3190-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.8.0-1024-raspi2\", ver:\"4.8.0-1024.27\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.8.0.1024.27\", rls:\"UBUNTU16.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:14:44", "description": "The 4.8.12 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-12T00:00:00", "title": "Fedora 25 : kernel (2016-bbe98c341c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-9756", "CVE-2016-9755"], "modified": "2016-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-BBE98C341C.NASL", "href": "https://www.tenable.com/plugins/nessus/95685", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-bbe98c341c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95685);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9755\", \"CVE-2016-9756\", \"CVE-2016-9777\");\n script_xref(name:\"FEDORA\", value:\"2016-bbe98c341c\");\n\n script_name(english:\"Fedora 25 : kernel (2016-bbe98c341c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.12 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-bbe98c341c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9755\", \"CVE-2016-9756\", \"CVE-2016-9777\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-bbe98c341c\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.8.12-300.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:35", "description": "The 4.8.12 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-12T00:00:00", "title": "Fedora 23 : kernel (2016-9c17cb9648)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-9756", "CVE-2016-9755"], "modified": "2016-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-9C17CB9648.NASL", "href": "https://www.tenable.com/plugins/nessus/95680", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-9c17cb9648.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95680);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9755\", \"CVE-2016-9756\", \"CVE-2016-9777\");\n script_xref(name:\"FEDORA\", value:\"2016-9c17cb9648\");\n\n script_name(english:\"Fedora 23 : kernel (2016-9c17cb9648)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.12 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c17cb9648\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9755\", \"CVE-2016-9756\", \"CVE-2016-9777\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-9c17cb9648\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.8.12-100.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:14:17", "description": "The 4.8.12 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-12T00:00:00", "title": "Fedora 24 : kernel (2016-5ec2475e3f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-9756", "CVE-2016-9755"], "modified": "2016-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-5EC2475E3F.NASL", "href": "https://www.tenable.com/plugins/nessus/95676", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-5ec2475e3f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95676);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9755\", \"CVE-2016-9756\", \"CVE-2016-9777\");\n script_xref(name:\"FEDORA\", value:\"2016-5ec2475e3f\");\n\n script_name(english:\"Fedora 24 : kernel (2016-5ec2475e3f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.12 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9755\", \"CVE-2016-9756\", \"CVE-2016-9777\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-5ec2475e3f\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.8.12-200.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:31:02", "description": "The openSUSE 42.1 kernel was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9756: KVM: x86: drop error recovery in\n em_jmp_far and em_ret_far (bsc#1013038).\n\nThe following non-security bugs were fixed :\n\n - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to\n avoid regression (bsc#1014943).", "edition": 17, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-01-03T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9756"], "modified": "2017-01-03T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"], "id": "OPENSUSE-2017-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96249", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96249);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9756\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1)\");\n script_summary(english:\"Check for the openSUSE-2017-1 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 42.1 kernel was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-9756: KVM: x86: drop error recovery in\n em_jmp_far and em_ret_far (bsc#1013038).\n\nThe following non-security bugs were fixed :\n\n - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to\n avoid regression (bsc#1014943).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014943\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.36-44.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.36-44.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.36-44.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.36-44.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.36-44.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.36-44.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-01T07:31:48", "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-12T00:00:00", "title": "Ubuntu 16.10 : linux vulnerabilities (USN-3170-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9793", "CVE-2016-9756"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3170-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96443", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3170-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96443);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\");\n script_xref(name:\"USN\", value:\"3170-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux vulnerabilities (USN-3170-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3170-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9756\", \"CVE-2016-9793\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3170-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-34-generic\", pkgver:\"4.8.0-34.36\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-34-generic-lpae\", pkgver:\"4.8.0-34.36\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-34-lowlatency\", pkgver:\"4.8.0-34.36\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.34.43\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.34.43\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.34.43\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:31:46", "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory).\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-12T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-3167-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9794", "CVE-2016-9756"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3167-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96436", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3167-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96436);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9794\");\n script_xref(name:\"USN\", value:\"3167-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-3167-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory).\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3167-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9756\", \"CVE-2016-9794\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3167-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-120-generic\", pkgver:\"3.2.0-120.163\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-120-generic-pae\", pkgver:\"3.2.0-120.163\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-120-highbank\", pkgver:\"3.2.0-120.163\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-120-virtual\", pkgver:\"3.2.0-120.163\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic\", pkgver:\"3.2.0.120.135\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-pae\", pkgver:\"3.2.0.120.135\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-highbank\", pkgver:\"3.2.0.120.135\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-virtual\", pkgver:\"3.2.0.120.135\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:31:47", "description": "USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-12T00:00:00", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3169-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3169-2.NASL", "href": "https://www.tenable.com/plugins/nessus/96440", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3169-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96440);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n script_xref(name:\"USN\", value:\"3169-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3169-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3169-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3169-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-59-generic\", pkgver:\"4.4.0-59.80~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-59-generic-lpae\", pkgver:\"4.4.0-59.80~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-59-lowlatency\", pkgver:\"4.4.0-59.80~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.59.46\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.59.46\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.59.46\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:31:47", "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-01-12T00:00:00", "title": "Ubuntu 16.04 LTS : linux vulnerabilities (USN-3169-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3169-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96439", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3169-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96439);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n script_xref(name:\"USN\", value:\"3169-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux vulnerabilities (USN-3169-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly initialize the Code Segment (CS) in certain\nerror cases. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in\nthe setsockopt() system call when handling the SO_SNDBUFFORCE and\nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN\ncapability could use this to cause a denial of service (system crash\nor memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a\nuse-after- free in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-9794).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3169-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3169-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-59-generic\", pkgver:\"4.4.0-59.80\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-59-generic-lpae\", pkgver:\"4.4.0-59.80\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-59-lowlatency\", pkgver:\"4.4.0-59.80\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.59.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.59.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.59.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:31:57", "description": "Mikulas Patocka discovered that the asynchronous multibuffer\ncryptographic daemon (mcryptd) in the Linux kernel did not properly\nhandle being invoked with incompatible algorithms. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-10147)\n\nIt was discovered that a use-after-free existed in the KVM susbsystem\nof the Linux kernel when creating devices. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-10150)\n\nQidan He discovered that the ICMP implementation in the Linux kernel\ndid not properly check the size of an ICMP header. A local attacker\nwith CAP_NET_ADMIN could use this to expose sensitive information.\n(CVE-2016-8399)\n\nQian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possible execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly restrict the VCPU index when I/O APIC is\nenabled, An attacker in a guest VM could use this to cause a denial of\nservice (system crash) or possibly gain privileges in the host OS.\n(CVE-2016-9777).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-06T00:00:00", "title": "Ubuntu 16.10 : linux vulnerabilities (USN-3190-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-10147", "CVE-2016-10150"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3190-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3190-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97018);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-10147\", \"CVE-2016-10150\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-9777\");\n script_xref(name:\"USN\", value:\"3190-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux vulnerabilities (USN-3190-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mikulas Patocka discovered that the asynchronous multibuffer\ncryptographic daemon (mcryptd) in the Linux kernel did not properly\nhandle being invoked with incompatible algorithms. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-10147)\n\nIt was discovered that a use-after-free existed in the KVM susbsystem\nof the Linux kernel when creating devices. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-10150)\n\nQidan He discovered that the ICMP implementation in the Linux kernel\ndid not properly check the size of an ICMP header. A local attacker\nwith CAP_NET_ADMIN could use this to expose sensitive information.\n(CVE-2016-8399)\n\nQian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possible execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly restrict the VCPU index when I/O APIC is\nenabled, An attacker in a guest VM could use this to cause a denial of\nservice (system crash) or possibly gain privileges in the host OS.\n(CVE-2016-9777).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3190-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10147\", \"CVE-2016-10150\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-9777\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3190-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-37-generic\", pkgver:\"4.8.0-37.39\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-37-generic-lpae\", pkgver:\"4.8.0-37.39\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-37-lowlatency\", pkgver:\"4.8.0-37.39\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.37.46\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.37.46\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.37.46\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:31:57", "description": "Mikulas Patocka discovered that the asynchronous multibuffer\ncryptographic daemon (mcryptd) in the Linux kernel did not properly\nhandle being invoked with incompatible algorithms. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-10147)\n\nIt was discovered that a use-after-free existed in the KVM susbsystem\nof the Linux kernel when creating devices. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-10150)\n\nQidan He discovered that the ICMP implementation in the Linux kernel\ndid not properly check the size of an ICMP header. A local attacker\nwith CAP_NET_ADMIN could use this to expose sensitive information.\n(CVE-2016-8399)\n\nQian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possible execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly restrict the VCPU index when I/O APIC is\nenabled, An attacker in a guest VM could use this to cause a denial of\nservice (system crash) or possibly gain privileges in the host OS.\n(CVE-2016-9777).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-10T00:00:00", "title": "Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3190-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9777", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-10147", "CVE-2016-10150"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3190-2.NASL", "href": "https://www.tenable.com/plugins/nessus/97098", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3190-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97098);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:46\");\n\n script_cve_id(\"CVE-2016-10147\", \"CVE-2016-10150\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-9777\");\n script_xref(name:\"USN\", value:\"3190-2\");\n\n script_name(english:\"Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3190-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mikulas Patocka discovered that the asynchronous multibuffer\ncryptographic daemon (mcryptd) in the Linux kernel did not properly\nhandle being invoked with incompatible algorithms. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-10147)\n\nIt was discovered that a use-after-free existed in the KVM susbsystem\nof the Linux kernel when creating devices. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-10150)\n\nQidan He discovered that the ICMP implementation in the Linux kernel\ndid not properly check the size of an ICMP header. A local attacker\nwith CAP_NET_ADMIN could use this to expose sensitive information.\n(CVE-2016-8399)\n\nQian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possible execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel did not properly restrict the VCPU index when I/O APIC is\nenabled, An attacker in a guest VM could use this to cause a denial of\nservice (system crash) or possibly gain privileges in the host OS.\n(CVE-2016-9777).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3190-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.8-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-10147\", \"CVE-2016-10150\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-9777\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3190-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1024-raspi2\", pkgver:\"4.8.0-1024.27\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1024.27\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-01-02T18:05:42", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9756"], "edition": 1, "description": "The openSUSE 42.1 kernel was updated to receive various security and\n bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2016-9756: KVM: x86: drop error recovery in em_jmp_far and\n em_ret_far (bsc#1013038).\n\n The following non-security bugs were fixed:\n\n - scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression\n (bsc#1014943).\n\n", "modified": "2017-01-02T11:07:14", "published": "2017-01-02T11:07:14", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html", "id": "OPENSUSE-SU-2017:0002-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-02-09T20:59:58", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7910", "CVE-2016-8633", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-7911", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2016-7916", "CVE-2016-9555", "CVE-2017-5551", "CVE-2016-5696", "CVE-2016-8632", "CVE-2004-0230", "CVE-2016-9685", "CVE-2013-6368", "CVE-2015-1350", "CVE-2012-6704", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-8646"], "edition": 1, "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to\n receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs\n (bsc#1021258).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations\n or cause a denial of service (use-after-free) by leveraging access to a\n /dev/sg device NOTE: this vulnerability existed because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2016-5696: TCP, when using a large Window Size, made it easier for\n remote attackers to guess sequence numbers and cause a denial of service\n (connection loss) to persistent TCP connections by repeatedly injecting\n a TCP RST packet, especially in protocols that use long-lived\n connections, such as BGP (bnc#989152).\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an\n incomplete set of requirements for setattr\n operations that underspecified removing extended privilege attributes,\n which allowed local users to cause a denial\n of service (capability stripping) via a failed invocation of a system\n call, as demonstrated by using chown to remove a capability from the\n ping or Wireshark dumpcap program (bnc#914939).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel\n networking subsystem could enable a local malicious application to\n execute arbitrary code within the context of the kernel. This issue is\n rated as Moderate because it first requires compromising a privileged\n process and current compiler optimizations restrict access to the\n vulnerable code. (bnc#1014746).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash)\n or possibly have unspecified other impact by leveraging the\n CAP_NET_ADMIN capability for a crafted setsockopt system call with the\n (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).\n - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash)\n or possibly have unspecified other impact by leveraging the\n CAP_NET_ADMIN capability for a crafted setsockopt system call with the\n (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-9685: Multiple memory leaks in error paths in\n fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause\n a denial of service (memory consumption) via crafted XFS filesystem\n operations (bnc#1012832).\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in\n the Linux kernel lacked chunk-length checking for the first chunk, which\n allowed remote attackers to cause a denial of service (out-of-bounds\n slab access) or possibly have unspecified other impact via crafted SCTP\n data (bnc#1011685).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed (bnc#1010716).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users\n to gain privileges or cause a denial of service (system crash) via a\n VAPIC synchronization operation involving a page-end address\n (bnc#853052).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2016-7916: Race condition in the environ_read function in\n fs/proc/base.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory by reading a /proc/*/environ\n file during a process-setup time interval in which environment-variable\n copying is incomplete (bnc#1010467).\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the\n Linux kernel allowed local users to cause a denial of service (OOPS) by\n attempting to trigger use of in-kernel hash algorithms for a socket that\n has received zero bytes of data (bnc#1010150).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain\n unusual hardware configurations, allowed remote attackers to execute\n arbitrary code via crafted fragmented packets (bnc#1008833).\n\n The following non-security bugs were fixed:\n\n - 8250_pci: Fix potential use-after-free in error path (bsc#1013070).\n - KABI fix (bsc#1014410).\n - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875).\n - be2net: Do not leak iomapped memory on removal (bug#925065).\n - block_dev: do not test bdev->bd_contains when it is not stable\n (bsc#1008557).\n - bna: Add synchronization for tx ring (bsc#993739).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - crypto: add ghash-generic in the supported.conf(bsc#1016824)\n - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106\n (bsc#913387).\n - dm: do not call dm_sync_table() when creating new devices (bnc#901809).\n - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348)\n - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668).\n - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018).\n - ext4: fix reference counting bug on block allocation error (bsc#1013018).\n - futex: Acknowledge a new waiter in counter before plist (bsc#851603).\n - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603).\n - hpilo: Add support for iLO5 (bsc#999101).\n - ibmveth: calculate gso_segs for large packets (bsc#1019165).\n - ibmveth: set correct gso_size and gso_type (bsc#1019165).\n - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491\n FATE#317388).\n - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector\n (bsc#795297 FATE#313656).\n - igb: Fix oops caused by missing queue pairing (bsc#909491 FATE#317388).\n - igb: Fix oops on changing number of rings (bsc#909491 FATE#317388).\n - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs()\n (bsc#909491 FATE#317388).\n - igb: Unpair the queues when changing the number of queues (bsc#909491\n FATE#317388).\n - kexec: add a kexec_crash_loaded() function (bsc#973691).\n - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680).\n - kvm: Distangle eventfd code from irqchip (bsc#989680).\n - kvm: Iterate over only vcpus that are preempted (bsc#989680).\n - kvm: Record the preemption status of vcpus using preempt notifiers\n (bsc#989680).\n - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680).\n - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680).\n - kvm: make processes waiting on vcpu mutex killable (bsc#989680).\n - kvm: nVMX: Add preemption timer support (bsc#989680).\n - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680).\n - kvm: use symbolic constant for nr interrupts (bsc#989680).\n - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680).\n - kvm: x86: Run PIT work in own kthread (bsc#989680).\n - kvm: x86: limit difference between kvmclock updates (bsc#989680).\n - libata: introduce ata_host->n_tags to avoid oops on SAS controllers\n (bsc#871728).\n - libata: remove n_tags to avoid kABI breakage (bsc#871728).\n - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS\n response (bsc#962846).\n - libfc: Fixup disc_mutex handling (bsc#962846).\n - libfc: Issue PRLI after a PRLO has been received (bsc#962846).\n - libfc: Revisit kref handling (bnc#990245).\n - libfc: Update rport reference counting (bsc#953233).\n - libfc: do not send ABTS when resetting exchanges (bsc#962846).\n - libfc: fixup locking of ptp_setup() (bsc#962846).\n - libfc: reset exchange manager during LOGO handling (bsc#962846).\n - libfc: send LOGO for PLOGI failure (bsc#962846).\n - locking/mutex: Explicitly mark task as running after wakeup\n (bsc#1012411).\n - memstick: mspro_block: add missing curly braces (bsc#1016688).\n - mlx4: Fix error flow when sending mads under SRIOV (bsc#786036\n FATE#314304).\n - mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036\n FATE#314304).\n - mlx4: Fix memory leak if QP creation failed (bsc#786036 FATE#314304).\n - mlx4: Fix potential deadlock when sending mad to wire (bsc#786036\n FATE#314304).\n - mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036 FATE#314304).\n - mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036\n FATE#314304).\n - mlx4: add missing braces in verify_qp_parameters (bsc#786036\n FATE#314304).\n - mm/memory_hotplug.c: check for missing sections in\n test_pages_in_a_zone() (bnc#961589).\n - mm: fix crashes from mbind() merging vmas (bnc#1005877).\n - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).\n - mremap: enforce rmap src/dst vma ordering in case of vma_merge()\n succeeding in copy_vma() (bsc#1008645).\n - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036\n FATE#314304).\n - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382\n FATE#317529).\n - net/mlx4_core: Avoid returning success in case of an error flow\n (bsc#786036 FATE#314304).\n - net/mlx4_core: Do not BUG_ON during reset when PCI is offline\n (bsc#924708).\n - net/mlx4_core: Do not access comm channel if it has not yet been\n initialized (bsc#924708).\n - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards\n (bsc#919382 FATE#317529).\n - net/mlx4_core: Fix the resource-type enum in res tracker to conform to\n FW spec (bsc#786036 FATE#314304).\n - net/mlx4_core: Implement pci_resume callback (bsc#924708).\n - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT\n (bug#919382 FATE#317529).\n - net/mlx4_en: Choose time-stamping shift value according to HW frequency\n (bsc#919382 FATE#317529).\n - net/mlx4_en: Fix HW timestamp init issue upon system startup (bsc#919382\n FATE#317529).\n - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036\n FATE#314304).\n - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036\n FATE#314304).\n - net/mlx4_en: Remove dependency between timestamping capability and\n service_task (bsc#919382 FATE#317529).\n - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382\n FATE#317529).\n - netfront: do not truncate grant references.\n - nfsv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - nfsv4: Handle timeouts correctly when probing for lease validity\n (bsc#1014410).\n - nvme: Automatic namespace rescan (bsc#1017686).\n - nvme: Metadata format support (bsc#1017686).\n - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401).\n - posix-timers: Use sighand lock instead of tasklist_lock for task clock\n sample (bnc#997401).\n - posix-timers: Use sighand lock instead of tasklist_lock on timer\n deletion (bnc#997401).\n - powerpc/MSI: Fix race condition in tearing down MSI interrupts\n (bsc#1010201).\n - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config\n (bsc#1010201).\n - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201).\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec\n (bsc#1003813).\n - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201).\n - powerpc: scan_features() updates incorrect bits for REAL_LE\n (bsc#1010201).\n - printk/sched: Introduce special printk_sched() for those awkward\n (bsc#996541).\n - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851).\n - qlcnic: fix a loop exit condition better (bsc#909350 FATE#317546).\n - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()\n (bnc#800999 FATE#313899).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rt2x00: fix rfkill regression on rt2500pci (bnc#748806).\n - s390/zcrypt: kernel: Fix invalid domain response handling (bsc#1016320).\n - scsi: Fix erratic device offline during EH (bsc#993832).\n - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557).\n - scsi: lpfc: avoid double free of resource identifiers (bsc#989896).\n - scsi_error: count medium access timeout only once per EH run\n (bsc#993832).\n - scsi_error: fixup crash in scsi_eh_reset (bsc#993832)\n - serial: 8250_pci: Detach low-level driver during PCI error recovery\n (bsc#1013070).\n - sunrpc: Enforce an upper limit on the number of cached credentials\n (bsc#1012917).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache\n (bsc#1012917).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175).\n - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175).\n - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175).\n - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175).\n - tg3: Fix temperature reporting (bnc#790588 FATE#313912).\n - usb: console: fix potential use after free (bsc#1015817).\n - usb: console: fix uninitialised ldisc semaphore (bsc#1015817).\n - usb: cp210x: Corrected USB request type definitions (bsc#1015932).\n - usb: cp210x: relocate private data from USB interface to port\n (bsc#1015932).\n - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932).\n - usb: ftdi_sio: fix null deref at port probe (bsc#1015796).\n - usb: ipaq.c: fix a timeout loop (bsc#1015848).\n - usb: opticon: fix non-atomic allocation in write path (bsc#1015803).\n - usb: option: fix runtime PM handling (bsc#1015752).\n - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932).\n - usb: serial: cp210x: add 8-bit and 32-bit register access functions\n (bsc#1015932).\n - usb: serial: cp210x: add new access functions for large registers\n (bsc#1015932).\n - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932).\n - usb: serial: fix potential use-after-free after failed probe\n (bsc#1015828).\n - usb: serial: io_edgeport: fix memory leaks in attach error path\n (bsc#1016505).\n - usb: serial: io_edgeport: fix memory leaks in probe error path\n (bsc#1016505).\n - usb: serial: keyspan: fix use-after-free in probe error path\n (bsc#1016520).\n - usb: sierra: fix AA deadlock in open error path (bsc#1015561).\n - usb: sierra: fix remote wakeup (bsc#1015561).\n - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561).\n - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561).\n - usb: sierra: fix use after free at suspend/resume (bsc#1015561).\n - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760).\n - usb: usb_wwan: fix race between write and resume (bsc#1015760).\n - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760).\n - usb: usb_wwan: fix urb leak in write error path (bsc#1015760).\n - usb: usb_wwan: fix write and suspend race (bsc#1015760).\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844).\n - xenbus: do not invoke is_ready() for most device states (bsc#987333).\n\n", "modified": "2017-02-09T21:08:33", "published": "2017-02-09T21:08:33", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00019.html", "id": "SUSE-SU-2017:0437-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-15T01:00:02", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9806", "CVE-2016-7910", "CVE-2017-2584", "CVE-2016-8633", "CVE-2016-9084", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-7911", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2017-5551", "CVE-2017-2583", "CVE-2015-8963", "CVE-2016-9083", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-8645"], "edition": 1, "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (use-after-free) by leveraging incorrect handling of an swevent\n data structure during a CPU unplug operation (bnc#1010502).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed (bnc#1010716).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (use-after-free)\n via vectors involving omission of the firmware name from a certain data\n structure (bnc#1010478).\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in\n lib/assoc_array.c in the Linux kernel did not check whether a slot is a\n leaf, which allowed local users to obtain sensitive information from\n kernel memory or cause a denial of service (invalid pointer dereference\n and out-of-bounds read) via an application that uses associative-array\n data structures, as demonstrated by the keyutils test suite\n (bnc#1010475).\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel\n networking subsystem could enable a local malicious application to\n execute arbitrary code within the context of the kernel. This issue is\n rated as Moderate because it first requires compromising a privileged\n process and current compiler optimizations restrict access to the\n vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18.\n Android ID: A-31349935 (bnc#1014746).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain\n unusual hardware configurations, allowed remote attackers to execute\n arbitrary code via crafted fragmented packets (bnc#1008833).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed\n local users to bypass integer overflow checks, and cause a denial of\n service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS\n ioctl call, aka a "state machine confusion bug" (bnc#1007197).\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel\n misuses the kzalloc function, which allowed local users to cause a\n denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file (bnc#1007197).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531 1013542).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540 1017589).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bsc#1019851).\n - CVE-2017-2583: Fixed broken emulation of "MOV SS, null selector"\n (bsc#1020602).\n - CVE-2017-5551: Clear SGID bit when setting file permissions on tmpfs\n (bsc#1021258).\n\n\n The following non-security bugs were fixed:\n\n - Fixup acl reference leak and missing conversions in ext3, gfs2, jfs,\n hfsplus\n - RAID1: ignore discard error (bsc#1017164).\n - Update\n patches.suse/btrfs-8446-fix-qgroup-accounting-when-creating-snap.patch\n (bsc#972993).\n - blacklist: PCI fixes required only for cxl (bsc#1016713).\n - blacklist: cxl fixes on SLE12 SP1 (bsc#1016725)\n - blacklist: ibmvnic fixes on SLE12 SP1 (bsc#1016961)\n - block_dev: do not test bdev->bd_contains when it is not stable\n (bsc#1008557).\n - bna: Add synchronization for tx ring (bsc#993739).\n - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052\n fate#318602 bsc#922056 FATE#318604).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - bnx2x: fix lockdep splat (bsc#922052 fate#318602 bsc#922056 FATE#318604).\n - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space\n (bsc#1005666).\n - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c\n (bsc#983087).\n - btrfs: Revert "Btrfs: do not delay inode ref updates during log replay"\n (bsc#987192).\n - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in\n btrfs_ioctl (bsc#1018100).\n - btrfs: do not delay inode ref updates during log replay (bsc#987192).\n - btrfs: fix incremental send failure caused by balance (bsc#985850).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing\n (bsc#983087).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).\n - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL)\n (bsc#1008876).\n - ext4: fix data exposure after a crash (bsc#1012985).\n - fs: avoid including "mountproto=" with no protocol in /proc/mounts\n (bsc#1019260).\n - fuse: do not use iocb after it may have been freed (bsc#1012985).\n - hpilo: Add support for iLO5 (bsc#999101).\n - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381\n FATE#318568 bsc#921338).\n - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036 FATE#318772).\n - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727 FATE#315946).\n - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727\n FATE#315946).\n - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036 FATE#318772).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - igb: Fix oops caused by missing queue pairing (bnc#857394).\n - ipmi_si: create hardware-independent softdep for ipmi_devintf\n (bsc#1009062).\n - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).\n - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963\n FATE#319084).\n - kabi fix (bsc#1014410).\n - kabi: Whitelist KVM KABI changes resulting from adding a hcall. caused\n by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use\n H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected\n as result of changing KVM KABI so whitelisting for now. If we get some\n additional input from IBM we can back out the patch.\n - kabi: protect __sk_mem_reclaim (kabi).\n - kabi: protect struct perf_event_context (kabi).\n - kabi: reintroduce sk_filter (kabi).\n - kbuild: Fix removal of the debian/ directory (bsc#1010213).\n - kernel: remove broken memory detection sanity check (bnc#1008567,\n LTC#148072).\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).\n - move the call of __d_drop(anon) into __d_materialise_unique(dentry,\n anon) (bsc#984194).\n - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727\n FATE#315946).\n - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036 FATE#318772).\n - net/mlx5e: Do not modify CQ before it was created (bnc#923036\n FATE#318772).\n - net/mlx5e: Do not try to modify CQ moderation if it is not supported\n (bnc#923036 FATE#318772).\n - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036 FATE#318772).\n - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036 FATE#318772).\n - netback: correct array index (bsc#983348).\n - nfsv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec\n (bsc#1003813).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter\n (bsc#1012060)\n - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)\n - serial: 8250_pci: Detach low-level driver during PCI error recovery\n (bsc#1013001).\n - serial: 8250_pci: Fix potential use-after-free in error path\n (bsc#1013001).\n - sfc: clear napi_hash state when copying channels (bsc#923037\n FATE#318563).\n - sfc: fix potential stack corruption from running past stat bitmask\n (bsc#923037 FATE#318563).\n - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380\n FATE#315942).\n - sunrpc: Enforce an upper limit on the number of cached credentials\n (bsc#1012917).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - supported.conf: Add lib/*.ko to supported.conf (bsc#1019032)\n - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT\n REACHABLE (bsc#991273).\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()\n (bsc#921778 FATE#318558).\n - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).\n - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()\n (bsc#1013479).\n - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - xenbus: correctly signal errors from xenstored_local_init() (luckily\n none so far).\n - xfs: allow lazy sb counter sync during filesystem freeze sequence\n (bsc#980560).\n - xfs: refactor xlog_recover_process_data() (bsc#1019300).\n\n", "modified": "2017-02-15T00:08:49", "published": "2017-02-15T00:08:49", "id": "SUSE-SU-2017:0464-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00024.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-06T20:59:52", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-7910", "CVE-2017-2584", "CVE-2016-8633", "CVE-2016-8655", "CVE-2016-9084", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-7911", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2016-9555", "CVE-2017-5551", "CVE-2016-8632", "CVE-2017-2583", "CVE-2015-8963", "CVE-2016-9083", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-8645"], "edition": 1, "description": "The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem\n that allowed local users to gain privileges or cause a denial of service\n (memory corruption and system crash) (bnc#1010501).\n - CVE-2015-8963: Fixed a race condition in kernel/events/core.c that\n allowed local users to gain privileges or cause a denial of service\n (use-after-free) (bnc#1010502).\n - CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that\n allowed local users to obtain sensitive information from kernel memory\n (bnc#1010507).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free)\n (bnc#1017710).\n - CVE-2016-7910: Fixed a use-after-free vulnerability in the block\n subsystem that allowed local users to gain privileges (bnc#1010716).\n - CVE-2016-7911: Fixed a race condition in the get_task_ioprio function\n that allowed local users to gain privileges or cause a denial of service\n (use-after-free) (bnc#1010711).\n - CVE-2016-7913: Fixed a bug in the xc2028_set_config function that\n allowed local users to gain privileges or cause a denial of service\n (use-after-free) (bnc#1010478).\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function did\n not check whether a slot is a leaf, which allowed local users to obtain\n sensitive information from kernel memory or cause a denial of service\n (invalid pointer dereference and out-of-bounds read) (bnc#1010475).\n - CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could\n have enabled a local malicious application to execute arbitrary code\n within the context of the kernel. (bnc#1014746).\n - CVE-2016-8632: The net subsystem did not validate the relationship\n between the minimum fragment length and the maximum packet size, which\n allowed local users to gain privileges or cause a denial of service\n (heap-based buffer overflow) (bnc#1008831).\n - CVE-2016-8633: The firewire subsystem allowed remote attackers to\n execute arbitrary code via crafted fragmented packets in certain unusual\n hardware configurations (bnc#1008833).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) (bnc#1009969).\n - CVE-2016-8655: Fixed a race condition in the network subsystem that\n allowed local users to gain privileges or cause a denial of service\n (use-after-free) (bnc#1012754).\n - CVE-2016-9083: The PCI subsystem local users to bypass integer overflow\n checks and cause a denial of service (memory corruption) or have\n unspecified other impact (bnc#1007197).\n - CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which\n allowed local users to cause a denial of service (integer overflow) or\n have unspecified other impact (bnc#1007197).\n - CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote\n attackers to cause a denial of service (out-of-bounds slab access) or\n possibly have unspecified other impact via crafted SCTP data\n (bnc#1011685).\n - CVE-2016-9576: The block subsystem did not properly restrict the type of\n iterator, which allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service (use-after-free)\n (bnc#1013604).\n - CVE-2016-9756: The kernel did not properly initialize Code Segment (CS)\n in certain error cases, which allowed local users to obtain sensitive\n information from kernel stack memory (bnc#1013038).\n - CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf\n and sk_rcvbuf, which allowed local users to cause a denial of service\n (memory corruption and system crash) or possibly have unspecified other\n impact (bnc#1013531).\n - CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact (bnc#1013533).\n - CVE-2016-9806: Fixed a race condition in the netlink_dump() function\n which could have allowed local users to cause a denial of service\n (double free) or possibly have unspecified other impact (bnc#1013540).\n - CVE-2017-2583: kvm: x86: fixed emulation of "MOV SS, null selector"\n (bsc#1020602).\n - CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) (bnc#1019851).\n - CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set\n setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).\n\n The following non-security bugs were fixed:\n\n - 8250_pci: Fix potential use-after-free in error path (bsc#1013001).\n - block_dev: do not test bdev->bd_contains when it is not stable\n (bsc#1008557).\n - bna: Add synchronization for tx ring (bsc#993739).\n - bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052\n bsc#922056).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - bnx2x: fix lockdep splat (bsc#922052 bsc#922056).\n - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space\n (bsc#1005666).\n - btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c\n (bsc#983087).\n - btrfs: Revert "do not delay inode ref updates during log replay"\n (bsc#987192).\n - btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in\n btrfs_ioctl (bsc#1018100).\n - btrfs: do not delay inode ref updates during log replay (bsc#987192).\n - btrfs: fix incremental send failure caused by balance (bsc#985850).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing\n (bsc#983087).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).\n - cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL)\n (bsc#1008876).\n - cpuset: fix sched_load_balance that was accidentally broken in a\n previous update (bsc#1010294).\n - ext4: fix data exposure after a crash (bsc#1012985).\n - fs/dcache: move the call of __d_drop(anon) into\n __d_materialise_unique(dentry, anon) (bsc#984194).\n - fuse: do not use iocb after it may have been freed (bsc#1012985).\n - hpilo: Add support for iLO5 (bsc#999101).\n - ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381\n bsc#921338).\n - ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).\n - ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727).\n - ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727).\n - ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).\n - ibmveth: calculate gso_segs for large packets (bsc#1019148).\n - ibmveth: check return of skb_linearize in ibmveth_start_xmit\n (bsc#1019148).\n - ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019148).\n - igb: Fix oops caused by missing queue pairing (bnc#857394).\n - ipmi_si: create hardware-independent softdep for ipmi_devintf\n (bsc#1009062).\n - ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).\n - ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963).\n - kabi: protect __sk_mem_reclaim (kabi).\n - kabi: protect struct perf_event_context (kabi).\n - kabi: reintroduce sk_filter (kabi).\n - kernel: remove broken memory detection sanity check (bnc#1008567,\n LTC#148072).\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).\n - net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).\n - net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036).\n - net/mlx5e: Do not modify CQ before it was created (bnc#923036).\n - net/mlx5e: Do not try to modify CQ moderation if it is not supported\n (bnc#923036).\n - net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036).\n - net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).\n - netback: correct array index (bsc#983348).\n - nfsv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - nfsv4: Fix "NFS Lock reclaim failed" errors (bsc#1014410).\n - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n - posix_acl: Fixup acl reference leak and missing conversions in ext3,\n gfs2, jfs, hfsplus.\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec\n (bsc#1003813).\n - proc: avoid including "mountproto=" with no protocol in /proc/mounts\n (bsc#1019260).\n - raid1: ignore discard error (bsc#1017164).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm/kernel-spec-macros: Fix the check if there is no rebuild counter\n (bsc#1012060)\n - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)\n - serial: 8250_pci: Detach low-level driver during PCI error recovery\n (bsc#1013001).\n - sfc: clear napi_hash state when copying channels (bsc#923037).\n - sfc: fix potential stack corruption from running past stat bitmask\n (bsc#923037).\n - sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).\n - sunrpc: Enforce an upper limit on the number of cached credentials\n (bsc#1012917).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT\n REACHABLE (bsc#991273).\n - target: add XCOPY target/segment desc sense codes (bsc#991273).\n - target: bounds check XCOPY segment descriptor list (bsc#991273).\n - target: bounds check XCOPY total descriptor list length (bsc#991273).\n - target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - target: check for XCOPY parameter truncation (bsc#991273).\n - target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense\n (bsc#991273).\n - target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n - target: support XCOPY requests without parameters (bsc#991273).\n - target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n - target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()\n (bsc#921778).\n - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).\n - x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq()\n (bsc#1013479).\n - xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - xenbus: correctly signal errors from xenstored_local_init() (luckily\n none so far).\n - xfs: allow lazy sb counter sync during filesystem freeze sequence\n (bsc#980560).\n - xfs: refactor xlog_recover_process_data() (bsc#1019300).\n\n", "modified": "2017-02-06T21:07:31", "published": "2017-02-06T21:07:31", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00010.html", "id": "SUSE-SU-2017:0407-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-25T19:19:00", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7097", "CVE-2016-9794", "CVE-2016-7910", "CVE-2016-8633", "CVE-2016-8399", "CVE-2016-7117", "CVE-2016-9793", "CVE-2016-7911", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2016-7916", "CVE-2016-9555", "CVE-2017-5551", "CVE-2016-5696", "CVE-2016-8632", "CVE-2004-0230", "CVE-2016-9685", "CVE-2013-6368", "CVE-2015-1350", "CVE-2015-8956", "CVE-2012-6704", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-8646", "CVE-2016-3841", "CVE-2016-7042"], "edition": 1, "description": "The SLE-11 SP4 kernel was updated to 3.0.101.rt130-68 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the\n Linux kernel preserved the setgid bit during a setxattr call involving a\n tmpfs filesystem, which allowed local users to gain group privileges by\n leveraging the existence of a setgid program with restrictions on\n execute permissions. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-7097 (bnc#1021258).\n - CVE-2016-7097: posix_acl: Clear SGID bit when setting file permissions\n (bsc#995968).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2016-5696: TCP, when using a large Window Size, made it easier for\n remote attackers to guess sequence numbers and cause a denial of service\n (connection loss) to persistent TCP connections by repeatedly injecting\n a TCP RST packet, especially in protocols that use long-lived\n connections, such as BGP (bnc#989152).\n - CVE-2015-1350: Denial of service in notify_change for filesystem xattrs\n (bsc#914939).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel\n networking subsystem could have enabled a local malicious application to\n execute arbitrary code within the context of the kernel. This issue is\n rated as Moderate because it first requires compromising a privileged\n process and current compiler optimizations restrict access to the\n vulnerable code. (bnc#1014746).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash)\n or possibly have unspecified other impact by leveraging the\n CAP_NET_ADMIN capability for a crafted setsockopt system call with the\n (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).\n - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash)\n or possibly have unspecified other impact by leveraging the\n CAP_NET_ADMIN capability for a crafted setsockopt system call with the\n (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-9576: splice: introduce FMODE_SPLICE_READ and\n FMODE_SPLICE_WRITE (bsc#1013604)\n - CVE-2016-9794: ALSA: pcm : Call kill_fasync() in stream lock\n (bsc#1013533)\n - CVE-2016-3841: KABI workaround for ipv6: add complete rcu protection\n around np->opt (bsc#992566).\n - CVE-2016-9685: Multiple memory leaks in error paths in\n fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause\n a denial of service (memory consumption) via crafted XFS filesystem\n operations (bnc#1012832).\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in\n the Linux kernel lacks chunk-length checking for the first chunk, which\n allowed remote attackers to cause a denial of service (out-of-bounds\n slab access) or possibly have unspecified other impact via crafted SCTP\n data (bnc#1011685).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop\n operation even if the corresponding start operation had failed\n (bnc#1010716).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users\n to gain privileges or cause a denial of service (system crash) via a\n VAPIC synchronization operation involving a page-end address\n (bnc#853052).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2016-7916: Revert "proc: prevent accessing /proc/<PID>/environ until\n it's ready (bsc#1010467)"\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the\n Linux kernel allowed local users to cause a denial of service (OOPS) by\n attempting to trigger use of in-kernel hash algorithms for a socket that\n has received zero bytes of data (bnc#1010150).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7,\n in certain unusual hardware configurations, allowed remote attackers to\n execute arbitrary code via crafted fragmented packets (bnc#1008833).\n - CVE-2016-7042: KEYS: Fix short sprintf buffer in /proc/keys show\n function (bsc#1004517).\n - CVE-2015-8956: Bluetooth: Fix potential NULL dereference in RFCOMM bind\n callback (bsc#1003925).\n - CVE-2016-7117: net: Fix use after free in the recvmmsg exit path\n (bsc#1003077).\n\n The following non-security bugs were fixed:\n\n - blacklist.conf: 45f13df be2net: Enable Wake-On-LAN from shutdown for\n Skyhawk\n - blacklist.conf: c9cc599 net/mlx4_core: Fix QUERY FUNC CAP flags\n\n - 8250_pci: Fix potential use-after-free in error path (bsc#1013070).\n - IB/mlx4: Fix error flow when sending mads under SRIOV (bsc#786036).\n - IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV (bsc#786036).\n - IB/mlx4: Fix memory leak if QP creation failed (bsc#786036).\n - IB/mlx4: Fix potential deadlock when sending mad to wire (bsc#786036).\n - IB/mlx4: Forbid using sysfs to change RoCE pkeys (bsc#786036).\n - IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV (bsc#786036).\n - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875).\n - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).\n - be2net: Do not leak iomapped memory on removal (bug#925065).\n - block_dev: do not test bdev->bd_contains when it is not stable\n (bsc#1008557).\n - bna: Add synchronization for tx ring (bsc#993739).\n - bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n - bnx2x: fix lockdep splat (bsc#908684).\n - cifs: revert fs/cifs: fix wrongly prefixed path to root (bsc#963655)\n - config.conf: add bigmem flavour on ppc64\n - cpumask, nodemask: implement cpumask/nodemask_pr_args() (bnc1003866).\n - cpumask_set_cpu_local_first => cpumask_local_spread, lament (bug#919382).\n - crypto: add ghash-generic in the supported.conf(bsc#1016824)\n - crypto: aesni - Add support for 192 & 256 bit keys to AESNI RFC4106\n (bsc#913387, #bsc1016831).\n - dm space map metadata: fix sm_bootstrap_get_nr_blocks()\n - dm thin: fix race condition when destroying thin pool workqueue\n - dm: do not call dm_sync_table() when creating new devices (bnc#901809,\n bsc#1008893).\n - drm/mgag200: Added support for the new deviceID for G200eW3 (bnc#1019348)\n - ext3: Avoid premature failure of ext3_has_free_blocks() (bsc#1016668).\n - ext4: do not leave i_crtime.tv_sec uninitialized (bsc#1013018).\n - ext4: fix reference counting bug on block allocation error (bsc#1013018).\n - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).\n - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).\n - fs/cifs: Fix regression which breaks DFS mounting (bsc#799133).\n - fs/cifs: Move check for prefix path to within cifs_get_root()\n (bsc#799133).\n - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655,\n bsc#979681).\n - fs/cifs: make share unaccessible at root level mountable (bsc#799133).\n - futex: Acknowledge a new waiter in counter before plist (bsc#851603).\n - futex: Drop refcount if requeue_pi() acquired the rtmutex (bsc#851603).\n - hpilo: Add support for iLO5 (bsc#999101).\n - hv: do not lose pending heartbeat vmbus packets (bnc#1006919).\n - hv: vmbus: avoid scheduling in interrupt context in\n vmbus_initiate_unload() (bnc#986337).\n - hv: vmbus: avoid wait_for_completion() on crash (bnc#986337).\n - hv: vmbus: do not loose HVMSG_TIMER_EXPIRED messages (bnc#986337).\n - hv: vmbus: do not send CHANNELMSG_UNLOAD on pre-Win2012R2 hosts\n (bnc#986337).\n - hv: vmbus: handle various crash scenarios (bnc#986337).\n - hv: vmbus: remove code duplication in message handling (bnc#986337).\n - hv: vss: run only on supported host versions (bnc#986337).\n - i40e: fix an uninitialized variable bug (bsc#909484).\n - ibmveth: calculate gso_segs for large packets (bsc#1019165, bsc#1019148).\n - ibmveth: set correct gso_size and gso_type (bsc#1019165, bsc#1019148).\n - igb: Enable SR-IOV configuration via PCI sysfs interface (bsc#909491).\n - igb: Fix NULL assignment to incorrect variable in igb_reset_q_vector\n (bsc#795297).\n - igb: Fix oops caused by missing queue pairing (bsc#909491).\n - igb: Fix oops on changing number of rings (bsc#909491).\n - igb: Remove unnecessary flag setting in igb_set_flag_queue_pairs()\n (bsc#909491).\n - igb: Unpair the queues when changing the number of queues (bsc#909491).\n - ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos\n too (bsc#865783).\n - kabi-fix for flock_owner addition (bsc#998689).\n - kexec: add a kexec_crash_loaded() function (bsc#973691).\n - kvm: APIC: avoid instruction emulation for EOI writes (bsc#989680).\n - kvm: Distangle eventfd code from irqchip (bsc#989680).\n - kvm: Iterate over only vcpus that are preempted (bsc#989680).\n - kvm: Record the preemption status of vcpus using preempt notifiers\n (bsc#989680).\n - kvm: VMX: Pass vcpu to __vmx_complete_interrupts (bsc#989680).\n - kvm: fold kvm_pit_timer into kvm_kpit_state (bsc#989680).\n - kvm: make processes waiting on vcpu mutex killable (bsc#989680).\n - kvm: nVMX: Add preemption timer support (bsc#989680).\n - kvm: remove a wrong hack of delivery PIT intr to vcpu0 (bsc#989680).\n - kvm: use symbolic constant for nr interrupts (bsc#989680).\n - kvm: x86: Remove support for reporting coalesced APIC IRQs (bsc#989680).\n - kvm: x86: Run PIT work in own kthread (bsc#989680).\n - kvm: x86: limit difference between kvmclock updates (bsc#989680).\n - kvm: x86: only channel 0 of the i8254 is linked to the HPET (bsc#960689).\n - lib/vsprintf: implement bitmap printing through '%*pb[l]' (bnc#1003866).\n - libata: introduce ata_host->n_tags to avoid oops on SAS controllers\n (bsc#871728).\n - libata: remove n_tags to avoid kABI breakage (bsc#871728).\n - libata: support the ata host which implements a queue depth less than 32\n (bsc#871728)\n - libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS\n response (bsc#962846).\n - libfc: Fixup disc_mutex handling (bsc#962846).\n - libfc: Issue PRLI after a PRLO has been received (bsc#962846).\n - libfc: Revisit kref handling (bnc#990245).\n - libfc: Update rport reference counting (bsc#953233).\n - libfc: do not send ABTS when resetting exchanges (bsc#962846).\n - libfc: fixup locking of ptp_setup() (bsc#962846).\n - libfc: reset exchange manager during LOGO handling (bsc#962846).\n - libfc: send LOGO for PLOGI failure (bsc#962846).\n - locking/mutex: Explicitly mark task as running after wakeup\n (bsc#1012411).\n - md/raid10: Fix memory leak when raid10 reshape completes\n - md/raid10: always set reshape_safe when initializing reshape_position\n - md: Drop sending a change uevent when stopping (bsc#1003568).\n - md: check command validity early in md_ioctl() (bsc#1004520).\n - md: fix problem when adding device to read-only array with bitmap\n (bnc#771065).\n - memstick: mspro_block: add missing curly braces (bsc#1016688).\n - mlx4: add missing braces in verify_qp_parameters (bsc#786036).\n - mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations\n (bnc#763198).\n - mm/memory.c: actually remap enough memory (bnc#1005903).\n - mm/memory_hotplug.c: check for missing sections in\n test_pages_in_a_zone() (bnc#961589).\n - mm: fix crashes from mbind() merging vmas (bnc#1005877).\n - mm: fix sleeping function warning from __put_anon_vma (bnc#1005857).\n - dcache: move the call of __d_drop(anon) into\n __d_materialise_unique(dentry, anon) (bsc#984194).\n - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).\n - mremap: enforce rmap src/dst vma ordering in case of vma_merge()\n succeeding in copy_vma() (bsc#1008645).\n - mshyperv: fix recognition of Hyper-V guest crash MSR's (bnc#986337).\n - net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes (bsc#786036).\n - net/mlx4_core: Allow resetting VF admin mac to zero (bsc#919382).\n - net/mlx4_core: Avoid returning success in case of an error flow\n (bsc#786036).\n - net/mlx4_core: Do not BUG_ON during reset when PCI is offline\n (bsc#924708).\n - net/mlx4_core: Do not access comm channel if it has not yet been\n initialized (bsc#924708 bsc#786036).\n - net/mlx4_core: Fix error message deprecation for ConnectX-2 cards\n (bug#919382).\n - net/mlx4_core: Fix the resource-type enum in res tracker to conform to\n FW spec (bsc#786036).\n - net/mlx4_core: Implement pci_resume callback (bsc#924708).\n - net/mlx4_core: Update the HCA core clock frequency after INIT_PORT\n (bug#919382).\n - net/mlx4_en: Choose time-stamping shift value according to HW frequency\n (bsc#919382).\n - net/mlx4_en: Fix HW timestamp init issue upon system startup\n (bsc#919382).\n - net/mlx4_en: Fix potential deadlock in port statistics flow (bsc#786036).\n - net/mlx4_en: Move filters cleanup to a proper location (bsc#786036).\n - net/mlx4_en: Remove dependency between timestamping capability and\n service_task (bsc#919382).\n - net/mlx4_en: fix spurious timestamping callbacks (bsc#919382).\n - netfilter: ipv4: defrag: set local_df flag on defragmented skb\n (bsc#907611).\n - netfront: do not truncate grant references.\n - netvsc: fix incorrect receive checksum offloading (bnc#1006917).\n - nfs4: reset states to use open_stateid when returning delegation\n voluntarily (bsc#1007944).\n - nfs: Fix an LOCK/OPEN race when unlinking an open file (bsc#956514).\n - nfsv4.1: Fix an NFSv4.1 state renewal regression (bnc#863873).\n - nfsv4: Cap the transport reconnection timer at 1/2 lease period\n (bsc#1014410).\n - nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n - nfsv4: Handle timeouts correctly when probing for lease validity\n (bsc#1014410).\n - nfsv4: add flock_owner to open context (bnc#998689).\n - nfsv4: change nfs4_do_setattr to take an open_context instead of a\n nfs4_state (bnc#998689).\n - nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of\n lock_owner (bnc#998689).\n - nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is\n one (bnc#998689).\n - nvme: Automatic namespace rescan (bsc#1017686).\n - nvme: Metadata format support (bsc#1017686).\n - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n - oom: print nodemask in the oom report (bnc#1003866).\n - pci_ids: Add PCI device ID functions 3 and 4 for newer F15h models\n - pm / hibernate: Fix rtree_next_node() to avoid walking off list ends\n (bnc#860441).\n - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401).\n - posix-timers: Use sighand lock instead of tasklist_lock for task clock\n sample (bnc#997401).\n - posix-timers: Use sighand lock instead of tasklist_lock on timer\n deletion (bnc#997401).\n - powerpc/64: Fix incorrect return value from __copy_tofrom_user\n (bsc#1005896).\n - powerpc/MSI: Fix race condition in tearing down MSI interrupts\n (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).\n - powerpc/mm/hash64: Fix subpage protection with 4K HPTE config\n (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).\n - powerpc/mm: Add 64TB support (bsc#928138,fate#319026).\n - powerpc/mm: Change the swap encoding in pte (bsc#973203).\n - powerpc/mm: Convert virtual address to vpn (bsc#928138,fate#319026).\n - powerpc/mm: Fix hash computation function (bsc#928138,fate#319026).\n - powerpc/mm: Increase the slice range to 64TB (bsc#928138,fate#319026).\n - powerpc/mm: Make KERN_VIRT_SIZE not dependend on PGTABLE_RANGE\n (bsc#928138,fate#319026).\n - powerpc/mm: Make some of the PGTABLE_RANGE dependency explicit\n (bsc#928138,fate#319026).\n - powerpc/mm: Replace open coded CONTEXT_BITS value\n (bsc#928138,fate#319026).\n - powerpc/mm: Simplify hpte_decode (bsc#928138,fate#319026).\n - powerpc/mm: Update VSID allocation documentation\n (bsc#928138,fate#319026).\n - powerpc/mm: Use 32bit array for slb cache (bsc#928138,fate#319026).\n - powerpc/mm: Use hpt_va to compute virtual address\n (bsc#928138,fate#319026).\n - powerpc/mm: Use the required number of VSID bits in slbmte\n (bsc#928138,fate#319026).\n - powerpc/numa: Fix multiple bugs in memory_hotplug_max() (bsc#1010201,\n [2016-10-04] Pending Base Kernel Fixes).\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec\n (bsc#1003813).\n - powerpc: Add ability to build little endian kernels (bsc#967716).\n - powerpc: Avoid load of static chain register when calling nested\n functions through a pointer on 64bit (bsc#967716).\n - powerpc: Build fix for powerpc KVM (bsc#928138,fate#319026).\n - powerpc: Do not build assembly files with ABIv2 (bsc#967716).\n - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).\n - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).\n - powerpc: Fix error when cross building TAGS & cscope (bsc#967716).\n - powerpc: Make VSID_BITS* dependency explicit (bsc#928138,fate#319026).\n - powerpc: Make the vdso32 also build big-endian (bsc#967716).\n - powerpc: Move kdump default base address to half RMO size on 64bit\n (bsc#1003344).\n - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).\n - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716).\n - powerpc: Rename USER_ESID_BITS* to ESID_BITS* (bsc#928138,fate#319026).\n - powerpc: Require gcc 4.0 on 64-bit (bsc#967716).\n - powerpc: Update kernel VSID range (bsc#928138,fate#319026).\n - powerpc: blacklist fixes for unsupported subarchitectures ppc32 only:\n 6e0fdf9af216 powerpc: fix typo 'CONFIG_PMAC'\n obscure hardware: f7e9e3583625 powerpc: Fix missing L2 cache size in\n /sys/devices/system/cpu\n - powerpc: dtc is required to build dtb files (bsc#967716).\n - powerpc: fix typo 'CONFIG_PPC_CPU' (bsc#1010201, [2016-10-04] Pending\n Base Kernel Fixes).\n - powerpc: scan_features() updates incorrect bits for REAL_LE\n (bsc#1010201, [2016-10-04] Pending Base Kernel Fixes).\n - printk/sched: Introduce special printk_sched() for those awkward\n (bsc#1013042, bsc#996541, bsc#1015878).\n - ptrace: __ptrace_may_access() should not deny sub-threads (bsc#1012851).\n - qlcnic: fix a loop exit condition better (bsc#909350).\n - qlcnic: fix a timeout loop (bsc#909350)\n - qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()\n (bnc#800999).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/constraints.in: Bump ppc64 disk requirements to fix OBS builds again\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm/package-descriptions: add -bigmem description\n - rt2x00: fix rfkill regression on rt2500pci (bnc#748806).\n - s390/cio: fix accidental interrupt enabling during resume (bnc#1003677,\n LTC#147606).\n - s390/time: LPAR offset handling (bnc#1003677, LTC#146920).\n - s390/time: move PTFF definitions (bnc#1003677, LTC#146920).\n - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557).\n - scsi: lpfc: avoid double free of resource identifiers (bsc#989896).\n - scsi: zfcp: spin_lock_irqsave() is not nestable (bsc#1003677,LTC#147374).\n - scsi_error: count medium access timeout only once per EH run\n (bsc#993832).\n - scsi_error: fixup crash in scsi_eh_reset (bsc#993832)\n - serial: 8250_pci: Detach low-level driver during PCI error recovery\n (bsc#1013070).\n - sfc: on MC reset, clear PIO buffer linkage in TXQs (bsc#909618).\n - softirq: sirq threads raising another sirq delegate to the proper thread\n Otherwise, high priority timer threads expend cycles precessing other\n sirqs, potentially increasing wakeup latencies as thes process sirqs at\n a priority other than the priority specified by the user.\n - sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a\n race (bnc#803320).\n - sunrpc: Enforce an upper limit on the number of cached credentials\n (bsc#1012917).\n - sunrpc: Fix reconnection timeouts (bsc#1014410).\n - sunrpc: Fix two issues with drop_caches and the sunrpc auth cache\n (bsc#1012917).\n - sunrpc: Limit the reconnect backoff timer to the max RPC message timeout\n (bsc#1014410).\n - tcp: fix inet6_csk_route_req() for link-local addresses (bsc#1010175).\n - tcp: pass fl6 to inet6_csk_route_req() (bsc#1010175).\n - tcp: plug dst leak in tcp_v6_conn_request() (bsc#1010175).\n - tcp: use inet6_csk_route_req() in tcp_v6_send_synack() (bsc#1010175).\n - tg3: Avoid NULL pointer dereference in tg3_io_error_detected()\n (bsc#908458).\n - tg3: Fix temperature reporting (bnc#790588).\n - tty: Signal SIGHUP before hanging up ldisc (bnc#989764).\n - usb: console: fix potential use after free (bsc#1015817).\n - usb: console: fix uninitialised ldisc semaphore (bsc#1015817).\n - usb: cp210x: Corrected USB request type definitions (bsc#1015932).\n - usb: cp210x: relocate private data from USB interface to port\n (bsc#1015932).\n - usb: cp210x: work around cp2108 GET_LINE_CTL bug (bsc#1015932).\n - usb: ftdi_sio: fix null deref at port probe (bsc#1015796).\n - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices\n (bsc#922634).\n - usb: hub: Fix unbalanced reference count/memory leak/deadlocks\n (bsc#968010).\n - usb: ipaq.c: fix a timeout loop (bsc#1015848).\n - usb: opticon: fix non-atomic allocation in write path (bsc#1015803).\n - usb: option: fix runtime PM handling (bsc#1015752).\n - usb: serial: cp210x: add 16-bit register access functions (bsc#1015932).\n - usb: serial: cp210x: add 8-bit and 32-bit register access functions\n (bsc#1015932).\n - usb: serial: cp210x: add new access functions for large registers\n (bsc#1015932).\n - usb: serial: cp210x: fix hardware flow-control disable (bsc#1015932).\n - usb: serial: fix potential use-after-free after failed probe\n (bsc#1015828).\n - usb: serial: io_edgeport: fix memory leaks in attach error path\n (bsc#1016505).\n - usb: serial: io_edgeport: fix memory leaks in probe error path\n (bsc#1016505).\n - usb: serial: keyspan: fix use-after-free in probe error path\n (bsc#1016520).\n - usb: sierra: fix AA deadlock in open error path (bsc#1015561).\n - usb: sierra: fix remote wakeup (bsc#1015561).\n - usb: sierra: fix urb and memory leak in resume error path (bsc#1015561).\n - usb: sierra: fix urb and memory leak on disconnect (bsc#1015561).\n - usb: sierra: fix use after free at suspend/resume (bsc#1015561).\n - usb: usb_wwan: fix potential blocked I/O after resume (bsc#1015760).\n - usb: usb_wwan: fix race between write and resume (bsc#1015760).\n - usb: usb_wwan: fix urb leak at shutdown (bsc#1015760).\n - usb: usb_wwan: fix urb leak in write error path (bsc#1015760).\n - usb: usb_wwan: fix write and suspend race (bsc#1015760).\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n - usblp: do not set TASK_INTERRUPTIBLE before lock (bsc#1015844).\n - vmxnet3: Wake queue from reset work (bsc#999907).\n - x86, amd_nb: Clarify F15h, model 30h GART and L3 support\n - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141).\n - x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and\n sync_regs (bsc#909077).\n - x86/cpu/amd: Set X86_FEATURE_EXTD_APICID for future processors\n - x86/gart: Check for GART support before accessing GART registers\n - xenbus: do not invoke ->is_ready() for most device states (bsc#987333).\n - zcrypt: Fix hang condition on crypto card config-off (bsc#1016320).\n - zcrypt: Fix invalid domain response handling (bsc#1016320).\n - zfcp: Fix erratic device offline during EH (bsc#993832).\n - zfcp: close window with unblocked rport during rport gone (bnc#1003677).\n - zfcp: fix D_ID field with actual value on tracing SAN responses\n (bnc#1003677).\n - zfcp: fix ELS/GS request&response length for hardware data router\n (bnc#1003677).\n - zfcp: fix payload trace length for SAN request&response (bnc#1003677).\n - zfcp: restore tracing of handle for port and LUN with HBA records\n (bnc#1003677).\n - zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace\n (bnc#1003677).\n - zfcp: retain trace level for SCSI and HBA FSF response records\n (bnc#1003677).\n - zfcp: trace full payload of all SAN records (req,resp,iels)\n (bnc#1003677).\n - zfcp: trace on request for open and close of WKA port (bnc#1003677).\n\n", "modified": "2017-04-25T21:08:55", "published": "2017-04-25T21:08:55", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00031.html", "id": "SUSE-SU-2017:1102-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-17T19:00:05", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7097", "CVE-2016-7910", "CVE-2016-8633", "CVE-2016-8399", "CVE-2016-7117", "CVE-2016-9793", "CVE-2016-7911", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2016-7916", "CVE-2016-9555", "CVE-2017-5551", "CVE-2016-8632", "CVE-2004-0230", "CVE-2016-9685", "CVE-2016-7425", "CVE-2015-8970", "CVE-2016-6828", "CVE-2015-1350", "CVE-2015-8956", "CVE-2012-6704", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-8646", "CVE-2016-3841", "CVE-2016-0823", "CVE-2016-7042"], "edition": 1, "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not\n verify that a setkey operation has been performed on an AF_ALG socket\n before an accept system call is processed, which allowed local users to\n cause a denial of service (NULL pointer dereference and system crash)\n via a crafted application that did not supply a key, related to the\n lrw_crypt function in crypto/lrw.c (bnc#1008374).\n - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs\n (bsc#1021258).\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserves the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bnc#995968).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2004-0230: TCP, when using a large Window Size, made it easier for\n remote attackers to guess sequence numbers and cause a denial of service\n (connection loss) to persistent TCP connections by repeatedly injecting\n a TCP RST packet, especially in protocols that use long-lived\n connections, such as BGP (bnc#969340).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel\n networking subsystem could have enabled a local malicious application to\n execute arbitrary code within the context of the kernel bnc#1014746).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options\n data, which allowed local users to gain privileges or cause a denial of\n service (use-after-free and system crash) via a crafted sendmsg system\n call (bnc#992566).\n - CVE-2016-9685: Multiple memory leaks in error paths in\n fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause\n a denial of service (memory consumption) via crafted XFS filesystem\n operations (bnc#1012832).\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an\n incomplete set of requirements for setattr operations that\n underspecifies removing extended privilege attributes, which allowed\n local users to cause a denial of service (capability stripping) via a\n failed invocation of a system call, as demonstrated by using chown to\n remove a capability from the ping or Wireshark dumpcap program\n (bnc#914939).\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in\n the Linux kernel lacked chunk-length checking for the first chunk, which\n allowed remote attackers to cause a denial of service (out-of-bounds\n slab access) or possibly have unspecified other impact via crafted SCTP\n data (bnc#1011685).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed (bnc#1010716).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2016-7916: Race condition in the environ_read function in\n fs/proc/base.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory by reading a /proc/*/environ\n file during a process-setup time interval in which environment-variable\n copying is incomplete (bnc#1010467).\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the\n Linux kernel allowed local users to cause a denial of service (OOPS) by\n attempting to trigger use of in-kernel hash algorithms for a socket that\n has received zero bytes of data (bnc#1010150).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain\n unusual hardware configurations allowed remote attackers to execute\n arbitrary code via crafted fragmented packets (bnc#1008833).\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux, when the GNU Compiler Collection (gcc) stack protector is\n enabled, used an incorrect buffer size for certain timeout data, which\n allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bnc#1004517).\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the\n Linux kernel allowed local users to obtain sensitive physical-address\n information by reading a pagemap file (bnc#994759).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges or\n cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n\n The following non-security bugs were fixed:\n\n - Always include the git commit in KOTD builds. This allows us not to set\n it explicitly in builds submitted to the official distribution\n (bnc#821612, bnc#824171).\n - KVM: x86: SYSENTER emulation is broken (bsc#994618).\n - NFS: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261).\n - NFS: Refresh open-owner id when server says SEQID is bad (bsc#989261).\n - NFSv4: Ensure that we do not drop a state owner more than once\n (bsc#979595).\n - NFSv4: add flock_owner to open context (bnc#998689).\n - NFSv4: change nfs4_do_setattr to take an open_context instead of a\n nfs4_state (bnc#998689).\n - NFSv4: change nfs4_select_rw_stateid to take a lock_context inplace of\n lock_owner (bnc#998689).\n - NFSv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is\n one (bnc#998689).\n - NFSv4: fix broken patch relating to v4 read delegations (bsc#956514,\n bsc#989261, bsc#979595).\n - SELinux: Fix possible NULL pointer dereference in\n selinux_inode_permission() (bsc#1012895).\n - USB: fix typo in wMaxPacketSize validation (bsc#991665).\n - USB: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n - Update patches.xen/xen3-auto-arch-x86.diff (bsc#929141, among others).\n - __ptrace_may_access() should not deny sub-threads (bsc#1012851).\n - apparmor: fix IRQ stack overflow during free_profile (bsc#1009875).\n - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - include/linux/math64.h: add div64_ul() (bsc#996329).\n - kabi-fix for flock_owner addition (bsc#998689).\n - kabi: get back scsi_device.current_cmnd (bsc#935436).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - kexec: add a kexec_crash_loaded() function (bsc#973691).\n - md linear: fix a race between linear_add() and linear_congested()\n (bsc#1018446).\n - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).\n - mpt3sas: Fix panic when aer correct error occurred (bsc#997708,\n bsc#999943).\n - mremap: enforce rmap src/dst vma ordering in case of vma_merge()\n succeeding in copy_vma() (VM Functionality, bsc#1008645).\n - nfs4: reset states to use open_stateid when returning delegation\n voluntarily (bsc#1007944).\n - ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n - posix-timers: Remove remaining uses of tasklist_lock (bnc#997401).\n - posix-timers: Use sighand lock instead of tasklist_lock for task clock\n sample (bnc#997401).\n - posix-timers: Use sighand lock instead of tasklist_lock on timer\n deletion (bnc#997401).\n - powerpc: Add ability to build little endian kernels (bsc#967716).\n - powerpc: Avoid load of static chain register when calling nested\n functions through a pointer on 64bit (bsc#967716).\n - powerpc: Do not build assembly files with ABIv2 (bsc#967716).\n - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).\n - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).\n - powerpc: Fix error when cross building TAGS and cscope (bsc#967716).\n - powerpc: Make the vdso32 also build big-endian (bsc#967716).\n - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).\n - powerpc: Remove buggy 9-year-old test for binutils lower than 2.12.1\n (bsc#967716).\n - powerpc: Require gcc 4.0 on 64-bit (bsc#967716).\n - powerpc: dtc is required to build dtb files (bsc#967716).\n - printk/sched: Introduce special printk_sched() for those awkward\n (bsc#1013042, bsc#996541, bsc#1015878).\n - qlcnic: Schedule napi directly in netpoll (bsc#966826).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - rpm/config.sh: Set a fitting release string (bsc#997059)\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)\n - s390/dasd: fix failfast for disconnected devices (bnc#961923,\n LTC#135138).\n - sched/core: Fix a race between try_to_wake_up() and a woken up task\n (bnc#1002165).\n - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule()\n (bnc#1001419).\n - sched: Fix possible divide by zero in avg_atom() calculation\n (bsc#996329).\n - scsi: lpfc: Set elsiocb contexts to NULL after freeing it (bsc#996557).\n - scsi: remove current_cmnd field from struct scsi_device (bsc#935436).\n - x86/MCE/intel: Cleanup CMCI storm logic (bsc#929141).\n - xfs: remove the deprecated nodelaylog option (bsc#992906).\n\n", "modified": "2017-02-17T18:08:18", "published": "2017-02-17T18:08:18", "id": "SUSE-SU-2017:0494-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00029.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-02-15T21:00:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9806", "CVE-2016-7097", "CVE-2016-7910", "CVE-2017-2584", "CVE-2016-8633", "CVE-2016-9084", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-6480", "CVE-2016-7911", "CVE-2016-10088", "CVE-2016-5828", "CVE-2015-8962", "CVE-2015-8964", "CVE-2017-5551", "CVE-2016-5696", "CVE-2014-9904", "CVE-2017-2583", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-8963", "CVE-2016-9083", "CVE-2016-5829", "CVE-2015-8956", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-7913", "CVE-2016-8658", "CVE-2016-6327", "CVE-2016-4470", "CVE-2016-6130", "CVE-2016-7914", "CVE-2016-4998", "CVE-2016-7042", "CVE-2016-8645"], "edition": 1, "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to\n receive various security and bugfixes.\n\n The following feature was implemented:\n\n - The ext2 filesystem got reenabled and supported to allow support for\n "XIP" (Execute In Place) (FATE#320805).\n\n\n The following security bugs were fixed:\n\n - CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bsc#1021258).\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserved the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bnc#995968).\n - CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an incorrect segment\n selector(SS) value error. A user/process inside guest could have used\n this flaw to crash the guest resulting in DoS or potentially escalate\n their privileges inside guest. (bsc#1020602).\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local\n users to obtain sensitive information from kernel memory or cause a\n denial of service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt\n (bnc#1019851).\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb\n truncation, which allowed local users to cause a denial of service\n (system crash) via a crafted application that made sendto system calls,\n related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel\n networking subsystem could enable a local malicious application to\n execute arbitrary code within the context of the kernel. This issue is\n rated as Moderate because it first requires compromising a privileged\n process and current compiler optimizations restrict access to the\n vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18.\n Android ID: A-31349935 (bnc#1014746).\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bnc#1013540).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed (bnc#1010716).\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (use-after-free)\n via vectors involving omission of the firmware name from a certain data\n structure (bnc#1010478).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux\n kernel allowed local users to gain privileges or cause a denial of\n service (use-after-free) by leveraging incorrect handling of an swevent\n data structure during a CPU unplug operation (bnc#1010502).\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in\n lib/assoc_array.c in the Linux kernel did not check whether a slot is a\n leaf, which allowed local users to obtain sensitive information from\n kernel memory or cause a denial of service (invalid pointer dereference\n and out-of-bounds read) via an application that uses associative-array\n data structures, as demonstrated by the keyutils test suite\n (bnc#1010475).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote\n attackers to execute arbitrary code via crafted fragmented packets\n (bnc#1008833).\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed\n local users to bypass integer overflow checks, and cause a denial of\n service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS\n ioctl call, aka a "state machine confusion bug (bnc#1007197).\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel\n misused the kzalloc function, which allowed local users to cause a\n denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file (bnc#1007197).\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel uses an incorrect buffer size for certain timeout data,\n which allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bnc#1004517).\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n - CVE-2016-8658: Stack-based buffer overflow in the\n brcmf_cfg80211_start_ap function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (system crash)\n or possibly have unspecified other impact via a long SSID Information\n Element in a command to a Netlink socket (bnc#1004462).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges or\n cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation (bnc#994748).\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly\n determine the rate of challenge ACK segments, which made it easier for\n remote attackers to hijack TCP sessions via a blind in-window attack\n (bnc#989152).\n - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by changing a certain\n length value, aka a "double fetch" vulnerability (bnc#987542).\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bnc#991608).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bnc#986362 bnc#986365).\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n mishandled transactional state, which allowed local users to cause a\n denial of service (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact by starting and\n suspending a transaction before an exec system call (bnc#986569).\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allow local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n\n The following non-security bugs were fixed:\n\n - base: make module_create_drivers_dir race-free (bnc#983977).\n - btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable\n (bsc#981597).\n - btrfs: account for non-CoW'd blocks in btrfs_abort_transaction\n (bsc#983619).\n - btrfs: be more precise on errors when getting an inode from disk\n (bsc#981038).\n - btrfs: do not create or leak aliased root while cleaning up orphans\n (bsc#994881).\n - btrfs: ensure that file descriptor used with subvol ioctls is a dir\n (bsc#999600).\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n - btrfs: improve performance on fsync against new inode after\n rename/unlink (bsc#981038).\n - btrfs: increment ctx->pos for every emitted or skipped dirent in readdir\n (bsc#981709).\n - btrfs: remove old tree_root dirent processing in btrfs_real_readdir()\n (bsc#981709).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)\n - ext4: Add parameter for tuning handling of ext2 (bsc#976195).\n - ext4: Fixup handling for custom configs in tuning.\n - ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short\n jumps to it (bsc#984419).\n - ipv6: Fix improper use or RCU in\n patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch.\n (bsc#961257)\n - ipv6: KABI workaround for ipv6: add complete rcu protection around\n np->opt.\n - kabi: prevent spurious modversion changes after bsc#982544 fix\n (bsc#982544).\n - kabi: reintroduce sk_filter (kabi).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread\n (bsc#1010612, fate#313296).\n - kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410,\n fate#313296).\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED\n (VM Functionality, bnc#986445).\n - modsign: Print appropriate status message when accessing UEFI variable\n (bsc#958606).\n - mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (bsc#1011820).\n - mpt3sas: Fix panic when aer correct error occurred (bsc#997708,\n bsc#999943).\n - netfilter: allow logging fron non-init netns (bsc#970083).\n - netfilter: bridge: do not leak skb in error paths (bsc#982544).\n - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in\n br_validate_ipv6 (bsc#982544).\n - nfs: Do not write enable new pages while an invalidation is proceeding\n (bsc#999584).\n - nfs: Fix a regression in the read() syscall (bsc#999584).\n - pci/aer: Clear error status registers during enumeration and restore\n (bsc#985978).\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n - reiserfs: fix race in prealloc discard (bsc#987576).\n - scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n - scsi: Increase REPORT_LUNS timeout (bsc#982282).\n - series.conf: move stray netfilter patches to the right section\n - squashfs3: properly handle dir_emit() failures (bsc#998795).\n - supported.conf: Add ext2\n - timers: Use proper base migration in add_timer_on() (bnc#993392).\n - tty: audit: Fix audit source (bsc#1016482).\n - tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n - usb: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n - xen: Fix refcnt regression in xen netback introduced by changes made for\n bug#881008 (bnc#978094)\n - xfs: allow lazy sb counter sync during filesystem freeze sequence\n (bsc#980560).\n - xfs: fixed signedness of error code in xfs_inode_buf_verify\n (bsc#1003153).\n - xfs: fix premature enospc on inode allocation (bsc#984148).\n - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).\n - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).\n - xfs: refactor xlog_recover_process_data() (bsc#1019300).\n - xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n - xhci: silence warnings in switch (bnc#991665).\n\n", "modified": "2017-02-15T21:07:58", "published": "2017-02-15T21:07:58", "id": "SUSE-SU-2017:0471-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00025.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-01-30T20:59:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-5244", "CVE-2016-7097", "CVE-2016-7910", "CVE-2016-8633", "CVE-2016-8399", "CVE-2016-7117", "CVE-2016-9793", "CVE-2016-6480", "CVE-2016-4913", "CVE-2016-7911", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2016-7916", "CVE-2016-9555", "CVE-2017-5551", "CVE-2016-8632", "CVE-2016-2187", "CVE-2004-0230", "CVE-2016-1583", "CVE-2016-9685", "CVE-2016-4569", "CVE-2016-7425", "CVE-2016-6828", "CVE-2015-7513", "CVE-2015-1350", "CVE-2016-5829", "CVE-2016-4485", "CVE-2015-8956", "CVE-2012-6704", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-9576", "CVE-2016-9756", "CVE-2015-7833", "CVE-2013-4312", "CVE-2016-8646", "CVE-2016-2189", "CVE-2016-4578", "CVE-2016-4805", "CVE-2016-3841", "CVE-2016-4470", "CVE-2016-0823", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-4998", "CVE-2016-7042"], "edition": 1, "description": "The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive\n various security and bugfixes.\n\n This is the last planned LTSS kernel update for the SUSE Linux Enterprise\n Server 11 SP2 LTSS.\n\n The following security bugs were fixed:\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not\n properly restrict write operations in situations where the KERNEL_DS\n option is set, which allowed local users to read or write to arbitrary\n kernel memory locations or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device, related to block/bsg.c and\n drivers/scsi/sg.c. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n - CVE-2004-0230: TCP, when using a large Window Size, made it easier for\n remote attackers to guess sequence numbers and cause a denial of service\n (connection loss) to persistent TCP connections by repeatedly injecting\n a TCP RST packet, especially in protocols that use long-lived\n connections, such as BGP (bnc#969340).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n - CVE-2016-8399: An out of bounds read in the ping protocol handler could\n have lead to information disclosure (bsc#1014746).\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the\n Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf,\n which allowed local users to cause a denial of service (memory\n corruption and system crash) or possibly have unspecified other impact\n by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\n system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not\n properly initialize Code Segment (CS) in certain error cases, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted application (bnc#1013038).\n - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options\n data, which allowed local users to gain privileges or cause a denial of\n service (use-after-free and system crash) via a crafted sendmsg system\n call (bnc#992566).\n - CVE-2016-9685: Multiple memory leaks in error paths in\n fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause\n a denial of service (memory consumption) via crafted XFS filesystem\n operations (bnc#1012832).\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an\n incomplete set of requirements for setattr operations that\n underspecified removing extended privilege attributes, which allowed\n local users to cause a denial of service (capability stripping) via a\n failed invocation of a system call, as demonstrated by using chown to\n remove a capability from the ping or Wireshark dumpcap program\n (bnc#914939).\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function\n in drivers/scsi/sg.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in\n the Linux kernel lacked chunk-length checking for the first chunk, which\n allowed remote attackers to cause a denial of service (out-of-bounds\n slab access) or possibly have unspecified other impact via crafted SCTP\n data (bnc#1011685).\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel allowed local users to\n gain privileges by leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed (bnc#1010716).\n - CVE-2016-7911: Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (use-after-free) via a crafted\n ioprio_get system call (bnc#1010711).\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to\n obtain sensitive information from kernel memory by reading a tty data\n structure (bnc#1010507).\n - CVE-2016-7916: Race condition in the environ_read function in\n fs/proc/base.c in the Linux kernel allowed local users to obtain\n sensitive information from kernel memory by reading a /proc/*/environ\n file during a process-setup time interval in which environment-variable\n copying is incomplete (bnc#1010467).\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the\n Linux kernel allowed local users to cause a denial of service (OOPS) by\n attempting to trigger use of in-kernel hash algorithms for a socket that\n has received zero bytes of data (bnc#1010150).\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7,\n in certain unusual hardware configurations, allowed remote attackers to\n execute arbitrary code via crafted fragmented packets (bnc#1008833).\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in\n the Linux kernel used an incorrect buffer size for certain timeout data,\n which allowed local users to cause a denial of service (stack memory\n corruption and panic) by reading the /proc/keys file (bnc#1004517).\n - CVE-2016-7097: The filesystem implementation in the Linux kernel\n preserves the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions (bnc#995968).\n - CVE-2017-5551: The filesystem implementation in the Linux kernel\n preserves the setgid bit during a setxattr call, which allowed local\n users to gain group privileges by leveraging the existence of a setgid\n program with restrictions on execute permissions. This CVE tracks the\n fix for the tmpfs filesystem. (bsc#1021258).\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to\n obtain sensitive information or cause a denial of service (NULL pointer\n dereference) via vectors involving a bind system call on a Bluetooth\n RFCOMM socket (bnc#1003925).\n - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg\n function in net/socket.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the\n Linux kernel allowed local users to obtain sensitive physical-address\n information by reading a pagemap file, aka Android internal bug 25739721\n (bnc#994759).\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a\n certain length field, which allowed local users to gain privileges or\n cause a denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in\n the Linux kernel did not properly maintain certain SACK state after a\n failed data copy, which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system crash) via a\n crafted SACK option (bnc#994296).\n - CVE-2016-6480: Race condition in the ioctl_send_fib function in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users\n to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a "double fetch" vulnerability\n (bnc#991608).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bsc#986365).\n - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the\n PIT counter values during state restoration, which allowed guest OS\n users to cause a denial of service (divide-by-zero error and host OS\n crash) via a zero value, related to the kvm_vm_ioctl_set_pit and\n kvm_vm_ioctl_set_pit2 functions (bnc#960689).\n - CVE-2013-4312: The Linux kernel allowed local users to bypass\n file-descriptor limits and cause a denial of service (memory\n consumption) by sending each descriptor over a UNIX socket before\n closing it, related to net/unix/af_unix.c and net/unix/garbage.c\n (bnc#839104).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE\n setsockopt implementations in the netfilter subsystem in the Linux\n kernel allow local users to gain privileges or cause a denial of service\n (memory corruption) by leveraging in-container root access to provide a\n crafted offset value that triggers an unintended decrement (bnc#986362).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allow local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the\n Linux kernel did not initialize a certain structure member, which\n allowed remote attackers to obtain sensitive information from kernel\n stack memory by reading an RDS message (bnc#983213).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bnc#983143).\n - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c\n in the Linux kernel mishandled NM (aka alternate name) entries\n containing \\0 characters, which allowed local users to obtain sensitive\n information from kernel memory or possibly have unspecified other impact\n via a crafted isofs filesystem (bnc#980725).\n - CVE-2016-4580: The x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel did not properly initialize\n a certain data structure, which allowed attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call Request\n (bnc#981267).\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (panic) via\n a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971944).\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548).\n - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the\n Linux kernel did not initialize a certain data structure, which allowed\n attackers to obtain sensitive information from kernel stack memory by\n reading a message (bnc#978821).\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize\n certain r1 data structures, which allowed local users to obtain\n sensitive information from kernel stack memory via crafted use of the\n ALSA timer interface, related to the (1) snd_timer_user_ccallback and\n (2) snd_timer_user_tinterrupt functions (bnc#979879).\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface (bnc#979213).\n\n\n The following non-security bugs were fixed:\n\n - arch/powerpc: Remove duplicate/redundant Altivec entries (bsc#967716).\n - cdc-acm: added sanity checking for probe() (bsc#993891).\n - cgroups: do not attach task to subsystem if migration failed\n (bnc#979274).\n - cgroups: more safe tasklist locking in cgroup_attach_proc (bnc#979274).\n - dasd: fix hanging system after LCU changes (bnc#968500, LTC#136671).\n - dasd: Fix unresumed device after suspend/resume (bnc#927287, LTC#123892).\n - ipv4/fib: do not warn when primary address is missing if in_dev is dead\n (bsc#971360).\n - kabi, unix: properly account for FDs passed over unix sockets\n (bnc#839104).\n - kaweth: fix firmware download (bsc#993890).\n - kaweth: fix oops upon failed memory allocation (bsc#993890).\n - kvm: x86: SYSENTER emulation is broken (bsc#994618).\n - mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED\n (VM Functionality, bnc#986445).\n - mremap: enforce rmap src/dst vma ordering in case of vma_merge()\n succeeding in copy_vma() (VM Functionality, bsc#1008645).\n - nfs4: reset states to use open_stateid when returning delegation\n voluntarily (bsc#1007944).\n - nfs: Do not disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261,\n bsc#1011482).\n - nfs: do not do blind d_drop() in nfs_prime_dcache() (bnc#908069\n bnc#896484 bsc#963053).\n - nfs_prime_dcache needs fh to be set (bnc#908069 bnc#896484 bsc#963053).\n - nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).\n - nfsv4: Ensure that we do not drop a state owner more than once\n (bsc#979595).\n - nfsv4: fix broken patch relating to v4 read delegations (bsc#956514,\n bsc#989261, bsc#979595, bsc#1011482).\n - nfsv4: nfs4_proc_renew should be declared static (bnc#863873).\n - nfsv4: OPEN must handle the NFS4ERR_IO return code correctly\n (bsc#979595).\n - nfsv4: Recovery of recalled read delegations is broken (bsc#956514\n bsc#1011482).\n - nfsv4: The NFSv4.0 client must send RENEW calls if it holds a delegation\n (bnc#863873).\n - powerpc: Add ability to build little endian kernels (bsc#967716).\n - powerpc: Avoid load of static chain register when calling nested\n functions through a pointer on 64bit (bsc#967716).\n - powerpc: Do not build assembly files with ABIv2 (bsc#967716).\n - powerpc: Do not use ELFv2 ABI to build the kernel (bsc#967716).\n - powerpc: dtc is required to build dtb files (bsc#967716).\n - powerpc: Fix 64 bit builds with binutils 2.24 (bsc#967716).\n - powerpc: Fix error when cross building TAGS & cscope (bsc#967716).\n - powerpc: Make the vdso32 also build big-endian (bsc#967716).\n - powerpc: Remove altivec fix for gcc versions before 4.0 (bsc#967716).\n - powerpc: Remove buggy 9-year-old test for binutils < 2.12.1 (bsc#967716).\n - powerpc: Require gcc 4.0 on 64-bit (bsc#967716).\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n - qeth: delete napi struct when removing a qeth device (bnc#979915,\n LTC#143590).\n - qeth: Fix crash on initial MTU size change (bnc#835175, LTC#96809).\n - qeth: postpone freeing of qdio memory (bnc#874145, LTC#107873).\n - rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n - Revert "s390/mm: fix asce_bits handling with dynamic pagetable levels"\n This reverts commit 6e00b1d803fa2ab4b130e04b7fbcc99f0b5ecba8.\n - rpm/config.sh: Set the release string to 0.7.<RELEASE> (bsc#997059)\n - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)\n - s390/dasd: fix failfast for disconnected devices (bnc#958000,\n LTC#135138).\n - s390/dasd: fix hanging device after clear subchannel (bnc#994436,\n LTC#144640).\n - s390/dasd: fix kernel panic when alias is set offline (bnc#940966,\n LTC#128595).\n - s390/dasd: fix list_del corruption after lcu changes (bnc#954984,\n LTC#133077).\n - s390/mm: fix asce_bits handling with dynamic pagetable levels\n (bnc#979915, LTC#141456). Conflicts: series.conf\n - s390/pageattr: do a single TLB flush for change_page_attr\n (bsc#1009443,LTC#148182).\n - Set CONFIG_DEBUG_INFO=y and CONFIG_DEBUG_INFO_REDUCED=n on all platforms\n The specfile adjusts the config if necessary, but a new version of\n run_oldconfig.sh requires the settings to be present in the repository.\n - usb: fix typo in wMaxPacketSize validation (bsc#991665).\n - usb: validate wMaxPacketValue entries in endpoint descriptors\n (bnc#991665).\n\n", "modified": "2017-01-30T20:09:00", "published": "2017-01-30T20:09:00", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00067.html", "id": "SUSE-SU-2017:0333-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-02T11:39:46", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9794", "CVE-2016-9756"], "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux \nkernel did not properly initialize the Code Segment (CS) in certain \nerror cases. A local attacker could use this to expose sensitive \ninformation (kernel memory).\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2016-9794)", "edition": 5, "modified": "2017-01-11T00:00:00", "published": "2017-01-11T00:00:00", "id": "USN-3167-1", "href": "https://ubuntu.com/security/notices/USN-3167-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:44:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9794", "CVE-2016-9756"], "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2016-9756)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2016-9794)", "edition": 5, "modified": "2017-01-11T00:00:00", "published": "2017-01-11T00:00:00", "id": "USN-3167-2", "href": "https://ubuntu.com/security/notices/USN-3167-2", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-08T23:42:23", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9793", "CVE-2016-9756"], "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). (CVE-2016-9793)", "edition": 5, "modified": "2017-01-11T00:00:00", "published": "2017-01-11T00:00:00", "id": "USN-3170-1", "href": "https://ubuntu.com/security/notices/USN-3170-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:36:06", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2016-9794)", "edition": 5, "modified": "2017-01-11T00:00:00", "published": "2017-01-11T00:00:00", "id": "USN-3169-1", "href": "https://ubuntu.com/security/notices/USN-3169-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:39:19", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "description": "USN-3169-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2016-9794)", "edition": 5, "modified": "2017-01-11T00:00:00", "published": "2017-01-11T00:00:00", "id": "USN-3169-2", "href": "https://ubuntu.com/security/notices/USN-3169-2", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:26:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9777", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-10147", "CVE-2016-10150"], "description": "Mikulas Patocka discovered that the asynchronous multibuffer cryptographic \ndaemon (mcryptd) in the Linux kernel did not properly handle being invoked \nwith incompatible algorithms. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2016-10147)\n\nIt was discovered that a use-after-free existed in the KVM susbsystem of \nthe Linux kernel when creating devices. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2016-10150)\n\nQidan He discovered that the ICMP implementation in the Linux kernel did \nnot properly check the size of an ICMP header. A local attacker with \nCAP_NET_ADMIN could use this to expose sensitive information. \n(CVE-2016-8399)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() \nfunction in the Linux kernel. A local attacker could use to cause a denial \nof service (system crash) or possibly execute arbitrary code with \nadministrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly restrict the VCPU index when I/O APIC is enabled, An \nattacker in a guest VM could use this to cause a denial of service (system \ncrash) or possibly gain privileges in the host OS. (CVE-2016-9777)", "edition": 5, "modified": "2017-02-03T00:00:00", "published": "2017-02-03T00:00:00", "id": "USN-3190-1", "href": "https://ubuntu.com/security/notices/USN-3190-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:41:11", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9777", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-10147", "CVE-2016-10150"], "description": "Mikulas Patocka discovered that the asynchronous multibuffer cryptographic \ndaemon (mcryptd) in the Linux kernel did not properly handle being invoked \nwith incompatible algorithms. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2016-10147)\n\nIt was discovered that a use-after-free existed in the KVM susbsystem of \nthe Linux kernel when creating devices. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2016-10150)\n\nQidan He discovered that the ICMP implementation in the Linux kernel did \nnot properly check the size of an ICMP header. A local attacker with \nCAP_NET_ADMIN could use this to expose sensitive information. \n(CVE-2016-8399)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() \nfunction in the Linux kernel. A local attacker could use to cause a denial \nof service (system crash) or possible execute arbitrary code with \nadministrative privileges. (CVE-2016-8632)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly restrict the VCPU index when I/O APIC is enabled, An \nattacker in a guest VM could use this to cause a denial of service (system \ncrash) or possibly gain privileges in the host OS. (CVE-2016-9777)", "edition": 5, "modified": "2017-02-10T00:00:00", "published": "2017-02-10T00:00:00", "id": "USN-3190-2", "href": "https://ubuntu.com/security/notices/USN-3190-2", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:34:03", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2016-9806)", "edition": 5, "modified": "2017-01-11T00:00:00", "published": "2017-01-11T00:00:00", "id": "USN-3168-1", "href": "https://ubuntu.com/security/notices/USN-3168-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:44:18", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "description": "USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(system crash). (CVE-2016-9806)", "edition": 5, "modified": "2017-01-11T00:00:00", "published": "2017-01-11T00:00:00", "id": "USN-3168-2", "href": "https://ubuntu.com/security/notices/USN-3168-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:30:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5576", "CVE-2017-7895", "CVE-2017-1000380", "CVE-2017-7346", "CVE-2017-5551", "CVE-2014-9900", "CVE-2017-8924", "CVE-2017-9150", "CVE-2017-8925", "CVE-2017-9605", "CVE-2016-9755"], "description": "It was discovered that the Linux kernel did not properly initialize a Wake- \non-Lan data structure. A local attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2014-9900)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet \ndiscovered that the netfiler subsystem in the Linux kernel mishandled IPv6 \npacket reassembly. A local user could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2016-9755)\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound \nArchitecture (ALSA) subsystem in the Linux kernel. A local attacker could \nuse this to expose sensitive information (kernel memory). \n(CVE-2017-1000380)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during \na setxattr call on a tmpfs filesystem. A local attacker could use this to \ngain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the \nVideoCore DRM driver of the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-5576)\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the \nLinux kernel did not properly validate some ioctl arguments. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-7346)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB \nSerial Converter device driver of the Linux kernel. An attacker with \nphysical access could use this to expose sensitive information (kernel \nmemory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux \nkernel did not properly perform reference counting. A local attacker could \nuse this to cause a denial of service (tty exhaustion). (CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output \nof the print_bpf_insn function. A local attacker could use this to obtain \nsensitive address information. (CVE-2017-9150)\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in \nthe Linux kernel did not properly initialize memory. A local attacker could \nuse this to expose sensitive information (kernel memory). (CVE-2017-9605)", "edition": 69, "modified": "2017-07-20T00:00:00", "published": "2017-07-20T00:00:00", "id": "USN-3359-1", "href": "https://ubuntu.com/security/notices/USN-3359-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "software", "cvelist": ["CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "description": "# \n\n# **Severity**\n\nMedium\n\n# **Vendor**\n\nUbuntu\n\n# **Versions Affected**\n\n * Ubuntu 14.04 LTS\n\n# **Description**\n\n \nDmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). ([CVE-2016-9756](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9756.html>)) \n \nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE andSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). ([CVE-2016-9793](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9793.html>)) \n \nBaozeng Ding discovered a race condition that could lead to a use-after-free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service(system crash). ([CVE-2016-9794](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9794.html>))\n\n# **Affected Products and Versions**\n\n_Severity is medium unless otherwise noted._\n\nCloud Foundry BOSH stemcells are vulnerable, including:\n\n * * 3151.x versions prior to 3151.7\n * 3233.x versions prior to 3233.10\n * 3263.x versions prior to 3263.15\n * 3312.x versions prior to 3312.17\n\n# **Mitigation**\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry team recommends upgrading to the following BOSH stemcells:\n * Upgrade all lower versions of 3151.x to version 3151.7\n * Upgrade all lower versions of 3233.x to version 3233.10\n * Upgrade all lower versions of 3263.x to version 3263.15\n * Upgrade all lower versions of 3312.x to version 3312.17\n\n# **Credit**\n\nDmitry Vyukov, Andrey Konovalov, Baozeng Ding\n\n# **References**\n\n * [https://www.ubuntu.com/usn/usn-3169-2/](<https://www.ubuntu.com/usn/usn-3169-2/>)\n * [http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9756.html](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9756.html>)\n * [http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9793.html](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9793.html>)\n * [http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9794.html](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9794.html>)\n\n# **History**\n\n2017-01-11: Initial vulnerability report published\n", "edition": 5, "modified": "2017-01-31T00:00:00", "published": "2017-01-31T00:00:00", "id": "CFOUNDRY:10916BBD941416F67134F1200DE97709", "href": "https://www.cloudfoundry.org/blog/usn-3169-2/", "title": "USN-3169-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:05:49", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7097", "CVE-2016-9794", "CVE-2016-7910", "CVE-2016-8633", "CVE-2016-8655", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-7911", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2016-9555", "CVE-2016-9178", "CVE-2016-7915", "CVE-2015-8963", "CVE-2015-1350", "CVE-2012-6704", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-8645"], "description": "Package : linux\nVersion : 3.2.84-1\nCVE ID : CVE-2012-6704 CVE-2015-1350 CVE-2015-8962 CVE-2015-8963 \n CVE-2015-8964 CVE-2016-7097 CVE-2016-7910 CVE-2016-7911\n\t\t CVE-2016-7915 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645\n\t\t CVE-2016-8655 CVE-2016-9178 CVE-2016-9555 CVE-2016-9576\n\t\t CVE-2016-9756 CVE-2016-9793 CVE-2016-9794 CVE-2016-10088\nDebian Bug : 770492\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2012-6704, CVE-2016-9793\n\n Eric Dumazet found that a local user with CAP_NET_ADMIN capability\n could set a socket's buffer size to be negative, leading to a\n denial of service or other security impact. Additionally, in\n kernel versions prior to 3.5, any user could do this if sysctl\n net.core.rmem_max was changed to a very large value.\n\nCVE-2015-1350 / #770492\n\n Ben Harris reported that local users could remove set-capability\n attributes from any file visible to them, allowing a denial of\n service.\n\nCVE-2015-8962\n\n Calvin Owens fouund that removing a SCSI device while it was being\n accessed through the SCSI generic (sg) driver led to a double-\n free, possibly causing a denial of service (crash or memory\n corruption) or privilege escalation. This could be exploited by\n local users with permision to access a SCSI device node.\n\nCVE-2015-8963\n\n Sasha Levin reported that hot-unplugging a CPU resulted in a\n use-after-free by the performance events (perf) subsystem,\n possibly causing a denial of service (crash or memory corruption)\n or privilege escalation. This could by exploited by any local\n user.\n\nCVE-2015-8964\n\n It was found that the terminal/serial (tty) subsystem did not\n reliably reset the terminal buffer state when the terminal line\n discipline was changed. This could allow a local user with access\n to a terminal device to read sensitive information from kernel\n memory.\n\nCVE-2016-7097\n\n Jan Kara found that changing the POSIX ACL of a file never cleared\n its set-group-ID flag, which should be done if the user changing\n it is not a member of the group-owner. In some cases, this would\n allow the user-owner of an executable to gain the privileges of\n the group-owner.\n\nCVE-2016-7910\n\n Vegard Nossum discovered that a memory allocation failure while\n handling a read of /proc/diskstats or /proc/partitions could lead\n to a use-after-free, possibly causing a denial of service (crash\n or memory corruption) or privilege escalation.\n\nCVE-2016-7911\n\n Dmitry Vyukov reported that a race between ioprio_get() and\n ioprio_set() system calls could result in a use-after-free,\n possibly causing a denial of service (crash) or leaking sensitive\n information.\n\nCVE-2016-7915\n\n Benjamin Tissoires found that HID devices could trigger an out-of-\n bounds memory access in the HID core. A physically present user\n could possibly use this for denial of service (crash) or to leak\n sensitive information.\n\nCVE-2016-8399\n\n Qidan He reported that the IPv4 ping socket implementation did\n not validate the length of packets to be sent. A user with\n permisson to use ping sockets could cause an out-of-bounds read,\n possibly resulting in a denial of service or information leak.\n However, on Debian systems no users have permission to create ping\n sockets by default.\n\nCVE-2016-8633\n\n Eyal Itkin reported that the IP-over-Firewire driver\n (firewire-net) did not validate the offset or length in link-layer\n fragmentation headers. This allowed a remote system connected by\n Firewire to write to memory after a packet buffer, leading to a\n denial of service (crash) or remote code execution.\n\nCVE-2016-8645\n\n Marco Grassi reported that if a socket filter (BPF program)\n attached to a TCP socket truncates or removes the TCP header, this\n could cause a denial of service (crash). This was exploitable by\n any local user.\n\nCVE-2016-8655\n\n Philip Pettersson found that the implementation of packet sockets\n (AF_PACKET family) had a race condition between enabling a\n transmit ring buffer and changing the version of buffers used,\n which could result in a use-after-free. A local user with the\n CAP_NET_ADMIN capability could exploit this for privilege\n escalation.\n\nCVE-2016-9178\n\n Al Viro found that a failure to read data from user memory might\n lead to a information leak on the x86 architecture (amd64 or i386).\n\nCVE-2016-9555\n\n Andrey Konovalov reported that the SCTP implementation does not\n validate 'out of the blue' packet chunk lengths early enough. A\n remote system able could use this to cause a denial of service\n (crash) or other security impact for systems using SCTP.\n\nCVE-2016-9576, CVE-2016-10088\n\n Dmitry Vyukov reported that using splice() with the SCSI generic\n driver led to kernel memory corruption. Local users with\n permision to access a SCSI device node could exploit this for\n privilege escalation.\n\nCVE-2016-9756\n\n Dmitry Vyukov reported that KVM for the x86 architecture (amd64 or\n i386) did not correctly handle the failure of certain instructions\n that require software emulation on older processors. This could\n be exploited by guest systems to leak sensitive information or for\n denial of service (log spam).\n\nCVE-2016-9794\n\n Baozeng Ding reported a race condition in the ALSA (sound)\n subsystem that could result in a use-after-free. Local users with\n access to a PCM sound device could exploit this for denial of\n service (crash or memory corruption) or other security impact.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.84-1. This version also includes bug fixes from upstream version\n3.2.84 and updates the PREEMPT_RT featureset to version 3.2.84-rt122.\nFinally, this version adds the option to mitigate security issues in\nthe performance events (perf) subsystem by disabling use by\nunprivileged users. This can be done by setting sysctl\nkernel.perf_event_paranoid=3.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.39-1 which will be included in the next point release (8.6).\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 7, "modified": "2017-01-01T18:25:09", "published": "2017-01-01T18:25:09", "id": "DEBIAN:DLA-772-1:EB721", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201701/msg00001.html", "title": "[SECURITY] [DLA 772-1] linux security update", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2016-7097", "CVE-2016-8633", "CVE-2016-8399", "CVE-2016-10088", "CVE-2017-6001", "CVE-2017-5970", "CVE-2015-8952", "CVE-2017-2636", "CVE-2016-8632", "CVE-2016-9178", "CVE-2016-7425", "CVE-2016-3951", "CVE-2016-10147", "CVE-2016-9756", "CVE-2017-6345", "CVE-2017-2596", "CVE-2016-9588", "CVE-2016-3140", "CVE-2017-7187", "CVE-2016-9644", "CVE-2016-3672", "CVE-2016-8645", "CVE-2017-5897"], "description": "kernel-uek\n[4.1.12-61.1.33]\n- Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}\n[4.1.12-61.1.32]\n- x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644}\n[4.1.12-61.1.31]\n- rebuild bumping release\n[4.1.12-61.1.30]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187}\n[4.1.12-61.1.29]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636}\n- If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783] \n- PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783] \n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633}\n- usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951}\n- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjorn Mork) [Orabug: 25463898] {CVE-2016-3951}\n- cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672}\n- kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596}\n- crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147}\n- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588}\n- KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krcmar) [Orabug: 25507213] {CVE-2016-9756}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645}\n- tipc: check minimum bearer MTU (Michal Kubecek) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632}\n- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178}\n- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425}\n- tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}\n- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}\n- ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345}\n- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847] \n- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970}\n- perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001}\n- ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897}\n- mpt3sas: Dont spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035] \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)", "edition": 4, "modified": "2017-03-31T00:00:00", "published": "2017-03-31T00:00:00", "id": "ELSA-2017-3533", "href": "http://linux.oracle.com/errata/ELSA-2017-3533.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}