DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562311220191496", "vendorId": null, "type": "openvas", "bulletinFamily": "scanner", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1496)", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "published": "2020-01-23T00:00:00", "modified": "2020-01-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191496", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1496", "2019-1496"], "cvelist": ["CVE-2016-9604", "CVE-2016-8650", "CVE-2016-7910", "CVE-2016-8633", "CVE-2016-8655", "CVE-2016-9084", "CVE-2016-8399", "CVE-2016-7117", "CVE-2016-8666", "CVE-2016-7911", "CVE-2016-7916", "CVE-2016-9555", "CVE-2016-8630", "CVE-2016-9685", "CVE-2016-7915", "CVE-2016-7425", "CVE-2016-9083", "CVE-2016-9576", "CVE-2016-8646", "CVE-2016-7913", "CVE-2016-9588", "CVE-2016-7914", "CVE-2016-8645"], "immutableFields": [], "lastseen": "2020-01-27T18:34:10", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-694", "ALAS-2016-762", "ALAS-2016-772", "ALAS-2017-782", "ALAS-2017-786"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-7117", "ANDROID:CVE-2016-7910", "ANDROID:CVE-2016-7911", "ANDROID:CVE-2016-7913"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-10-01", "ANDROID:2016-11-01", "ANDROID:2016-12-01", "ANDROID:2017-03-01"]}, {"type": "archlinux", "idList": ["ASA-201612-5", "ASA-201612-6", "ASA-201612-7", "ASA-201612-8", "ASA-201702-17", "ASA-201702-18"]}, {"type": "arista", "idList": ["ARISTA:0028"]}, {"type": "avleonov", "idList": ["AVLEONOV:B1FBE34AF90D9EFE8FB00EA97D833417"]}, {"type": "broadcom", "idList": ["BSA-2017-304"]}, {"type": "centos", "idList": ["CESA-2016:2047", "CESA-2016:2574", "CESA-2016:2962", "CESA-2017:0036", "CESA-2017:0086", "CESA-2017:0307", "CESA-2017:0386", "CESA-2017:0817", "CESA-2017:0892", "CESA-2017:0933", "CESA-2017:1308", "CESA-2017:1842", "CESA-2017:2930", "CESA-2018:1062", "CESA-2018:1854"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:17EB437F0AC67627647723802F6641F5", "CFOUNDRY:357A3D675E310E16A6C343FB03145CD4", "CFOUNDRY:43A3634884E6DDA3AD9EFD6221BBEE90", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:E4E1DF639E31042E2C6F495D3AD4AB50"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2016-10088", "CVE-2016-7039", "CVE-2016-7117", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-7916", "CVE-2016-8399", "CVE-2016-8630", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-8655", "CVE-2016-8666", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111"]}, {"type": "debian", "idList": ["DEBIAN:DLA-670-1:F2D9C", "DEBIAN:DLA-772-1:EB721", "DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-922-1:854C7", "DEBIAN:DSA-3696-1:25A5B", "DEBIAN:DSA-3696-1:EEC99", "DEBIAN:DSA-3804-1:0976E", "DEBIAN:DSA-3804-1:E7F94"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10088", "DEBIANCVE:CVE-2016-7039", "DEBIANCVE:CVE-2016-7117", "DEBIANCVE:CVE-2016-7425", "DEBIANCVE:CVE-2016-7910", "DEBIANCVE:CVE-2016-7911", "DEBIANCVE:CVE-2016-7913", "DEBIANCVE:CVE-2016-7914", "DEBIANCVE:CVE-2016-7915", "DEBIANCVE:CVE-2016-7916", "DEBIANCVE:CVE-2016-8399", "DEBIANCVE:CVE-2016-8630", "DEBIANCVE:CVE-2016-8633", "DEBIANCVE:CVE-2016-8645", "DEBIANCVE:CVE-2016-8646", "DEBIANCVE:CVE-2016-8650", "DEBIANCVE:CVE-2016-8655", "DEBIANCVE:CVE-2016-8666", "DEBIANCVE:CVE-2016-9083", "DEBIANCVE:CVE-2016-9084", "DEBIANCVE:CVE-2016-9555", "DEBIANCVE:CVE-2016-9576", "DEBIANCVE:CVE-2016-9588", "DEBIANCVE:CVE-2016-9604", "DEBIANCVE:CVE-2016-9685", "DEBIANCVE:CVE-2017-1000111"]}, {"type": "exploitdb", "idList": ["EDB-ID:44696", "EDB-ID:47170"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D5BBB161063632A8D15C357D43E97C75"]}, {"type": "f5", "idList": ["F5:K05513373", "F5:K23030550", "F5:K38472857", "F5:K44309215", "F5:K46394694", "F5:K51201255", "F5:K54095660", "F5:K54610514", "SOL51201255"]}, {"type": "fedora", "idList": ["FEDORA:0DC87601457E", "FEDORA:15EF260C76C3", "FEDORA:3D4286087E43", "FEDORA:45042604D166", "FEDORA:4A07160A7574", "FEDORA:5ADC96067305", "FEDORA:685B66087C53", "FEDORA:711F0612DED6", "FEDORA:85F7B60BBD0B", "FEDORA:8EB6260D0217", "FEDORA:92CE26061A9A", "FEDORA:9D83A60EFF4F", "FEDORA:B83986079D12", "FEDORA:BE101604CBF2", "FEDORA:C26AE605FC27", "FEDORA:D89B960F8CA9", "FEDORA:E2FD36125E3E", "FEDORA:E878E60F237D", "FEDORA:F17F2606731A"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:9B79D262B5DA61A7E11F5134B546BA63"]}, {"type": "ibm", "idList": ["091C926DD3372A48BCEFCA3A598C2A54BAEA4FF0AC1ADA170D539846CF9E0B12", "0C9BE2F3A245999460BB6BC497E21EC27992E79FB4C1D769E6D1CF729AB33300", "0E0A5A7B6700741752FA21EFE9AB43CC6637781C0541DB39566FEB4927470584", "1D8744BF536D5B133A0AEB6D2969DFF11DFBADCEF06C768998622BB424AF6C06", "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "289F46B747F4C8F26E8F8D17623E34EDE1DB7595184FCDCC87FEDCC356AC9965", "61EAA34D5E4645B71F124164E8135272DB3119CF3ABDC2864377B692FCF87527", "62DB70FCF6301104005FF9FB20C71886DC177ADAE354920858B0940C223989CD", "72A14F3E1A05E87987247C3A94DA37A971910E734C842EA2FD4E32CE8B24FCF5", "75F4CE8201FAA026B444CA3308E12CA9B1FBD302D6BDA963D3635F7318CA3ADB", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "AF6E3EC9D5A5C3CF688EF87142347E0688A4AE1CB6831F92326966B86BF2D9C1", "B13E9CABE04A3A8E052E5DD7075F194AB2BDBB1AA759BCA55EBEBB657F688C5F", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484", "F3D623A09E7D0F54DD4072DEEB91BB4360FCB6F12BC404A385E6347E729DB982"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2016-0372", "MGASA-2016-0401", "MGASA-2016-0411", "MGASA-2016-0412", "MGASA-2016-0415", "MGASA-2016-0429", "MGASA-2017-0003", "MGASA-2017-0004", "MGASA-2017-0063", "MGASA-2017-0064", "MGASA-2017-0065", "MGASA-2017-0136", "MGASA-2017-0147", "MGASA-2017-0148"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-AF_PACKET_CHOCOBO_ROOT_PRIV_ESC-"]}, {"type": "myhack58", "idList": ["MYHACK58:62201682103", "MYHACK58:62201783692"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-694.NASL", "ALA_ALAS-2016-762.NASL", "ALA_ALAS-2016-772.NASL", "ALA_ALAS-2017-782.NASL", "ALA_ALAS-2017-786.NASL", "CENTOS_RHSA-2016-2047.NASL", "CENTOS_RHSA-2016-2574.NASL", "CENTOS_RHSA-2016-2962.NASL", "CENTOS_RHSA-2017-0036.NASL", "CENTOS_RHSA-2017-0086.NASL", "CENTOS_RHSA-2017-0307.NASL", "CENTOS_RHSA-2017-0386.NASL", "CENTOS_RHSA-2017-0817.NASL", "CENTOS_RHSA-2017-0892.NASL", "CENTOS_RHSA-2017-0933.NASL", "CENTOS_RHSA-2017-1308.NASL", "CENTOS_RHSA-2017-1842.NASL", "CENTOS_RHSA-2017-2930.NASL", "CENTOS_RHSA-2018-1062.NASL", "CENTOS_RHSA-2018-1854.NASL", "DEBIAN_DLA-670.NASL", "DEBIAN_DLA-772.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DLA-922.NASL", "DEBIAN_DSA-3696.NASL", "DEBIAN_DSA-3804.NASL", "EULEROS_SA-2016-1051.NASL", "EULEROS_SA-2016-1089.NASL", "EULEROS_SA-2017-1001.NASL", "EULEROS_SA-2017-1071.NASL", "EULEROS_SA-2017-1072.NASL", "EULEROS_SA-2017-1159.NASL", "EULEROS_SA-2017-1271.NASL", "EULEROS_SA-2018-1031.NASL", "EULEROS_SA-2019-1450.NASL", "EULEROS_SA-2019-1472.NASL", "EULEROS_SA-2019-1474.NASL", "EULEROS_SA-2019-1482.NASL", "EULEROS_SA-2019-1484.NASL", "EULEROS_SA-2019-1490.NASL", "EULEROS_SA-2019-1496.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1517.NASL", "EULEROS_SA-2019-1518.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1520.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-1525.NASL", "EULEROS_SA-2019-1528.NASL", "EULEROS_SA-2019-1530.NASL", "EULEROS_SA-2019-1538.NASL", "EULEROS_SA-2019-1539.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2599.NASL", "F5_BIGIP_SOL05513373.NASL", "F5_BIGIP_SOL23030550.NASL", "F5_BIGIP_SOL54610514.NASL", "FEDORA_2016-02DB2F32FD.NASL", "FEDORA_2016-107F03CC00.NASL", "FEDORA_2016-14C4187E3A.NASL", "FEDORA_2016-29CDE72F15.NASL", "FEDORA_2016-2B1F91E9BD.NASL", "FEDORA_2016-3548475BCA.NASL", "FEDORA_2016-5AFF4A6BBC.NASL", "FEDORA_2016-5CB5B4082D.NASL", "FEDORA_2016-6AFDD2B61D.NASL", "FEDORA_2016-876DEAE183.NASL", "FEDORA_2016-96D276367E.NASL", "FEDORA_2016-A820774FC2.NASL", "FEDORA_2016-B18410C59C.NASL", "FEDORA_2016-DD895763AC.NASL", "FEDORA_2016-E5B72816D0.NASL", "FEDORA_2016-EE3A114958.NASL", "FEDORA_2016-F3D1F79398.NASL", "FEDORA_2017-0AA0F69E0C.NASL", "FEDORA_2017-17D1C05236.NASL", "NEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0044_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0049_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0113_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "OPENSUSE-2016-1211.NASL", "OPENSUSE-2016-1212.NASL", "OPENSUSE-2016-1227.NASL", "OPENSUSE-2016-1410.NASL", "OPENSUSE-2016-1426.NASL", "OPENSUSE-2016-1428.NASL", "OPENSUSE-2016-1431.NASL", "OPENSUSE-2016-1436.NASL", "OPENSUSE-2016-1438.NASL", "OPENSUSE-2016-1439.NASL", "OPENSUSE-2016-1454.NASL", "OPENSUSE-2017-245.NASL", "OPENSUSE-2017-246.NASL", "ORACLELINUX_ELSA-2016-2047.NASL", "ORACLELINUX_ELSA-2016-2574.NASL", "ORACLELINUX_ELSA-2016-2962.NASL", "ORACLELINUX_ELSA-2016-3626.NASL", "ORACLELINUX_ELSA-2016-3648.NASL", "ORACLELINUX_ELSA-2016-3651.NASL", "ORACLELINUX_ELSA-2016-3652.NASL", "ORACLELINUX_ELSA-2016-3655.NASL", "ORACLELINUX_ELSA-2016-3656.NASL", "ORACLELINUX_ELSA-2016-3657.NASL", "ORACLELINUX_ELSA-2017-0036.NASL", "ORACLELINUX_ELSA-2017-0086.NASL", "ORACLELINUX_ELSA-2017-0307.NASL", "ORACLELINUX_ELSA-2017-0386.NASL", "ORACLELINUX_ELSA-2017-0817.NASL", "ORACLELINUX_ELSA-2017-0892.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-1308-1.NASL", "ORACLELINUX_ELSA-2017-1308.NASL", "ORACLELINUX_ELSA-2017-1842-1.NASL", "ORACLELINUX_ELSA-2017-1842.NASL", "ORACLELINUX_ELSA-2017-2930-1.NASL", "ORACLELINUX_ELSA-2017-2930.NASL", "ORACLELINUX_ELSA-2017-3200.NASL", "ORACLELINUX_ELSA-2017-3508.NASL", "ORACLELINUX_ELSA-2017-3509.NASL", "ORACLELINUX_ELSA-2017-3514.NASL", "ORACLELINUX_ELSA-2017-3515.NASL", "ORACLELINUX_ELSA-2017-3516.NASL", "ORACLELINUX_ELSA-2017-3533.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3535.NASL", "ORACLELINUX_ELSA-2017-3537.NASL", "ORACLELINUX_ELSA-2017-3538.NASL", "ORACLELINUX_ELSA-2017-3539.NASL", "ORACLELINUX_ELSA-2017-3566.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2017-3609.NASL", "ORACLELINUX_ELSA-2017-3632.NASL", "ORACLELINUX_ELSA-2017-3633.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLELINUX_ELSA-2017-3658.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLELINUX_ELSA-2018-1062.NASL", "ORACLELINUX_ELSA-2018-1854.NASL", "ORACLELINUX_ELSA-2020-5912.NASL", "ORACLEVM_OVMSA-2016-0174.NASL", "ORACLEVM_OVMSA-2016-0175.NASL", "ORACLEVM_OVMSA-2016-0179.NASL", "ORACLEVM_OVMSA-2016-0180.NASL", "ORACLEVM_OVMSA-2016-0181.NASL", "ORACLEVM_OVMSA-2017-0004.NASL", "ORACLEVM_OVMSA-2017-0005.NASL", "ORACLEVM_OVMSA-2017-0039.NASL", "ORACLEVM_OVMSA-2017-0040.NASL", "ORACLEVM_OVMSA-2017-0056.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0058.NASL", "ORACLEVM_OVMSA-2017-0060.NASL", "ORACLEVM_OVMSA-2017-0061.NASL", "ORACLEVM_OVMSA-2017-0062.NASL", "ORACLEVM_OVMSA-2017-0105.NASL", "ORACLEVM_OVMSA-2017-0106.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "ORACLEVM_OVMSA-2017-0145.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2020-0051.NASL", "PHOTONOS_PHSA-2016-0012.NASL", "PHOTONOS_PHSA-2016-0012_LINUX.NASL", "PHOTONOS_PHSA-2016-0014.NASL", "PHOTONOS_PHSA-2016-0014_LINUX.NASL", "REDHAT-RHSA-2016-2047.NASL", "REDHAT-RHSA-2016-2107.NASL", "REDHAT-RHSA-2016-2110.NASL", "REDHAT-RHSA-2016-2574.NASL", "REDHAT-RHSA-2016-2962.NASL", "REDHAT-RHSA-2017-0004.NASL", "REDHAT-RHSA-2017-0031.NASL", "REDHAT-RHSA-2017-0036.NASL", "REDHAT-RHSA-2017-0065.NASL", "REDHAT-RHSA-2017-0086.NASL", "REDHAT-RHSA-2017-0091.NASL", "REDHAT-RHSA-2017-0113.NASL", "REDHAT-RHSA-2017-0196.NASL", "REDHAT-RHSA-2017-0215.NASL", "REDHAT-RHSA-2017-0216.NASL", "REDHAT-RHSA-2017-0217.NASL", "REDHAT-RHSA-2017-0270.NASL", "REDHAT-RHSA-2017-0307.NASL", "REDHAT-RHSA-2017-0386.NASL", "REDHAT-RHSA-2017-0387.NASL", "REDHAT-RHSA-2017-0402.NASL", "REDHAT-RHSA-2017-0817.NASL", "REDHAT-RHSA-2017-0869.NASL", "REDHAT-RHSA-2017-0892.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-1297.NASL", "REDHAT-RHSA-2017-1298.NASL", "REDHAT-RHSA-2017-1308.NASL", "REDHAT-RHSA-2017-1842.NASL", "REDHAT-RHSA-2017-2077.NASL", "REDHAT-RHSA-2017-2669.NASL", "REDHAT-RHSA-2017-2930.NASL", "REDHAT-RHSA-2017-2931.NASL", "REDHAT-RHSA-2018-0676.NASL", "REDHAT-RHSA-2018-1062.NASL", "REDHAT-RHSA-2018-1854.NASL", "REDHAT-RHSA-2019-1170.NASL", "REDHAT-RHSA-2019-1190.NASL", "SLACKWARE_SSA_2016-347-01.NASL", "SL_20161220_KERNEL_ON_SL5_X.NASL", "SL_20170110_KERNEL_ON_SL6_X.NASL", "SL_20170117_KERNEL_ON_SL7_X.NASL", "SL_20170223_KERNEL_ON_SL6_X.NASL", "SL_20170302_KERNEL_ON_SL7_X.NASL", "SL_20170321_KERNEL_ON_SL6_X.NASL", "SL_20170411_KERNEL_ON_SL6_X.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SL_20170525_KERNEL_ON_SL7_X.NASL", "SL_20170801_KERNEL_ON_SL7_X.NASL", "SL_20171019_KERNEL_ON_SL7_X.NASL", "SL_20180410_KERNEL_ON_SL7_X.NASL", "SL_20180619_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2016-2912-1.NASL", "SUSE_SU-2016-2976-1.NASL", "SUSE_SU-2016-3039-1.NASL", "SUSE_SU-2016-3049-1.NASL", "SUSE_SU-2016-3063-1.NASL", "SUSE_SU-2016-3109-1.NASL", "SUSE_SU-2016-3111-1.NASL", "SUSE_SU-2016-3112-1.NASL", "SUSE_SU-2016-3113-1.NASL", "SUSE_SU-2016-3119-1.NASL", "SUSE_SU-2016-3146-1.NASL", "SUSE_SU-2016-3188-1.NASL", "SUSE_SU-2016-3197-1.NASL", "SUSE_SU-2016-3203-1.NASL", "SUSE_SU-2016-3217-1.NASL", "SUSE_SU-2016-3247-1.NASL", "SUSE_SU-2016-3248-1.NASL", "SUSE_SU-2016-3249-1.NASL", "SUSE_SU-2016-3252-1.NASL", "SUSE_SU-2017-0181-1.NASL", "SUSE_SU-2017-0244-1.NASL", "SUSE_SU-2017-0245-1.NASL", "SUSE_SU-2017-0246-1.NASL", "SUSE_SU-2017-0247-1.NASL", "SUSE_SU-2017-0248-1.NASL", "SUSE_SU-2017-0249-1.NASL", "SUSE_SU-2017-0267-1.NASL", "SUSE_SU-2017-0268-1.NASL", "SUSE_SU-2017-0333-1.NASL", "SUSE_SU-2017-0437-1.NASL", "SUSE_SU-2017-0464-1.NASL", "SUSE_SU-2017-0471-1.NASL", "SUSE_SU-2017-0494-1.NASL", "SUSE_SU-2017-0575-1.NASL", "SUSE_SU-2017-1247-1.NASL", "SUSE_SU-2017-1360-1.NASL", "SUSE_SU-2017-2920-1.NASL", "SUSE_SU-2018-0834-1.NASL", "SUSE_SU-2018-0848-1.NASL", "SUSE_SU-2018-1080-1.NASL", "SUSE_SU-2018-1172-1.NASL", "UBUNTU_USN-3126-1.NASL", "UBUNTU_USN-3144-1.NASL", "UBUNTU_USN-3145-1.NASL", "UBUNTU_USN-3145-2.NASL", "UBUNTU_USN-3146-1.NASL", "UBUNTU_USN-3146-2.NASL", "UBUNTU_USN-3147-1.NASL", "UBUNTU_USN-3149-1.NASL", "UBUNTU_USN-3149-2.NASL", "UBUNTU_USN-3150-1.NASL", "UBUNTU_USN-3151-1.NASL", "UBUNTU_USN-3151-2.NASL", "UBUNTU_USN-3151-3.NASL", "UBUNTU_USN-3151-4.NASL", "UBUNTU_USN-3152-1.NASL", "UBUNTU_USN-3152-2.NASL", "UBUNTU_USN-3159-1.NASL", "UBUNTU_USN-3160-1.NASL", "UBUNTU_USN-3160-2.NASL", "UBUNTU_USN-3161-1.NASL", "UBUNTU_USN-3161-2.NASL", "UBUNTU_USN-3161-3.NASL", "UBUNTU_USN-3161-4.NASL", "UBUNTU_USN-3162-1.NASL", "UBUNTU_USN-3162-2.NASL", "UBUNTU_USN-3187-1.NASL", "UBUNTU_USN-3188-1.NASL", "UBUNTU_USN-3188-2.NASL", "UBUNTU_USN-3189-1.NASL", "UBUNTU_USN-3189-2.NASL", "UBUNTU_USN-3190-1.NASL", "UBUNTU_USN-3190-2.NASL", "UBUNTU_USN-3206-1.NASL", "UBUNTU_USN-3207-1.NASL", "UBUNTU_USN-3207-2.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3209-1.NASL", "UBUNTU_USN-3290-1.NASL", "UBUNTU_USN-3312-1.NASL", "UBUNTU_USN-3312-2.NASL", "UBUNTU_USN-3314-1.NASL", "UBUNTU_USN-3361-1.NASL", "UBUNTU_USN-3406-1.NASL", "UBUNTU_USN-3422-1.NASL", "UBUNTU_USN-3445-1.NASL", "UBUNTU_USN-3798-1.NASL", "UBUNTU_USN-3822-1.NASL", "VIRTUOZZO_VZA-2016-104.NASL", "VIRTUOZZO_VZA-2017-007.NASL", "VIRTUOZZO_VZA-2017-025.NASL", "VIRTUOZZO_VZA-2017-042.NASL", "VIRTUOZZO_VZA-2017-043.NASL", "VIRTUOZZO_VZA-2017-097.NASL", "VIRTUOZZO_VZA-2017-098.NASL", "VIRTUOZZO_VZA-2018-041.NASL", "VIRTUOZZO_VZLSA-2017-0036.NASL", "VIRTUOZZO_VZLSA-2017-0086.NASL", "VIRTUOZZO_VZLSA-2017-0307.NASL", "VIRTUOZZO_VZLSA-2017-0386.NASL", "VIRTUOZZO_VZLSA-2017-0892.NASL", "VIRTUOZZO_VZLSA-2017-0933.NASL", "VIRTUOZZO_VZLSA-2017-1308.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703696", "OPENVAS:1361412562310703804", "OPENVAS:1361412562310810127", "OPENVAS:1361412562310810136", "OPENVAS:1361412562310810159", "OPENVAS:1361412562310810170", "OPENVAS:1361412562310812046", "OPENVAS:1361412562310842945", "OPENVAS:1361412562310842948", "OPENVAS:1361412562310842963", "OPENVAS:1361412562310842964", "OPENVAS:1361412562310842965", "OPENVAS:1361412562310842970", "OPENVAS:1361412562310842971", "OPENVAS:1361412562310842972", "OPENVAS:1361412562310842977", "OPENVAS:1361412562310842979", "OPENVAS:1361412562310842980", "OPENVAS:1361412562310842981", "OPENVAS:1361412562310842982", "OPENVAS:1361412562310842983", "OPENVAS:1361412562310842984", "OPENVAS:1361412562310842985", "OPENVAS:1361412562310842986", "OPENVAS:1361412562310842987", "OPENVAS:1361412562310842988", "OPENVAS:1361412562310842996", "OPENVAS:1361412562310842997", "OPENVAS:1361412562310842998", "OPENVAS:1361412562310842999", "OPENVAS:1361412562310843000", "OPENVAS:1361412562310843001", "OPENVAS:1361412562310843002", "OPENVAS:1361412562310843003", "OPENVAS:1361412562310843004", "OPENVAS:1361412562310843005", "OPENVAS:1361412562310843036", "OPENVAS:1361412562310843037", "OPENVAS:1361412562310843038", "OPENVAS:1361412562310843039", "OPENVAS:1361412562310843040", "OPENVAS:1361412562310843041", "OPENVAS:1361412562310843047", "OPENVAS:1361412562310843050", "OPENVAS:1361412562310843060", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310843063", "OPENVAS:1361412562310843064", "OPENVAS:1361412562310843065", "OPENVAS:1361412562310843169", "OPENVAS:1361412562310843198", "OPENVAS:1361412562310843199", "OPENVAS:1361412562310843200", "OPENVAS:1361412562310843249", "OPENVAS:1361412562310843297", "OPENVAS:1361412562310843312", "OPENVAS:1361412562310843326", "OPENVAS:1361412562310843665", "OPENVAS:1361412562310843824", "OPENVAS:1361412562310851414", "OPENVAS:1361412562310851415", "OPENVAS:1361412562310851420", "OPENVAS:1361412562310851444", "OPENVAS:1361412562310851448", "OPENVAS:1361412562310851449", "OPENVAS:1361412562310851450", "OPENVAS:1361412562310851452", "OPENVAS:1361412562310851454", "OPENVAS:1361412562310851489", "OPENVAS:1361412562310851506", "OPENVAS:1361412562310851512", "OPENVAS:1361412562310851513", "OPENVAS:1361412562310871730", "OPENVAS:1361412562310871742", "OPENVAS:1361412562310871747", "OPENVAS:1361412562310871763", "OPENVAS:1361412562310871768", "OPENVAS:1361412562310871783", "OPENVAS:1361412562310871794", "OPENVAS:1361412562310871796", "OPENVAS:1361412562310871823", "OPENVAS:1361412562310871855", "OPENVAS:1361412562310871917", "OPENVAS:1361412562310871927", "OPENVAS:1361412562310871956", "OPENVAS:1361412562310871967", "OPENVAS:1361412562310872042", "OPENVAS:1361412562310872076", "OPENVAS:1361412562310872131", "OPENVAS:1361412562310872137", "OPENVAS:1361412562310872147", "OPENVAS:1361412562310872159", "OPENVAS:1361412562310872163", "OPENVAS:1361412562310872182", "OPENVAS:1361412562310872186", "OPENVAS:1361412562310872634", "OPENVAS:1361412562310872640", "OPENVAS:1361412562310882614", "OPENVAS:1361412562310882629", "OPENVAS:1361412562310882638", "OPENVAS:1361412562310882667", "OPENVAS:1361412562310882673", "OPENVAS:1361412562310882688", "OPENVAS:1361412562310882694", "OPENVAS:1361412562310882725", "OPENVAS:1361412562310882792", "OPENVAS:1361412562310890849", "OPENVAS:1361412562310890922", "OPENVAS:1361412562311220161051", "OPENVAS:1361412562311220161089", "OPENVAS:1361412562311220171001", "OPENVAS:1361412562311220171071", "OPENVAS:1361412562311220171072", "OPENVAS:1361412562311220171159", "OPENVAS:1361412562311220171271", "OPENVAS:1361412562311220181031", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562311220191472", "OPENVAS:1361412562311220191474", "OPENVAS:1361412562311220191482", "OPENVAS:1361412562311220191484", "OPENVAS:1361412562311220191490", "OPENVAS:1361412562311220191491", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191517", "OPENVAS:1361412562311220191518", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191520", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220191525", "OPENVAS:1361412562311220191528", "OPENVAS:1361412562311220191530", "OPENVAS:1361412562311220191534", "OPENVAS:1361412562311220191538", "OPENVAS:1361412562311220191539", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192599", "OPENVAS:703696", "OPENVAS:703804"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2962", "ELSA-2016-2962-1", "ELSA-2016-3648", "ELSA-2016-3651", "ELSA-2016-3652", "ELSA-2016-3655", "ELSA-2016-3656", "ELSA-2016-3657", "ELSA-2017-0036", "ELSA-2017-0086", "ELSA-2017-0307", "ELSA-2017-0386", "ELSA-2017-0386-1", "ELSA-2017-0817", "ELSA-2017-0892", "ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-1308", "ELSA-2017-1308-1", "ELSA-2017-1842", "ELSA-2017-1842-1", "ELSA-2017-2930", "ELSA-2017-2930-1", "ELSA-2017-3508", "ELSA-2017-3509", "ELSA-2017-3514", "ELSA-2017-3515", "ELSA-2017-3516", "ELSA-2017-3533", "ELSA-2017-3534", "ELSA-2017-3535", "ELSA-2017-3537", "ELSA-2017-3538", "ELSA-2017-3539", "ELSA-2017-3566", "ELSA-2017-3567", "ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2017-3609", "ELSA-2017-3657", "ELSA-2017-3658", "ELSA-2018-1062", "ELSA-2018-1854", "ELSA-2018-4021", "ELSA-2020-5912", "ELSA-2020-5926"]}, {"type": "osv", "idList": ["OSV:DLA-670-1", "OSV:DLA-772-1", "OSV:DLA-849-1", "OSV:DLA-922-1", "OSV:DSA-3696-1", "OSV:DSA-3804-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147727"]}, {"type": "photon", "idList": ["PHSA-2016-0012", "PHSA-2016-0014", "PHSA-2017-0016", "PHSA-2017-0040", "PHSA-2018-0116", "PHSA-2019-0122"]}, {"type": "redhat", "idList": ["RHSA-2016:2047", "RHSA-2016:2107", "RHSA-2016:2110", "RHSA-2016:2574", "RHSA-2016:2962", "RHSA-2017:0004", "RHSA-2017:0031", "RHSA-2017:0036", "RHSA-2017:0065", "RHSA-2017:0086", "RHSA-2017:0091", "RHSA-2017:0113", "RHSA-2017:0196", "RHSA-2017:0215", "RHSA-2017:0216", "RHSA-2017:0217", "RHSA-2017:0270", "RHSA-2017:0307", "RHSA-2017:0372", "RHSA-2017:0386", "RHSA-2017:0387", "RHSA-2017:0402", "RHSA-2017:0817", "RHSA-2017:0869", "RHSA-2017:0892", "RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:0933", "RHSA-2017:1297", "RHSA-2017:1298", "RHSA-2017:1308", "RHSA-2017:1842", "RHSA-2017:2077", "RHSA-2017:2669", "RHSA-2017:2930", "RHSA-2017:2931", "RHSA-2018:0676", "RHSA-2018:1062", "RHSA-2018:1854", "RHSA-2019:1170", "RHSA-2019:1190"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10088", "RH:CVE-2016-7425", "RH:CVE-2016-7910", "RH:CVE-2016-7911", "RH:CVE-2016-8399", "RH:CVE-2016-8633", "RH:CVE-2016-8645", "RH:CVE-2016-8646", "RH:CVE-2016-8650", "RH:CVE-2016-8655", "RH:CVE-2016-8666", "RH:CVE-2016-9555", "RH:CVE-2016-9576", "RH:CVE-2016-9588", "RH:CVE-2016-9604", "RH:CVE-2016-9685"]}, {"type": "seebug", "idList": ["SSV:92567"]}, {"type": "slackware", "idList": ["SSA-2016-347-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2583-1", "OPENSUSE-SU-2016:2584-1", "OPENSUSE-SU-2016:2625-1", "OPENSUSE-SU-2016:3021-1", "OPENSUSE-SU-2016:3050-1", "OPENSUSE-SU-2016:3058-1", "OPENSUSE-SU-2016:3061-1", "OPENSUSE-SU-2016:3077-1", "OPENSUSE-SU-2016:3085-1", "OPENSUSE-SU-2016:3086-1", "OPENSUSE-SU-2016:3118-1", "OPENSUSE-SU-2017:0456-1", "OPENSUSE-SU-2017:0458-1", "SUSE-SU-2016:2629-1", "SUSE-SU-2016:2630-1", "SUSE-SU-2016:2631-1", "SUSE-SU-2016:2634-1", "SUSE-SU-2016:2635-1", "SUSE-SU-2016:2637-1", "SUSE-SU-2016:2638-1", "SUSE-SU-2016:2673-1", "SUSE-SU-2016:2674-1", "SUSE-SU-2016:2912-1", "SUSE-SU-2016:2976-1", "SUSE-SU-2016:3039-1", "SUSE-SU-2016:3049-1", "SUSE-SU-2016:3063-1", "SUSE-SU-2016:3069-1", "SUSE-SU-2016:3093-1", "SUSE-SU-2016:3094-1", "SUSE-SU-2016:3096-1", "SUSE-SU-2016:3098-1", "SUSE-SU-2016:3100-1", "SUSE-SU-2016:3104-1", "SUSE-SU-2016:3109-1", "SUSE-SU-2016:3111-1", "SUSE-SU-2016:3112-1", "SUSE-SU-2016:3113-1", "SUSE-SU-2016:3116-1", "SUSE-SU-2016:3117-1", "SUSE-SU-2016:3119-1", "SUSE-SU-2016:3146-1", "SUSE-SU-2016:3169-1", "SUSE-SU-2016:3183-1", "SUSE-SU-2016:3188-1", "SUSE-SU-2016:3197-1", "SUSE-SU-2016:3203-1", "SUSE-SU-2016:3205-1", "SUSE-SU-2016:3206-1", "SUSE-SU-2016:3217-1", "SUSE-SU-2016:3247-1", "SUSE-SU-2016:3248-1", "SUSE-SU-2016:3249-1", "SUSE-SU-2016:3252-1", "SUSE-SU-2016:3304-1", "SUSE-SU-2017:0181-1", "SUSE-SU-2017:0226-1", "SUSE-SU-2017:0227-1", "SUSE-SU-2017:0228-1", "SUSE-SU-2017:0229-1", "SUSE-SU-2017:0230-1", "SUSE-SU-2017:0231-1", "SUSE-SU-2017:0232-1", "SUSE-SU-2017:0233-1", "SUSE-SU-2017:0234-1", "SUSE-SU-2017:0235-1", "SUSE-SU-2017:0244-1", "SUSE-SU-2017:0245-1", "SUSE-SU-2017:0246-1", "SUSE-SU-2017:0247-1", "SUSE-SU-2017:0248-1", "SUSE-SU-2017:0249-1", "SUSE-SU-2017:0267-1", "SUSE-SU-2017:0268-1", "SUSE-SU-2017:0278-1", "SUSE-SU-2017:0293-1", "SUSE-SU-2017:0294-1", "SUSE-SU-2017:0333-1", "SUSE-SU-2017:0407-1", "SUSE-SU-2017:0437-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:0471-1", "SUSE-SU-2017:0494-1", "SUSE-SU-2017:0575-1", "SUSE-SU-2017:1102-1", "SUSE-SU-2017:1247-1", "SUSE-SU-2017:1360-1", "SUSE-SU-2017:1990-1", "SUSE-SU-2017:2342-1", "SUSE-SU-2017:2920-1", "SUSE-SU-2018:0834-1", "SUSE-SU-2018:0848-1", "SUSE-SU-2018:1080-1", "SUSE-SU-2018:1172-1"]}, {"type": "symantec", "idList": ["SMNTC-1389"]}, {"type": "thn", "idList": ["THN:04F5FC12455795F06BC21F5C803FA77E", "THN:11E7CC33794D9968747131F3F0AE8716"]}, {"type": "threatpost", "idList": ["THREATPOST:71B135B09C0B20493E1A02875B015BA4", "THREATPOST:9148FADE9CE4769DE623F3FA5AC6A18F"]}, {"type": "ubuntu", "idList": ["USN-3126-1", "USN-3126-2", "USN-3144-1", "USN-3144-2", "USN-3145-1", "USN-3145-2", "USN-3146-1", "USN-3146-2", "USN-3147-1", "USN-3149-1", "USN-3149-2", "USN-3150-1", "USN-3150-2", "USN-3151-1", "USN-3151-2", "USN-3151-3", "USN-3151-4", "USN-3152-1", "USN-3152-2", "USN-3159-1", "USN-3159-2", "USN-3160-1", "USN-3160-2", "USN-3161-1", "USN-3161-2", "USN-3161-3", "USN-3161-4", "USN-3162-1", "USN-3162-2", "USN-3187-1", "USN-3187-2", "USN-3188-1", "USN-3188-2", "USN-3189-1", "USN-3189-2", "USN-3190-1", "USN-3190-2", "USN-3206-1", "USN-3207-1", "USN-3207-2", "USN-3208-1", "USN-3208-2", "USN-3209-1", "USN-3290-1", "USN-3312-1", "USN-3312-2", "USN-3314-1", "USN-3361-1", "USN-3406-1", "USN-3406-2", "USN-3422-1", "USN-3422-2", "USN-3445-1", "USN-3445-2", "USN-3798-1", "USN-3798-2", "USN-3822-1", "USN-3822-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10088", "UB:CVE-2016-7039", "UB:CVE-2016-7117", "UB:CVE-2016-7425", "UB:CVE-2016-7910", "UB:CVE-2016-7911", "UB:CVE-2016-7913", "UB:CVE-2016-7914", "UB:CVE-2016-7915", "UB:CVE-2016-7916", "UB:CVE-2016-8399", "UB:CVE-2016-8630", "UB:CVE-2016-8633", "UB:CVE-2016-8645", "UB:CVE-2016-8646", "UB:CVE-2016-8650", "UB:CVE-2016-8655", "UB:CVE-2016-8666", "UB:CVE-2016-9083", "UB:CVE-2016-9084", "UB:CVE-2016-9555", "UB:CVE-2016-9576", "UB:CVE-2016-9588", "UB:CVE-2016-9604", "UB:CVE-2016-9685", "UB:CVE-2017-1000111"]}, {"type": "virtuozzo", "idList": ["VZA-2016-104", "VZA-2017-007", "VZA-2017-024", "VZA-2017-025", "VZA-2017-042", "VZA-2017-043", "VZA-2017-097", "VZA-2017-098", "VZA-2018-040", "VZA-2018-041"]}, {"type": "zdt", "idList": ["1337DAY-ID-26493", "1337DAY-ID-30429", "1337DAY-ID-33037"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-782", "ALAS-2017-786"]}, {"type": "android", "idList": ["ANDROID:CVE-2016-7910"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-10-01"]}, {"type": "archlinux", "idList": ["ASA-201612-5", "ASA-201612-6", "ASA-201612-7"]}, {"type": "broadcom", "idList": ["BSA-2017-304"]}, {"type": "centos", "idList": ["CESA-2017:0933"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:E4E1DF639E31042E2C6F495D3AD4AB50"]}, {"type": "cve", "idList": ["CVE-2016-7117", "CVE-2016-7425", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-8655", "CVE-2016-8666", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9685"]}, {"type": "debian", "idList": ["DEBIAN:DLA-849-1:12807", "DEBIAN:DSA-3804-1:E7F94"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-7117", "DEBIANCVE:CVE-2016-7425", "DEBIANCVE:CVE-2016-7910", "DEBIANCVE:CVE-2016-7911", "DEBIANCVE:CVE-2016-7913", "DEBIANCVE:CVE-2016-7914", "DEBIANCVE:CVE-2016-7915", "DEBIANCVE:CVE-2016-7916", "DEBIANCVE:CVE-2016-8399", "DEBIANCVE:CVE-2016-8630", "DEBIANCVE:CVE-2016-8633", "DEBIANCVE:CVE-2016-8645", "DEBIANCVE:CVE-2016-8646", "DEBIANCVE:CVE-2016-8650", "DEBIANCVE:CVE-2016-8655", "DEBIANCVE:CVE-2016-8666", "DEBIANCVE:CVE-2016-9083", "DEBIANCVE:CVE-2016-9084", "DEBIANCVE:CVE-2016-9555", "DEBIANCVE:CVE-2016-9576", "DEBIANCVE:CVE-2016-9588", "DEBIANCVE:CVE-2016-9604", "DEBIANCVE:CVE-2016-9685"]}, {"type": "exploitdb", "idList": ["EDB-ID:44696"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D5BBB161063632A8D15C357D43E97C75"]}, {"type": "f5", "idList": ["F5:K05513373", "F5:K38472857", "F5:K54095660", "F5:K54610514"]}, {"type": "fedora", "idList": ["FEDORA:0DC87601457E", "FEDORA:15EF260C76C3", "FEDORA:4A07160A7574", "FEDORA:5ADC96067305", "FEDORA:685B66087C53", "FEDORA:711F0612DED6", "FEDORA:85F7B60BBD0B", "FEDORA:92CE26061A9A", "FEDORA:9D83A60EFF4F", "FEDORA:B83986079D12", "FEDORA:BE101604CBF2", "FEDORA:C26AE605FC27", "FEDORA:E878E60F237D", "FEDORA:F17F2606731A"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:9B79D262B5DA61A7E11F5134B546BA63"]}, {"type": "ibm", "idList": ["0C9BE2F3A245999460BB6BC497E21EC27992E79FB4C1D769E6D1CF729AB33300"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/LOCAL/AF_PACKET_CHOCOBO_ROOT_PRIV_ESC", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2016-9604/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201682103", "MYHACK58:62201783692"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-782.NASL", "CENTOS_RHSA-2016-2047.NASL", "DEBIAN_DLA-670.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DSA-3696.NASL", "DEBIAN_DSA-3804.NASL", "FEDORA_2016-02DB2F32FD.NASL", "FEDORA_2016-107F03CC00.NASL", "FEDORA_2016-29CDE72F15.NASL", "FEDORA_2016-2B1F91E9BD.NASL", "FEDORA_2016-3548475BCA.NASL", "FEDORA_2016-5AFF4A6BBC.NASL", "FEDORA_2016-5CB5B4082D.NASL", "FEDORA_2016-6AFDD2B61D.NASL", "FEDORA_2016-A820774FC2.NASL", "FEDORA_2016-B18410C59C.NASL", "FEDORA_2016-DD895763AC.NASL", "FEDORA_2016-E5B72816D0.NASL", "NEWSTART_CGSL_NS-SA-2019-0143_KERNEL.NASL", "OPENSUSE-2016-1211.NASL", "OPENSUSE-2016-1212.NASL", "OPENSUSE-2016-1436.NASL", "OPENSUSE-2016-1438.NASL", "OPENSUSE-2016-1439.NASL", "OPENSUSE-2016-1454.NASL", "ORACLELINUX_ELSA-2016-2047.NASL", "ORACLELINUX_ELSA-2016-3648.NASL", "ORACLELINUX_ELSA-2016-3651.NASL", "ORACLELINUX_ELSA-2016-3652.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLEVM_OVMSA-2016-0174.NASL", "ORACLEVM_OVMSA-2016-0175.NASL", "ORACLEVM_OVMSA-2016-0181.NASL", "ORACLEVM_OVMSA-2017-0060.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "REDHAT-RHSA-2016-2047.NASL", "REDHAT-RHSA-2016-2107.NASL", "REDHAT-RHSA-2016-2110.NASL", "REDHAT-RHSA-2017-0402.NASL", "SLACKWARE_SSA_2016-347-01.NASL", "SUSE_SU-2016-3039-1.NASL", "SUSE_SU-2016-3049-1.NASL", "SUSE_SU-2016-3063-1.NASL", "SUSE_SU-2016-3113-1.NASL", "SUSE_SU-2016-3146-1.NASL", "SUSE_SU-2016-3188-1.NASL", "SUSE_SU-2016-3197-1.NASL", "SUSE_SU-2016-3203-1.NASL", "SUSE_SU-2016-3217-1.NASL", "SUSE_SU-2016-3247-1.NASL", "SUSE_SU-2016-3248-1.NASL", "SUSE_SU-2016-3252-1.NASL", "SUSE_SU-2017-0244-1.NASL", "SUSE_SU-2017-0245-1.NASL", "SUSE_SU-2017-0246-1.NASL", "SUSE_SU-2017-0247-1.NASL", "SUSE_SU-2017-0248-1.NASL", "SUSE_SU-2017-0249-1.NASL", "SUSE_SU-2017-0267-1.NASL", "SUSE_SU-2017-0268-1.NASL", "UBUNTU_USN-3149-1.NASL", "UBUNTU_USN-3149-2.NASL", "UBUNTU_USN-3150-1.NASL", "UBUNTU_USN-3151-1.NASL", "UBUNTU_USN-3151-2.NASL", "UBUNTU_USN-3151-3.NASL", "UBUNTU_USN-3151-4.NASL", "UBUNTU_USN-3152-1.NASL", "UBUNTU_USN-3152-2.NASL", "UBUNTU_USN-3187-1.NASL", "UBUNTU_USN-3188-1.NASL", "UBUNTU_USN-3188-2.NASL", "UBUNTU_USN-3189-1.NASL", "UBUNTU_USN-3189-2.NASL", "UBUNTU_USN-3190-1.NASL", "UBUNTU_USN-3190-2.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3209-1.NASL", "UBUNTU_USN-3312-2.NASL", "UBUNTU_USN-3445-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810136", "OPENVAS:1361412562310842979", "OPENVAS:1361412562310842980", "OPENVAS:1361412562310842981", "OPENVAS:1361412562310842982", "OPENVAS:1361412562310842983", "OPENVAS:1361412562310842984", "OPENVAS:1361412562310842985", "OPENVAS:1361412562310842986", "OPENVAS:1361412562310842987", "OPENVAS:1361412562310842988", "OPENVAS:1361412562310851450", "OPENVAS:1361412562310851452", "OPENVAS:1361412562310851454", "OPENVAS:1361412562310871917", "OPENVAS:1361412562310871967", "OPENVAS:1361412562310872042", "OPENVAS:1361412562310872076", "OPENVAS:1361412562310872131", "OPENVAS:1361412562310872137", "OPENVAS:1361412562310872147", "OPENVAS:1361412562310872159", "OPENVAS:1361412562310872163", "OPENVAS:1361412562310872182", "OPENVAS:1361412562310872186"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-3648", "ELSA-2016-3651", "ELSA-2016-3652", "ELSA-2018-4021"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:147727"]}, {"type": "photon", "idList": ["PHSA-2017-0016", "PHSA-2017-0040"]}, {"type": "redhat", "idList": ["RHSA-2016:2107", "RHSA-2017:0402"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10088", "RH:CVE-2016-8399", "RH:CVE-2016-8633", "RH:CVE-2016-8645", "RH:CVE-2016-8646", "RH:CVE-2016-8650", "RH:CVE-2016-8655", "RH:CVE-2016-9555", "RH:CVE-2016-9576", "RH:CVE-2016-9588", "RH:CVE-2016-9604", "RH:CVE-2016-9685"]}, {"type": "seebug", "idList": ["SSV:92567"]}, {"type": "slackware", "idList": ["SSA-2016-347-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2583-1", "OPENSUSE-SU-2016:2584-1", "OPENSUSE-SU-2016:3050-1", "OPENSUSE-SU-2016:3077-1", "OPENSUSE-SU-2016:3085-1", "OPENSUSE-SU-2016:3086-1", "OPENSUSE-SU-2016:3118-1", "SUSE-SU-2016:2629-1", "SUSE-SU-2016:2630-1", "SUSE-SU-2016:2631-1", "SUSE-SU-2016:2634-1", "SUSE-SU-2016:2635-1", "SUSE-SU-2016:2637-1", "SUSE-SU-2016:2638-1", "SUSE-SU-2016:3039-1", "SUSE-SU-2016:3049-1", "SUSE-SU-2016:3063-1", "SUSE-SU-2016:3096-1", "SUSE-SU-2016:3113-1", "SUSE-SU-2016:3116-1", "SUSE-SU-2016:3117-1", "SUSE-SU-2016:3146-1", "SUSE-SU-2016:3169-1", "SUSE-SU-2016:3183-1", "SUSE-SU-2016:3188-1", "SUSE-SU-2016:3197-1", "SUSE-SU-2016:3203-1", "SUSE-SU-2016:3205-1", "SUSE-SU-2016:3206-1", "SUSE-SU-2016:3217-1", "SUSE-SU-2016:3247-1", "SUSE-SU-2016:3248-1", "SUSE-SU-2016:3252-1", "SUSE-SU-2017:0226-1", "SUSE-SU-2017:0227-1", "SUSE-SU-2017:0228-1", "SUSE-SU-2017:0229-1", "SUSE-SU-2017:0230-1", "SUSE-SU-2017:0231-1", "SUSE-SU-2017:0232-1", "SUSE-SU-2017:0233-1", "SUSE-SU-2017:0234-1", "SUSE-SU-2017:0235-1", "SUSE-SU-2017:0244-1", "SUSE-SU-2017:0245-1", "SUSE-SU-2017:0246-1", "SUSE-SU-2017:0247-1", "SUSE-SU-2017:0248-1", "SUSE-SU-2017:0249-1", "SUSE-SU-2017:0267-1", "SUSE-SU-2017:0268-1", "SUSE-SU-2017:0278-1", "SUSE-SU-2017:0293-1", "SUSE-SU-2017:0294-1"]}, {"type": "thn", "idList": ["THN:04F5FC12455795F06BC21F5C803FA77E", "THN:11E7CC33794D9968747131F3F0AE8716"]}, {"type": "threatpost", "idList": ["THREATPOST:71B135B09C0B20493E1A02875B015BA4"]}, {"type": "ubuntu", "idList": ["USN-3149-1", "USN-3150-2", "USN-3151-3", "USN-3151-4", "USN-3152-2", "USN-3162-2", "USN-3187-1", "USN-3187-2", "USN-3190-2", "USN-3208-2", "USN-3209-1", "USN-3314-1", "USN-3445-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-8399", "UB:CVE-2016-8633", "UB:CVE-2016-8645", "UB:CVE-2016-8646", "UB:CVE-2016-8650", "UB:CVE-2016-8655", "UB:CVE-2016-9555", "UB:CVE-2016-9576", "UB:CVE-2016-9588", "UB:CVE-2016-9604", "UB:CVE-2016-9685"]}, {"type": "virtuozzo", "idList": ["VZA-2017-042", "VZA-2017-043", "VZA-2017-097", "VZA-2017-098"]}, {"type": "zdt", "idList": ["1337DAY-ID-26493", "1337DAY-ID-30429"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-9604", "epss": "0.000490000", "percentile": "0.153250000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8650", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2016-7910", "epss": "0.001350000", "percentile": "0.471050000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8633", "epss": "0.027900000", "percentile": "0.890070000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8655", "epss": "0.000430000", "percentile": "0.074530000", "modified": "2023-03-15"}, {"cve": "CVE-2016-9084", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8399", "epss": "0.002330000", "percentile": "0.595910000", "modified": "2023-03-15"}, {"cve": "CVE-2016-7117", "epss": "0.039350000", "percentile": "0.906090000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8666", "epss": "0.047130000", "percentile": "0.913700000", "modified": "2023-03-15"}, {"cve": "CVE-2016-7911", "epss": "0.000810000", "percentile": "0.330280000", "modified": "2023-03-15"}, {"cve": "CVE-2016-7916", "epss": "0.000730000", "percentile": "0.297290000", "modified": "2023-03-15"}, {"cve": "CVE-2016-9555", "epss": "0.905280000", "percentile": "0.982160000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8630", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2016-9685", "epss": "0.000420000", "percentile": "0.056670000", "modified": "2023-03-15"}, {"cve": "CVE-2016-7915", "epss": "0.001200000", "percentile": "0.445010000", "modified": "2023-03-15"}, {"cve": "CVE-2016-7425", "epss": "0.000440000", "percentile": "0.082980000", "modified": "2023-03-15"}, {"cve": "CVE-2016-9083", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2016-9576", "epss": "0.000440000", "percentile": "0.082290000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8646", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}, {"cve": "CVE-2016-7913", "epss": "0.000860000", "percentile": "0.348110000", "modified": "2023-03-15"}, {"cve": "CVE-2016-9588", "epss": "0.000620000", "percentile": "0.245740000", "modified": "2023-03-15"}, {"cve": "CVE-2016-7914", "epss": "0.000700000", "percentile": "0.284920000", "modified": "2023-03-15"}, {"cve": "CVE-2016-8645", "epss": "0.000420000", "percentile": "0.056320000", "modified": "2023-03-15"}], "vulnersScore": 0.3}, "_state": {"dependencies": 1678957314, "score": 1683999172, "epss": 1678957426}, "_internal": {"score_hash": "35bbecc4f096d4de10c979cb00184864"}, "pluginID": "1361412562311220191496", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1496\");\n script_version(\"2020-01-23T11:56:37+0000\");\n script_cve_id(\"CVE-2016-7117\", \"CVE-2016-7425\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7913\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-7916\", \"CVE-2016-8399\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-8646\", \"CVE-2016-8650\", \"CVE-2016-8655\", \"CVE-2016-8666\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9555\", \"CVE-2016-9576\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2016-9685\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:56:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1496)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1496\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1496\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1496 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.(CVE-2016-7117)\n\nA heap-buffer overflow vulnerability was found in the arcmsr_iop_message_xfer() function in 'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux kernel through 4.8.2. The function does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can potentially cause kernel heap corruption and arbitrary kernel code execution.(CVE-2016-7425)\n\nA flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation.(CVE-2016-7910)\n\nA use-after-free vulnerability in sys_ioprio_get() was found due to get_task_ioprio() accessing the task-io_context without holding the task lock and could potentially race with exit_io_context(), leading to a use-after-free.(CVE-2016-7911)\n\nThe xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-7913)\n\nThe assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures.(CVE-2016-7914)\n\nThe hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915)\n\nRace condition in the environ_read() function in 'fs/proc/base.c' in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a '/proc/*/environ' file during a process-setup time interval in which environment-variable copying is incomplete.(CVE-2016-7916)\n\nA flaw was found in the Linux networking ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Huawei EulerOS Local Security Checks"}

{"nessus": [{"lastseen": "2021-09-24T12:31:35", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within\n __sys_recvmmsg() function.(CVE-2016-7117)\n\n - A heap-buffer overflow vulnerability was found in the arcmsr_iop_message_xfer() function in 'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux kernel through 4.8.2. The function does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can potentially cause kernel heap corruption and arbitrary kernel code execution.(CVE-2016-7425)\n\n - A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation.(CVE-2016-7910)\n\n - A use-after-free vulnerability in sys_ioprio_get() was found due to get_task_ioprio() accessing the task-i1/4zio_context without holding the task lock and could potentially race with exit_io_context(), leading to a use-after-free.(CVE-2016-7911)\n\n - The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-7913)\n\n - The assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures.(CVE-2016-7914)\n\n - The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915)\n\n - Race condition in the environ_read() function in 'fs/proc/base.c' in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a '/proc/*/environ' file during a process-setup time interval in which environment-variable copying is incomplete.(CVE-2016-7916)\n\n - A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto().(CVE-2016-8399)\n\n - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630)\n\n - A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver firewire-net in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution.The flaw requires firewire-net module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network.(CVE-2016-8633)\n\n - It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.(CVE-2016-8645)\n\n - A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.(CVE-2016-8646)\n\n - A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key.(CVE-2016-8650)\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.(CVE-2016-8655)\n\n - A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.(CVE-2016-8666)\n\n - A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution.(CVE-2016-9083)\n\n - The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.(CVE-2016-9084)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.(CVE-2016-9555)\n\n - It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.(CVE-2016-9576)\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest.(CVE-2016-9588)\n\n - It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.(CVE-2016-9604)\n\n - A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2.\n A dedicated attacker could possible exhaust all memory and create a denial of service situation.(CVE-2016-9685)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1496)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-7916", "CVE-2016-8399", "CVE-2016-8630", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-8655", "CVE-2016-8666", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1496.NASL", "href": "https://www.tenable.com/plugins/nessus/124819", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124819);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-7117\",\n \"CVE-2016-7425\",\n \"CVE-2016-7910\",\n \"CVE-2016-7911\",\n \"CVE-2016-7913\",\n \"CVE-2016-7914\",\n \"CVE-2016-7915\",\n \"CVE-2016-7916\",\n \"CVE-2016-8399\",\n \"CVE-2016-8630\",\n \"CVE-2016-8633\",\n \"CVE-2016-8645\",\n \"CVE-2016-8646\",\n \"CVE-2016-8650\",\n \"CVE-2016-8655\",\n \"CVE-2016-8666\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9604\",\n \"CVE-2016-9685\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1496)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A use-after-free vulnerability was found in the\n kernel's socket recvmmsg subsystem. This may allow\n remote attackers to corrupt memory and may allow\n execution of arbitrary code. This corruption takes\n place during the error handling routines within\n __sys_recvmmsg() function.(CVE-2016-7117)\n\n - A heap-buffer overflow vulnerability was found in the\n arcmsr_iop_message_xfer() function in\n 'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux\n kernel through 4.8.2. The function does not restrict a\n certain length field, which allows local users to gain\n privileges or cause a denial of service via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can\n potentially cause kernel heap corruption and arbitrary\n kernel code execution.(CVE-2016-7425)\n\n - A flaw was found in the Linux kernel's implementation\n of seq_file where a local attacker could manipulate\n memory in the put() function pointer. This could lead\n to memory corruption and possible privileged\n escalation.(CVE-2016-7910)\n\n - A use-after-free vulnerability in sys_ioprio_get() was\n found due to get_task_ioprio() accessing the\n task-i1/4zio_context without holding the task lock and\n could potentially race with exit_io_context(), leading\n to a use-after-free.(CVE-2016-7911)\n\n - The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n before 4.6 allows local users to gain privileges or\n cause a denial of service (use-after-free) via vectors\n involving omission of the firmware name from a certain\n data structure. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2016-7913)\n\n - The assoc_array_insert_into_terminal_node() function in\n 'lib/assoc_array.c' in the Linux kernel before 4.5.3\n does not check whether a slot is a leaf, which allows\n local users to obtain sensitive information from kernel\n memory or cause a denial of service (invalid pointer\n dereference and out-of-bounds read) via an application\n that uses associative-array data\n structures.(CVE-2016-7914)\n\n - The hid_input_field() function in\n 'drivers/hid/hid-core.c' in the Linux kernel before 4.6\n allows physically proximate attackers to obtain\n sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read) by connecting a\n device.(CVE-2016-7915)\n\n - Race condition in the environ_read() function in\n 'fs/proc/base.c' in the Linux kernel before 4.5.4\n allows local users to obtain sensitive information from\n kernel memory by reading a '/proc/*/environ' file\n during a process-setup time interval in which\n environment-variable copying is\n incomplete.(CVE-2016-7916)\n\n - A flaw was found in the Linux networking subsystem\n where a local attacker with CAP_NET_ADMIN capabilities\n could cause an out-of-bounds memory access by creating\n a smaller-than-expected ICMP header and sending to its\n destination via sendto().(CVE-2016-8399)\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630)\n\n - A buffer overflow vulnerability due to a lack of input\n filtering of incoming fragmented datagrams was found in\n the IP-over-1394 driver firewire-net in a fragment\n handling code in the Linux kernel. The vulnerability\n exists since firewire supported IPv4, i.e. since\n version 2.6.31 (year 2009) till version v4.9-rc4. A\n maliciously formed fragment with a respectively large\n datagram offset would cause a memcpy() past the\n datagram buffer, which would cause a system panic or\n possible arbitrary code execution.The flaw requires\n firewire-net module to be loaded and is remotely\n exploitable from connected firewire devices, but not\n over a local network.(CVE-2016-8633)\n\n - It was discovered that the Linux kernel since 3.6-rc1\n with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG()\n statement in tcp_collapse() function after making a\n number of certain syscalls leading to a possible system\n crash.(CVE-2016-8645)\n\n - A vulnerability was found in the Linux kernel. An\n unprivileged local user could trigger oops in\n shash_async_export() by attempting to force the\n in-kernel hashing algorithms into decrypting an empty\n data set.(CVE-2016-8646)\n\n - A flaw was found in the Linux kernel key management\n subsystem in which a local attacker could crash the\n kernel or corrupt the stack and additional memory\n (denial of service) by supplying a specially crafted\n RSA key. This flaw panics the machine during the\n verification of the RSA key.(CVE-2016-8650)\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets\n implementation in the Linux kernel networking subsystem\n handled synchronization while creating the TPACKET_V3\n ring buffer. A local user able to open a raw packet\n socket (requires the CAP_NET_RAW capability) could use\n this flaw to elevate their privileges on the\n system.(CVE-2016-8655)\n\n - A flaw was found in the way the Linux kernel's\n networking subsystem handled offloaded packets with\n multiple layers of encapsulation in the GRO (Generic\n Receive Offload) code path. A remote attacker could use\n this flaw to trigger unbounded recursion in the kernel\n that could lead to stack corruption, resulting in a\n system crash.(CVE-2016-8666)\n\n - A flaw was discovered in the Linux kernel's\n implementation of VFIO. An attacker issuing an ioctl\n can create a situation where memory is corrupted and\n modify memory outside of the expected area. This may\n overwrite kernel memory and subvert kernel\n execution.(CVE-2016-9083)\n\n - The use of a kzalloc with an integer multiplication\n allowed an integer overflow condition to be reached in\n vfio_pci_intrs.c. This combined with CVE-2016-9083 may\n allow an attacker to craft an attack and use\n unallocated memory, potentially crashing the\n machine.(CVE-2016-9084)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.(CVE-2016-9555)\n\n - It was found that the blk_rq_map_user_iov() function in\n the Linux kernel's block device implementation did not\n properly restrict the type of iterator, which could\n allow a local attacker to read or write to arbitrary\n kernel memory locations or cause a denial of service\n (use-after-free) by leveraging write access to a\n /dev/sg device.(CVE-2016-9576)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization(nVMX) feature\n enabled(nested=1), is vulnerable to an uncaught\n exception issue. It could occur if an L2 guest was to\n throw an exception which is not handled by an L1\n guest.(CVE-2016-9588)\n\n - It was discovered that root can gain direct access to\n an internal keyring, such as '.dns_resolver' in RHEL-7\n or '.builtin_trusted_keys' upstream, by joining it as\n its session keyring. This allows root to bypass module\n signature verification by adding a new public key of\n its own devising to the keyring.(CVE-2016-9604)\n\n - A flaw was found in the Linux kernel's implementation\n of XFS file attributes. Two memory leaks were detected\n in xfs_attr_shortform_list and xfs_attr3_leaf_list_int\n when running a docker container backed by xfs/overlay2.\n A dedicated attacker could possible exhaust all memory\n and create a denial of service\n situation.(CVE-2016-9685)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1496\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3326f978\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T14:31:11", "description": "The openSUSE 13.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).\n\n - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).\n\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475).\n\n - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n\nThe following non-security bugs were fixed :\n\n - bna: Add synchronization for tx ring (bsc#993739).\n\n - bonding: set carrier off for devices created through netlink (bsc#999577).\n\n - btrfs: fix extent tree corruption due to relocation (bsc#990384).\n\n - introduce NETIF_F_GSO_ENCAP_ALL helper mask (bsc#1001486).\n\n - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).\n\n - ipv6: send only one NEWLINK when RA causes changes (bsc#934067).\n\n - tunnels: Remove encapsulation offloads on decap (bsc#1001486).\n\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n\n - vmxnet3: Wake queue from reset work (bsc#999907).", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1431)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8962", "CVE-2015-8963", "CVE-2016-7042", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-7916", "CVE-2016-8633", "CVE-2016-8646", "CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bbswitch", "p-cpe:/a:novell:opensuse:bbswitch-debugsource", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default", "p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae", "p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen", "p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa"], "id": "OPENSUSE-2016-1431.NASL", "href": "https://www.tenable.com/plugins/nessus/95705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1431.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95705);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8962\", \"CVE-2015-8963\", \"CVE-2016-7042\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7913\", \"CVE-2016-7914\", \"CVE-2016-7916\", \"CVE-2016-8633\", \"CVE-2016-8646\", \"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1431)\");\n script_summary(english:\"Check for the openSUSE-2016-1431 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.2 kernel was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (use-after-free) by\n leveraging incorrect handling of an swevent data\n structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux kernel through 4.8.2,\n when the GNU Compiler Collection (gcc) stack protector\n is enabled, uses an incorrect buffer size for certain\n timeout data, which allowed local users to cause a\n denial of service (stack memory corruption and panic) by\n reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7910: Use-after-free vulnerability in the\n disk_seqf_stop function in block/genhd.c in the Linux\n kernel allowed local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed\n (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio\n function in block/ioprio.c in the Linux kernel allowed\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get system\n call (bnc#1010711).\n\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data\n structure (bnc#1010478).\n\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node\n function in lib/assoc_array.c in the Linux kernel did\n not check whether a slot is a leaf, which allowed local\n users to obtain sensitive information from kernel memory\n or cause a denial of service (invalid pointer\n dereference and out-of-bounds read) via an application\n that uses associative-array data structures, as\n demonstrated by the keyutils test suite (bnc#1010475).\n\n - CVE-2016-7916: Race condition in the environ_read\n function in fs/proc/base.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a /proc/*/environ file during a\n process-setup time interval in which\n environment-variable copying is incomplete\n (bnc#1010467).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel before 4.8.7, in certain unusual hardware\n configurations, allowed remote attackers to execute\n arbitrary code via crafted fragmented packets\n (bnc#1008833).\n\n - CVE-2016-8646: The hash_accept function in\n crypto/algif_hash.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) by attempting\n to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012754).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bnc#1011685).\n\nThe following non-security bugs were fixed :\n\n - bna: Add synchronization for tx ring (bsc#993739).\n\n - bonding: set carrier off for devices created through\n netlink (bsc#999577).\n\n - btrfs: fix extent tree corruption due to relocation\n (bsc#990384).\n\n - introduce NETIF_F_GSO_ENCAP_ALL helper mask\n (bsc#1001486).\n\n - ipv6: send NEWLINK on RA managed/otherconf changes\n (bsc#934067).\n\n - ipv6: send only one NEWLINK when RA causes changes\n (bsc#934067).\n\n - tunnels: Remove encapsulation offloads on decap\n (bsc#1001486).\n\n - usbhid: add ATEN CS962 to list of quirky devices\n (bsc#1007615).\n\n - vmxnet3: Wake queue from reset work (bsc#999907).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999907\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bbswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-0.8-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-debugsource-0.8-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-0.8_k3.16.7_53-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-default-debuginfo-0.8_k3.16.7_53-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-0.8_k3.16.7_53-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-desktop-debuginfo-0.8_k3.16.7_53-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-0.8_k3.16.7_53-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-pae-debuginfo-0.8_k3.16.7_53-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-0.8_k3.16.7_53-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bbswitch-kmp-xen-debuginfo-0.8_k3.16.7_53-3.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-2.639-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debuginfo-2.639-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-debugsource-2.639-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-2.639_k3.16.7_53-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.16.7_53-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-2.639_k3.16.7_53-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.16.7_53-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-2.639_k3.16.7_53-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.16.7_53-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-2.639_k3.16.7_53-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.16.7_53-14.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-7.0.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debuginfo-7.0.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-debugsource-7.0.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-devel-7.0.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-7.0.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-eppic-debuginfo-7.0.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-7.0.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-gcore-debuginfo-7.0.8-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-7.0.8_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-default-debuginfo-7.0.8_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-7.0.8_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-desktop-debuginfo-7.0.8_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-7.0.8_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-pae-debuginfo-7.0.8_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-7.0.8_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"crash-kmp-xen-debuginfo-7.0.8_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-debugsource-1.28-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-1.28_k3.16.7_53-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.16.7_53-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-1.28_k3.16.7_53-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.16.7_53-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-1.28_k3.16.7_53-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.16.7_53-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-1.28_k3.16.7_53-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.16.7_53-18.27.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-6.23-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debuginfo-6.23-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-debugsource-6.23-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-devel-6.23-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-6.23_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-default-debuginfo-6.23_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-6.23_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-desktop-debuginfo-6.23_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-6.23_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-pae-debuginfo-6.23_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-6.23_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"ipset-kmp-xen-debuginfo-6.23_k3.16.7_53-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-default-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-ec2-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-macros-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-3.16.7-53.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-build-debugsource-3.16.7-53.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-obs-qa-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-source-vanilla-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"kernel-syms-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-6.23-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libipset3-debuginfo-6.23-26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-0.44-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debuginfo-0.44-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-debugsource-0.44-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-0.44_k3.16.7_53-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.16.7_53-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-0.44_k3.16.7_53-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.16.7_53-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-0.44_k3.16.7_53-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.16.7_53-260.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"python-virtualbox-debuginfo-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-debugsource-20140629-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-20140629_k3.16.7_53-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-default-debuginfo-20140629_k3.16.7_53-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-20140629_k3.16.7_53-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-desktop-debuginfo-20140629_k3.16.7_53-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-20140629_k3.16.7_53-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-pae-debuginfo-20140629_k3.16.7_53-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-20140629_k3.16.7_53-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"vhba-kmp-xen-debuginfo-20140629_k3.16.7_53-2.26.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debuginfo-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-debugsource-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-devel-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-desktop-icons-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-default-debuginfo-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-kmp-pae-debuginfo-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-tools-debuginfo-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-guest-x11-debuginfo-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-default-debuginfo-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-desktop-debuginfo-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-kmp-pae-debuginfo-5.0.30_k3.16.7_53-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-host-source-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-qt-debuginfo-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"virtualbox-websrv-debuginfo-5.0.30-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-debugsource-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-devel-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-libs-debuginfo-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xen-tools-domU-debuginfo-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-2.6-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debuginfo-2.6-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-debugsource-2.6-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-2.6_k3.16.7_53-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-default-debuginfo-2.6_k3.16.7_53-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-2.6_k3.16.7_53-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.6_k3.16.7_53-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-2.6_k3.16.7_53-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-pae-debuginfo-2.6_k3.16.7_53-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-2.6_k3.16.7_53-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"xtables-addons-kmp-xen-debuginfo-2.6_k3.16.7_53-28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-pae-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"i686\", reference:\"kernel-xen-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.16.7-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-doc-html-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-4.4.4_05_k3.16.7_53-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-default-debuginfo-4.4.4_05_k3.16.7_53-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-4.4.4_05_k3.16.7_53-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-kmp-desktop-debuginfo-4.4.4_05_k3.16.7_53-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-4.4.4_05-55.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.4.4_05-55.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bbswitch / bbswitch-debugsource / bbswitch-kmp-default / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:56", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0386 advisory.\n\n - Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. (CVE-2016-8655)\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. (CVE-2016-8630)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-03-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2017-0386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-0386.NASL", "href": "https://www.tenable.com/plugins/nessus/97506", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-0386.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97506);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-8630\",\n \"CVE-2016-8655\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\"\n );\n script_xref(name:\"RHSA\", value:\"2017:0386\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2017-0386)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-0386 advisory.\n\n - Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain\n privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to\n change a socket version, related to the packet_set_ring and packet_setsockopt functions. (CVE-2016-8655)\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is\n enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M\n byte in an undefined instruction. (CVE-2016-8630)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer\n overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine\n confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which\n allows local users to cause a denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-0386.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9083\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-514.10.2.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-0386');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-514.10.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.10.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:56", "description": "Security Fix(es) :\n\n - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.\n (CVE-2016-8630, Important)\n\n - A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n (CVE-2016-8655, Important)\n\n - A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution.\n (CVE-2016-9083, Important)\n\n - The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.\n (CVE-2016-9084, Moderate)", "cvss3": {}, "published": "2017-03-03T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20170302)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170302_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/97516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97516);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20170302)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Linux kernel built with the Kernel-based Virtual Machine\n (CONFIG_KVM) support is vulnerable to a NULL pointer\n dereference flaw. It could occur on x86 platform, when\n emulating an undefined instruction. An attacker could\n use this flaw to crash the host kernel resulting in DoS.\n (CVE-2016-8630, Important)\n\n - A race condition issue leading to a use-after-free flaw\n was found in the way the raw packet sockets\n implementation in the Linux kernel networking subsystem\n handled synchronization while creating the TPACKET_V3\n ring buffer. A local user able to open a raw packet\n socket (requires the CAP_NET_RAW capability) could use\n this flaw to elevate their privileges on the system.\n (CVE-2016-8655, Important)\n\n - A flaw was discovered in the Linux kernel's\n implementation of VFIO. An attacker issuing an ioctl can\n create a situation where memory is corrupted and modify\n memory outside of the expected area. This may overwrite\n kernel memory and subvert kernel execution.\n (CVE-2016-9083, Important)\n\n - The use of a kzalloc with an integer multiplication\n allowed an integer overflow condition to be reached in\n vfio_pci_intrs.c. This combined with CVE-2016-9083 may\n allow an attacker to craft an attack and use unallocated\n memory, potentially crashing the machine.\n (CVE-2016-9084, Moderate)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1703&L=scientific-linux-errata&F=&S=&P=761\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfa446\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:16", "description": "The 4.8.8 stable kernel update contains a number of important fixes across the tree.\n\n----\n\nThe 4.8.7 kernel rebase contains new hardware support, additional features, and a number of important bug fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-25T00:00:00", "type": "nessus", "title": "Fedora 23 : kernel (2016-ee3a114958)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8630", "CVE-2016-8645", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-EE3A114958.NASL", "href": "https://www.tenable.com/plugins/nessus/95308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-ee3a114958.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95308);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8630\", \"CVE-2016-8645\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n script_xref(name:\"FEDORA\", value:\"2016-ee3a114958\");\n\n script_name(english:\"Fedora 23 : kernel (2016-ee3a114958)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.8 stable kernel update contains a number of important fixes\nacross the tree.\n\n----\n\nThe 4.8.7 kernel rebase contains new hardware support, additional\nfeatures, and a number of important bug fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-ee3a114958\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8630\", \"CVE-2016-8645\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-ee3a114958\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"kernel-4.8.8-100.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:42:27", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-03861 advisory.\n\n - Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions. (CVE-2016-8655)\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. (CVE-2016-8630)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ELSA-2017-0386-1: / kernel (ELSA-2017-03861)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2023-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-03861.NASL", "href": "https://www.tenable.com/plugins/nessus/180782", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-03861.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180782);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/08\");\n\n script_cve_id(\n \"CVE-2016-8630\",\n \"CVE-2016-8655\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\"\n );\n\n script_name(english:\"Oracle Linux 7 : ELSA-2017-0386-1: / kernel (ELSA-2017-03861)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-03861 advisory.\n\n - Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain\n privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to\n change a socket version, related to the packet_set_ring and packet_setsockopt functions. (CVE-2016-8655)\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is\n enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M\n byte in an undefined instruction. (CVE-2016-8630)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer\n overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine\n confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which\n allows local users to cause a denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-0386-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9083\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2016-9084\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-514.10.2.0.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-03861');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-abi-whitelists-3.10.0-514.10.2.0.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-debug-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.10.2.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:07", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw.\nIt could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important)\n\n* A flaw was discovered in the Linux kernel's implementation of VFIO.\nAn attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important)\n\n* The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.\n(CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting CVE-2016-8655.\n\nAdditional Changes :\n\nSpace precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article:\nhttps://access.redhat.com/articles/ 2940041.", "cvss3": {}, "published": "2017-03-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2017:0386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0386.NASL", "href": "https://www.tenable.com/plugins/nessus/97509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0386. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97509);\n script_version(\"3.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n script_xref(name:\"RHSA\", value:\"2017:0386\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2017:0386)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw.\nIt could occur on x86 platform, when emulating an undefined\ninstruction. An attacker could use this flaw to crash the host kernel\nresulting in DoS. (CVE-2016-8630, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in\nthe way the raw packet sockets implementation in the Linux kernel\nnetworking subsystem handled synchronization while creating the\nTPACKET_V3 ring buffer. A local user able to open a raw packet socket\n(requires the CAP_NET_RAW capability) could use this flaw to elevate\ntheir privileges on the system. (CVE-2016-8655, Important)\n\n* A flaw was discovered in the Linux kernel's implementation of VFIO.\nAn attacker issuing an ioctl can create a situation where memory is\ncorrupted and modify memory outside of the expected area. This may\noverwrite kernel memory and subvert kernel execution. (CVE-2016-9083,\nImportant)\n\n* The use of a kzalloc with an integer multiplication allowed an\ninteger overflow condition to be reached in vfio_pci_intrs.c. This\ncombined with CVE-2016-9083 may allow an attacker to craft an attack\nand use unallocated memory, potentially crashing the machine.\n(CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting\nCVE-2016-8655.\n\nAdditional Changes :\n\nSpace precludes documenting all of the bug fixes and enhancements\nincluded in this advisory. To see the complete list of bug fixes and\nenhancements, refer to the following KnowledgeBase article:\nhttps://access.redhat.com/articles/ 2940041.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/2940041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9084\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:0386\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0386\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.10.2.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:39", "description": "CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c\n\nIt was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcp_fastopen; set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.\n\nCVE-2016-8655 kernel: Race condition in packet_set_ring leads to use after free\n\nA race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n\nCVE-2016-9083 kernel: State machine confusion bug in vfio driver leading to memory corruption\n\nA flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution.\n\nCVE-2016-9084 kernel: Integer overflow when using kzalloc in vfio driver\n\nThe use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.", "cvss3": {}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2016-772)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8645", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2019-04-11T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2016-772.NASL", "href": "https://www.tenable.com/plugins/nessus/95609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2016-772.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95609);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/04/11 17:23:06\");\n\n script_cve_id(\"CVE-2016-8645\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n script_xref(name:\"ALAS\", value:\"2016-772\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2016-772)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2016-8645 kernel: a BUG() statement can be hit in\nnet/ipv4/tcp_input.c\n\nIt was discovered that the Linux kernel since 3.6-rc1 with\nnet.ipv4.tcp_fastopen; set to 1 can hit BUG() statement in\ntcp_collapse() function after making a number of certain syscalls\nleading to a possible system crash.\n\nCVE-2016-8655 kernel: Race condition in packet_set_ring leads to use\nafter free\n\nA race condition issue leading to a use-after-free flaw was found in\nthe way the raw packet sockets implementation in the Linux kernel\nnetworking subsystem handled synchronization while creating the\nTPACKET_V3 ring buffer. A local user able to open a raw packet socket\n(requires the CAP_NET_RAW capability) could use this flaw to elevate\ntheir privileges on the system.\n\nCVE-2016-9083 kernel: State machine confusion bug in vfio driver\nleading to memory corruption\n\nA flaw was discovered in the Linux kernel's implementation of VFIO. An\nattacker issuing an ioctl can create a situation where memory is\ncorrupted and modify memory outside of the expected area. This may\noverwrite kernel memory and subvert kernel execution.\n\nCVE-2016-9084 kernel: Integer overflow when using kzalloc in vfio\ndriver\n\nThe use of a kzalloc with an integer multiplication allowed an integer\noverflow condition to be reached in vfio_pci_intrs.c. This combined\nwith CVE-2016-9083 may allow an attacker to craft an attack and use\nunallocated memory, potentially crashing the machine.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2016-772.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.35-33.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.35-33.55.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:18:49", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw.\nIt could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important)\n\n* A flaw was discovered in the Linux kernel's implementation of VFIO.\nAn attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important)\n\n* The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.\n(CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting CVE-2016-8655.\n\nAdditional Changes :\n\nSpace precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article:\nhttps://access.redhat.com/articles/ 2940041.", "cvss3": {}, "published": "2017-03-07T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2017:0386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0386.NASL", "href": "https://www.tenable.com/plugins/nessus/97558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0386 and \n# CentOS Errata and Security Advisory 2017:0386 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97558);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n script_xref(name:\"RHSA\", value:\"2017:0386\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2017:0386)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw.\nIt could occur on x86 platform, when emulating an undefined\ninstruction. An attacker could use this flaw to crash the host kernel\nresulting in DoS. (CVE-2016-8630, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in\nthe way the raw packet sockets implementation in the Linux kernel\nnetworking subsystem handled synchronization while creating the\nTPACKET_V3 ring buffer. A local user able to open a raw packet socket\n(requires the CAP_NET_RAW capability) could use this flaw to elevate\ntheir privileges on the system. (CVE-2016-8655, Important)\n\n* A flaw was discovered in the Linux kernel's implementation of VFIO.\nAn attacker issuing an ioctl can create a situation where memory is\ncorrupted and modify memory outside of the expected area. This may\noverwrite kernel memory and subvert kernel execution. (CVE-2016-9083,\nImportant)\n\n* The use of a kzalloc with an integer multiplication allowed an\ninteger overflow condition to be reached in vfio_pci_intrs.c. This\ncombined with CVE-2016-9083 may allow an attacker to craft an attack\nand use unallocated memory, potentially crashing the machine.\n(CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting\nCVE-2016-8655.\n\nAdditional Changes :\n\nSpace precludes documenting all of the bug fixes and enhancements\nincluded in this advisory. To see the complete list of bug fixes and\nenhancements, refer to the following KnowledgeBase article:\nhttps://access.redhat.com/articles/ 2940041.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-March/022324.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6d0d2dd9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8655\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.10.2.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.10.2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:48", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw.\nIt could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important)\n\n* A flaw was discovered in the Linux kernel's implementation of VFIO.\nAn attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important)\n\n* The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.\n(CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting CVE-2016-8655.\n\nAdditional Changes :\n\nSpace precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article:\nhttps://access.redhat.com/articles/ 2940041.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:kernel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists", "p-cpe:/a:virtuozzo:virtuozzo:kernel-debug", "p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:kernel-doc", "p-cpe:/a:virtuozzo:virtuozzo:kernel-headers", "p-cpe:/a:virtuozzo:virtuozzo:kernel-tools", "p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs", "p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs-devel", "p-cpe:/a:virtuozzo:virtuozzo:perf", "p-cpe:/a:virtuozzo:virtuozzo:python-perf", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0386.NASL", "href": "https://www.tenable.com/plugins/nessus/101431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101431);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-8630\",\n \"CVE-2016-8655\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\"\n );\n\n script_name(english:\"Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0386)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw.\nIt could occur on x86 platform, when emulating an undefined\ninstruction. An attacker could use this flaw to crash the host kernel\nresulting in DoS. (CVE-2016-8630, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in\nthe way the raw packet sockets implementation in the Linux kernel\nnetworking subsystem handled synchronization while creating the\nTPACKET_V3 ring buffer. A local user able to open a raw packet socket\n(requires the CAP_NET_RAW capability) could use this flaw to elevate\ntheir privileges on the system. (CVE-2016-8655, Important)\n\n* A flaw was discovered in the Linux kernel's implementation of VFIO.\nAn attacker issuing an ioctl can create a situation where memory is\ncorrupted and modify memory outside of the expected area. This may\noverwrite kernel memory and subvert kernel execution. (CVE-2016-9083,\nImportant)\n\n* The use of a kzalloc with an integer multiplication allowed an\ninteger overflow condition to be reached in vfio_pci_intrs.c. This\ncombined with CVE-2016-9083 may allow an attacker to craft an attack\nand use unallocated memory, potentially crashing the machine.\n(CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting\nCVE-2016-8655.\n\nAdditional Changes :\n\nSpace precludes documenting all of the bug fixes and enhancements\nincluded in this advisory. To see the complete list of bug fixes and\nenhancements, refer to the following KnowledgeBase article:\nhttps://access.redhat.com/articles/ 2940041.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0386.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43a5fb2d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0386\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel / kernel-abi-whitelists / kernel-debug / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.10.2.vl7\",\n \"kernel-abi-whitelists-3.10.0-514.10.2.vl7\",\n \"kernel-debug-3.10.0-514.10.2.vl7\",\n \"kernel-debug-devel-3.10.0-514.10.2.vl7\",\n \"kernel-devel-3.10.0-514.10.2.vl7\",\n \"kernel-doc-3.10.0-514.10.2.vl7\",\n \"kernel-headers-3.10.0-514.10.2.vl7\",\n \"kernel-tools-3.10.0-514.10.2.vl7\",\n \"kernel-tools-libs-3.10.0-514.10.2.vl7\",\n \"kernel-tools-libs-devel-3.10.0-514.10.2.vl7\",\n \"perf-3.10.0-514.10.2.vl7\",\n \"python-perf-3.10.0-514.10.2.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:10:21", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw.\nIt could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important)\n\n* A flaw was discovered in the Linux kernel's implementation of VFIO.\nAn attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important)\n\n* The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.\n(CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting CVE-2016-8655.\n\nBug Fix(es) :\n\n* Previously, the asynchronous page fault woke code references spinlocks, which were actually sleeping locks in the RT kernel.\nBecause of this, when the code was executed from the exception context, a bug warning appeared on the console. With this update, the regular wait queue and spinlock code in this area has been modified to use simple-wait-queue and raw-spinlocks. This code change enables the asynchronous page fault code to run in a non-preemptable state without bug warnings. (BZ#1418035)", "cvss3": {}, "published": "2017-03-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2017:0387)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8630", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2017-0387.NASL", "href": "https://www.tenable.com/plugins/nessus/97510", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0387. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97510);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n script_xref(name:\"RHSA\", value:\"2017:0387\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2017:0387)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support is vulnerable to a NULL pointer dereference flaw.\nIt could occur on x86 platform, when emulating an undefined\ninstruction. An attacker could use this flaw to crash the host kernel\nresulting in DoS. (CVE-2016-8630, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in\nthe way the raw packet sockets implementation in the Linux kernel\nnetworking subsystem handled synchronization while creating the\nTPACKET_V3 ring buffer. A local user able to open a raw packet socket\n(requires the CAP_NET_RAW capability) could use this flaw to elevate\ntheir privileges on the system. (CVE-2016-8655, Important)\n\n* A flaw was discovered in the Linux kernel's implementation of VFIO.\nAn attacker issuing an ioctl can create a situation where memory is\ncorrupted and modify memory outside of the expected area. This may\noverwrite kernel memory and subvert kernel execution. (CVE-2016-9083,\nImportant)\n\n* The use of a kzalloc with an integer multiplication allowed an\ninteger overflow condition to be reached in vfio_pci_intrs.c. This\ncombined with CVE-2016-9083 may allow an attacker to craft an attack\nand use unallocated memory, potentially crashing the machine.\n(CVE-2016-9084, Moderate)\n\nRed Hat would like to thank Philip Pettersson for reporting\nCVE-2016-8655.\n\nBug Fix(es) :\n\n* Previously, the asynchronous page fault woke code references\nspinlocks, which were actually sleeping locks in the RT kernel.\nBecause of this, when the code was executed from the exception\ncontext, a bug warning appeared on the console. With this update, the\nregular wait queue and spinlock code in this area has been modified to\nuse simple-wait-queue and raw-spinlocks. This code change enables the\nasynchronous page fault code to run in a non-preemptable state without\nbug warnings. (BZ#1418035)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-8655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9084\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-8630\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:0387\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0387\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-514.10.2.rt56.435.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:20", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.(CVE-2016-7910)\n\n - Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.(CVE-2016-7911)\n\n - The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.(CVE-2016-7914)\n\n - The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.(CVE-2016-3841)\n\n - Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.(CVE-2016-7916)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3841", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7914", "CVE-2016-7916"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2016-1089.NASL", "href": "https://www.tenable.com/plugins/nessus/99846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99846);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-3841\",\n \"CVE-2016-7910\",\n \"CVE-2016-7911\",\n \"CVE-2016-7914\",\n \"CVE-2016-7916\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Use-after-free vulnerability in the disk_seqf_stop\n function in block/genhd.c in the Linux kernel before\n 4.7.1 allows local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had\n failed.(CVE-2016-7910)\n\n - Race condition in the get_task_ioprio function in\n block/ioprio.c in the Linux kernel before 4.6.6 allows\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get\n system call.(CVE-2016-7911)\n\n - The assoc_array_insert_into_terminal_node function in\n lib/assoc_array.c in the Linux kernel before 4.5.3 does\n not check whether a slot is a leaf, which allows local\n users to obtain sensitive information from kernel\n memory or cause a denial of service (invalid pointer\n dereference and out-of-bounds read) via an application\n that uses associative-array data structures, as\n demonstrated by the keyutils test suite.(CVE-2016-7914)\n\n - The IPv6 stack in the Linux kernel before 4.3.3\n mishandles options data, which allows local users to\n gain privileges or cause a denial of service\n (use-after-free and system crash) via a crafted sendmsg\n system call.(CVE-2016-3841)\n\n - Race condition in the environ_read function in\n fs/proc/base.c in the Linux kernel before 4.5.4 allows\n local users to obtain sensitive information from kernel\n memory by reading a /proc/*/environ file during a\n process-setup time interval in which\n environment-variable copying is\n incomplete.(CVE-2016-7916)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1089\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?743b78fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.42.1.105\",\n \"kernel-debug-3.10.0-229.42.1.105\",\n \"kernel-debuginfo-3.10.0-229.42.1.105\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.42.1.105\",\n \"kernel-devel-3.10.0-229.42.1.105\",\n \"kernel-headers-3.10.0-229.42.1.105\",\n \"kernel-tools-3.10.0-229.42.1.105\",\n \"kernel-tools-libs-3.10.0-229.42.1.105\",\n \"perf-3.10.0-229.42.1.105\",\n \"python-perf-3.10.0-229.42.1.105\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:14", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - vfio/pci: Fix integer overflows, bitmask check (Vlad Tsyrklevich) [Orabug: 25164094] (CVE-2016-9083) (CVE-2016-9084)\n\n - Don't feed anything but regular iovec's to blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931] (CVE-2016-9576)\n\n - kvm: x86: Check memopp before dereference (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387] (CVE-2016-8630)\n\n - crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417799] (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462755] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799] (CVE-2016-4485)\n\n - xen-netback: fix extra_info handling in xenvif_tx_err (Paul Durrant) [Orabug: 25445336]\n\n - net: Documentation: Fix default value tcp_limit_output_bytes (Niklas Cassel) [Orabug:\n 25458076]\n\n - tcp: double default TSQ output bytes limit (Wei Liu) [Orabug: 25458076]\n\n - xenbus: fix deadlock on writes to /proc/xen/xenbus (David Vrabel)", "cvss3": {}, "published": "2017-02-09T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0039.NASL", "href": "https://www.tenable.com/plugins/nessus/97079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0039.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97079);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-8630\", \"CVE-2016-8646\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9576\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0039)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - vfio/pci: Fix integer overflows, bitmask check (Vlad\n Tsyrklevich) [Orabug: 25164094] (CVE-2016-9083)\n (CVE-2016-9084)\n\n - Don't feed anything but regular iovec's to\n blk_rq_map_user_iov (Linus Torvalds) [Orabug: 25231931]\n (CVE-2016-9576)\n\n - kvm: x86: Check memopp before dereference\n (CVE-2016-8630) (Owen Hofmann) [Orabug: 25417387]\n (CVE-2016-8630)\n\n - crypto: algif_hash - Only export and import on sockets\n with data (Herbert Xu) [Orabug: 25417799]\n (CVE-2016-8646)\n\n - USB: usbfs: fix potential infoleak in devio (Kangjie Lu)\n [Orabug: 25462755] (CVE-2016-4482)\n\n - net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462799]\n (CVE-2016-4485)\n\n - xen-netback: fix extra_info handling in xenvif_tx_err\n (Paul Durrant) [Orabug: 25445336]\n\n - net: Documentation: Fix default value\n tcp_limit_output_bytes (Niklas Cassel) [Orabug:\n 25458076]\n\n - tcp: double default TSQ output bytes limit (Wei Liu)\n [Orabug: 25458076]\n\n - xenbus: fix deadlock on writes to /proc/xen/xenbus\n (David Vrabel)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-February/000647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23a1489f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.1.27.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.1.27.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:00", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3514 advisory.\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction. (CVE-2016-8630)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message. (CVE-2016-4485)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-02-08T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3514.NASL", "href": "https://www.tenable.com/plugins/nessus/97057", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3514.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97057);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-8630\",\n \"CVE-2016-8646\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9576\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3514)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3514 advisory.\n\n - The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is\n enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M\n byte in an undefined instruction. (CVE-2016-8630)\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a\n certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by\n reading a message. (CVE-2016-4485)\n\n - drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer\n overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a state machine\n confusion bug. (CVE-2016-9083)\n\n - drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which\n allows local users to cause a denial of service (integer overflow) or have unspecified other impact by\n leveraging access to a vfio PCI device file. (CVE-2016-9084)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.\n (CVE-2016-9576)\n\n - The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to\n cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data. (CVE-2016-8646)\n\n - The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (CVE-2016-4482)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3514.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9576\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.27.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.27.el6uek', '4.1.12-61.1.27.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3514');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.27.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.27.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.27.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.27.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.27.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.27.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.27.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.27.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.27.el6uek / dtrace-modules-4.1.12-61.1.27.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:28", "description": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-27T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3249-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3249-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96134", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3249-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96134);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7117\", \"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3249-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163249-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2561e426\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1895=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1895=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_34-default-7-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_34-xen-7-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:57", "description": "This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3119-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3119-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3119-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95805);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7117\", \"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3119-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163119-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?740f7455\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1814=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1814=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_39-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_39-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_39-xen-6-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:19", "description": "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3112-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3112-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3112-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95802);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7117\", \"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3112-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163112-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b29a9076\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1807=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1807=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_42-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_42-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_42-xen-4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:14", "description": "This update for the Linux Kernel 3.12.55-52_45 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3109-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3109-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3109-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95799);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7117\", \"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3109-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.55-52_45 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163109-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c837e5e2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1809=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1809=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_55-52_45-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_45-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_55-52_45-xen-4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:57", "description": "This update for the Linux Kernel 3.12.51-52_31 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3111-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7117", "CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_31-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_31-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3111-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95801", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3111-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95801);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-7117\", \"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3111-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.51-52_31 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bsc#1012183).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bsc#1003253).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163111-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29eee445\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1806=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1806=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_31-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_31-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_31-default-7-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_51-52_31-xen-7-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:48", "description": "CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097)\n\nMarco Grassi discovered that the driver for Areca RAID Controllers in the Linux kernel did not properly validate control messages. A local attacker could use this to cause a denial of service (system crash) or possibly gain privileges. (CVE-2016-7425)\n\nIt was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a NULL pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630)\n\nEyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges.\n(CVE-2016-8633)\n\nMarco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2016-8645)\n\nIt was discovered that the keyring implementation in the Linux kernel improperly handled crypto registration in conjunction with successful key- type registration. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9313)\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3162-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6213", "CVE-2016-7097", "CVE-2016-7425", "CVE-2016-8630", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9313", "CVE-2016-9555"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3162-2.NASL", "href": "https://www.tenable.com/plugins/nessus/96000", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3162-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96000);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-6213\", \"CVE-2016-7097\", \"CVE-2016-7425\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9313\", \"CVE-2016-9555\");\n script_xref(name:\"USN\", value:\"3162-2\");\n\n script_name(english:\"Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3162-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"CAI Qian discovered that shared bind mounts in a mount namespace\nexponentially added entries without restriction to the Linux kernel's\nmount table. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2016-6213)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem\nimplementation in the Linux kernel did not clear the setgid bit during\na setxattr call. A local attacker could use this to possibly elevate\ngroup privileges. (CVE-2016-7097)\n\nMarco Grassi discovered that the driver for Areca RAID Controllers in\nthe Linux kernel did not properly validate control messages. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly gain privileges. (CVE-2016-7425)\n\nIt was discovered that the KVM implementation for x86/x86_64 in the\nLinux kernel could dereference a NULL pointer. An attacker in a guest\nvirtual machine could use this to cause a denial of service (system\ncrash) in the KVM host. (CVE-2016-8630)\n\nEyal Itkin discovered that the IP over IEEE 1394 (FireWire)\nimplementation in the Linux kernel contained a buffer overflow when\nhandling fragmented packets. A remote attacker could use this to\npossibly execute arbitrary code with administrative privileges.\n(CVE-2016-8633)\n\nMarco Grassi discovered that the TCP implementation in the Linux\nkernel mishandles socket buffer (skb) truncation. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-8645)\n\nIt was discovered that the keyring implementation in the Linux kernel\nimproperly handled crypto registration in conjunction with successful\nkey- type registration. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-9313)\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux\nkernel improperly handled validation of incoming data. A remote\nattacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3162-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.8-raspi2 and / or linux-image-raspi2\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-6213\", \"CVE-2016-7097\", \"CVE-2016-7425\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9313\", \"CVE-2016-9555\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3162-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1021-raspi2\", pkgver:\"4.8.0-1021.24\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1021.24\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-raspi2 / linux-image-raspi2\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:02", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).\n\n - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).\n\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475).\n\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product:\n Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935 (bnc#1014746).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug' (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531 1013542).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540 1017589).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bsc#1019851).\n\n - CVE-2017-2583: Fixed broken emulation of 'MOV SS, null selector' (bsc#1020602).\n\n - CVE-2017-5551: Clear SGID bit when setting file permissions on tmpfs (bsc#1021258).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8962", "CVE-2015-8963", "CVE-2015-8964", "CVE-2016-10088", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7913", "CVE-2016-7914", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9806", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-5551"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0464-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97189", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0464-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97189);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-8962\", \"CVE-2015-8963\", \"CVE-2015-8964\", \"CVE-2016-10088\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7913\", \"CVE-2016-7914\", \"CVE-2016-8399\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9576\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9806\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5551\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (use-after-free) by\n leveraging incorrect handling of an swevent data\n structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-10088: The sg implementation in the Linux\n kernel did not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-7910: Use-after-free vulnerability in the\n disk_seqf_stop function in block/genhd.c in the Linux\n kernel allowed local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed\n (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio\n function in block/ioprio.c in the Linux kernel allowed\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get system\n call (bnc#1010711).\n\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data\n structure (bnc#1010478).\n\n - CVE-2016-7914: The assoc_array_insert_into_terminal_node\n function in lib/assoc_array.c in the Linux kernel did\n not check whether a slot is a leaf, which allowed local\n users to obtain sensitive information from kernel memory\n or cause a denial of service (invalid pointer\n dereference and out-of-bounds read) via an application\n that uses associative-array data structures, as\n demonstrated by the keyutils test suite (bnc#1010475).\n\n - CVE-2016-8399: An elevation of privilege vulnerability\n in the kernel networking subsystem could enable a local\n malicious application to execute arbitrary code within\n the context of the kernel. This issue is rated as\n Moderate because it first requires compromising a\n privileged process and current compiler optimizations\n restrict access to the vulnerable code. Product:\n Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:\n A-31349935 (bnc#1014746).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel, in certain unusual hardware configurations,\n allowed remote attackers to execute arbitrary code via\n crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel\n mishandled skb truncation, which allowed local users to\n cause a denial of service (system crash) via a crafted\n application that made sendto system calls, related to\n net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c\n (bnc#1009969).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux\n kernel allowed local users to bypass integer overflow\n checks, and cause a denial of service (memory\n corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a\n VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine\n confusion bug' (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the\n Linux kernel misuses the kzalloc function, which allowed\n local users to cause a denial of service (integer\n overflow) or have unspecified other impact by leveraging\n access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux\n kernel did not properly initialize Code Segment (CS) in\n certain error cases, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application (bnc#1013038).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531\n 1013542).\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bnc#1013540\n 1017589).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt (bsc#1019851).\n\n - CVE-2017-2583: Fixed broken emulation of 'MOV SS, null\n selector' (bsc#1020602).\n\n - CVE-2017-5551: Clear SGID bit when setting file\n permissions on tmpfs (bsc#1021258).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019300\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=856380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=857394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=858727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921778\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923037\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=938963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8963/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7910/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7914/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8645/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9083/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9084/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9756/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5551/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170464-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a768a9e4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2017-238=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-238=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-238=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-238=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-238=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-238=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.69-60.64.29.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.69-60.64.29.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:23", "description": "CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)\n\nIt was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a NULL pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630)\n\nEyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges.\n(CVE-2016-8633)\n\nMarco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2016-8645)\n\nIt was discovered that the keyring implementation in the Linux kernel improperly handled crypto registration in conjunction with successful key- type registration. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9313)\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux vulnerabilities (USN-3162-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6213", "CVE-2016-8630", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9313", "CVE-2016-9555"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3162-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3162-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95999);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-6213\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9313\", \"CVE-2016-9555\");\n script_xref(name:\"USN\", value:\"3162-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux vulnerabilities (USN-3162-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"CAI Qian discovered that shared bind mounts in a mount namespace\nexponentially added entries without restriction to the Linux kernel's\nmount table. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2016-6213)\n\nIt was discovered that the KVM implementation for x86/x86_64 in the\nLinux kernel could dereference a NULL pointer. An attacker in a guest\nvirtual machine could use this to cause a denial of service (system\ncrash) in the KVM host. (CVE-2016-8630)\n\nEyal Itkin discovered that the IP over IEEE 1394 (FireWire)\nimplementation in the Linux kernel contained a buffer overflow when\nhandling fragmented packets. A remote attacker could use this to\npossibly execute arbitrary code with administrative privileges.\n(CVE-2016-8633)\n\nMarco Grassi discovered that the TCP implementation in the Linux\nkernel mishandles socket buffer (skb) truncation. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-8645)\n\nIt was discovered that the keyring implementation in the Linux kernel\nimproperly handled crypto registration in conjunction with successful\nkey- type registration. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-9313)\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux\nkernel improperly handled validation of incoming data. A remote\nattacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3162-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-6213\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9313\", \"CVE-2016-9555\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3162-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-32-generic\", pkgver:\"4.8.0-32.34\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-32-generic-lpae\", pkgver:\"4.8.0-32.34\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-32-lowlatency\", pkgver:\"4.8.0-32.34\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.32.41\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.32.41\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.32.41\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:41", "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.36 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754).\n\n - CVE-2016-9794: A use-after-free in ALSA pcm could lead to crashes or allowed local users to potentially gain privileges (bsc#1013533).\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2016-9178: The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel did not initialize a certain integer variable, which allowed local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call (bnc#1008650).\n\n - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-8630: The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel, when KVM is enabled, allowed local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction (bnc#1009222).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).\n\nThe following non-security bugs were fixed :\n\n - ata: ahci_xgene: dereferencing uninitialized pointer in probe (bsc#1006580).\n\n - blacklist.conf: add some commits (bsc#1006580)\n\n - bna: Add synchronization for tx ring (bsc#993739).\n\n - bonding: set carrier off for devices created through netlink (bsc#999577).\n\n - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171).\n\n - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171).\n\n - btrfs: fix extent tree corruption due to relocation (bsc#990384).\n\n - btrfs: fix races on root_log_ctx lists (bsc#1007653).\n\n - ext4: fix data exposure after a crash (bsc#1012876).\n\n - ext4: fix reference counting bug on block allocation error (bsc#1012876).\n\n - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486).\n\n - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486).\n\n - ipv6: send NEWLINK on RA managed/otherconf changes (bsc#934067).\n\n - ipv6: send only one NEWLINK when RA causes changes (bsc#934067).\n\n - isofs: Do not return EACCES for unknown filesystems (bsc#1012876).\n\n - jbd2: fix checkpoint list cleanup (bsc#1012876).\n\n - jbd2: Fix unreclaimed pages after truncate in data=journal mode (bsc#1010909).\n\n - locking/static_key: Fix concurrent static_key_slow_inc() (bsc#1006580).\n\n - mmc: Fix kabi breakage of mmc-block in 4.1.36 (stable-4.1.36).\n\n - posix_acl: Added fix for f2fs.\n\n - Revert 'kbuild: add -fno-PIE' (stable-4.1.36).\n\n - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (stable-4.1.36).\n\n - tunnels: Remove encapsulation offloads on decap (bsc#1001486).\n\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n\n - vmxnet3: Wake queue from reset work (bsc#999907).", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1428)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8956", "CVE-2015-8962", "CVE-2015-8963", "CVE-2015-8964", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7913", "CVE-2016-8630", "CVE-2016-8633", "CVE-2016-8646", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9178", "CVE-2016-9555", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:drbd", "p-cpe:/a:novell:opensuse:drbd-debugsource", "p-cpe:/a:novell:opensuse:drbd-kmp-default", "p-cpe:/a:novell:opensuse:drbd-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:drbd-kmp-pv", "p-cpe:/a:novell:opensuse:drbd-kmp-pv-debuginfo", "p-cpe:/a:novell:opensuse:drbd-kmp-xen", "p-cpe:/a:novell:opensuse:drbd-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pv", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pv-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pv", "p-cpe:/a:novell:opensuse:ipset-kmp-pv-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:lttng-modules", "p-cpe:/a:novell:opensuse:lttng-modules-debugsource", "p-cpe:/a:novell:opensuse:lttng-modules-kmp-default", "p-cpe:/a:novell:opensuse:lttng-modules-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:lttng-modules-kmp-pv", "p-cpe:/a:novell:opensuse:lttng-modules-kmp-pv-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pv", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pv-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pv", "p-cpe:/a:novell:opensuse:vhba-kmp-pv-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1428.NASL", "href": "https://www.tenable.com/plugins/nessus/95702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1428.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95702);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8956\", \"CVE-2015-8962\", \"CVE-2015-8963\", \"CVE-2015-8964\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-7913\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8646\", \"CVE-2016-8655\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9178\", \"CVE-2016-9555\", \"CVE-2016-9794\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1428)\");\n script_summary(english:\"Check for the openSUSE-2016-1428 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel was updated to 4.1.36 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012754).\n\n - CVE-2016-9794: A use-after-free in ALSA pcm could lead\n to crashes or allowed local users to potentially gain\n privileges (bsc#1013533).\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2016-9178: The __get_user_asm_ex macro in\n arch/x86/include/asm/uaccess.h in the Linux kernel did\n not initialize a certain integer variable, which allowed\n local users to obtain sensitive information from kernel\n stack memory by triggering failure of a get_user_ex call\n (bnc#1008650).\n\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data\n structure (bnc#1010478).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2015-8963: Race condition in kernel/events/core.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (use-after-free) by\n leveraging incorrect handling of an swevent data\n structure during a CPU unplug operation (bnc#1010502).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-8646: The hash_accept function in\n crypto/algif_hash.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) by attempting\n to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel in certain unusual hardware configurations,\n allowed remote attackers to execute arbitrary code via\n crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-8630: The x86_decode_insn function in\n arch/x86/kvm/emulate.c in the Linux kernel, when KVM is\n enabled, allowed local users to cause a denial of\n service (host OS crash) via a certain use of a ModR/M\n byte in an undefined instruction (bnc#1009222).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux\n kernel allowed local users to bypass integer overflow\n checks, and cause a denial of service (memory\n corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a\n VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine\n confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the\n Linux kernel misuses the kzalloc function, which allowed\n local users to cause a denial of service (integer\n overflow) or have unspecified other impact by leveraging\n access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux kernel through 4.8.2,\n when the GNU Compiler Collection (gcc) stack protector\n is enabled, uses an incorrect buffer size for certain\n timeout data, which allowed local users to cause a\n denial of service (stack memory corruption and panic) by\n reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7097: The filesystem implementation in the\n Linux kernel preserves the setgid bit during a setxattr\n call, which allowed local users to gain group privileges\n by leveraging the existence of a setgid program with\n restrictions on execute permissions (bnc#995968).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed\n local users to obtain sensitive information or cause a\n denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM\n socket (bnc#1003925).\n\nThe following non-security bugs were fixed :\n\n - ata: ahci_xgene: dereferencing uninitialized pointer in\n probe (bsc#1006580).\n\n - blacklist.conf: add some commits (bsc#1006580)\n\n - bna: Add synchronization for tx ring (bsc#993739).\n\n - bonding: set carrier off for devices created through\n netlink (bsc#999577).\n\n - btrfs: deal with duplicates during extent_map insertion\n in btrfs_get_extent (bsc#1001171).\n\n - btrfs: deal with existing encompassing extent map in\n btrfs_get_extent() (bsc#1001171).\n\n - btrfs: fix extent tree corruption due to relocation\n (bsc#990384).\n\n - btrfs: fix races on root_log_ctx lists (bsc#1007653).\n\n - ext4: fix data exposure after a crash (bsc#1012876).\n\n - ext4: fix reference counting bug on block allocation\n error (bsc#1012876).\n\n - gre: Disable segmentation offloads w/ CSUM and we are\n encapsulated via FOU (bsc#1001486).\n\n - gro: Allow tunnel stacking in the case of FOU/GUE\n (bsc#1001486).\n\n - ipv6: send NEWLINK on RA managed/otherconf changes\n (bsc#934067).\n\n - ipv6: send only one NEWLINK when RA causes changes\n (bsc#934067).\n\n - isofs: Do not return EACCES for unknown filesystems\n (bsc#1012876).\n\n - jbd2: fix checkpoint list cleanup (bsc#1012876).\n\n - jbd2: Fix unreclaimed pages after truncate in\n data=journal mode (bsc#1010909).\n\n - locking/static_key: Fix concurrent static_key_slow_inc()\n (bsc#1006580).\n\n - mmc: Fix kabi breakage of mmc-block in 4.1.36\n (stable-4.1.36).\n\n - posix_acl: Added fix for f2fs.\n\n - Revert 'kbuild: add -fno-PIE' (stable-4.1.36).\n\n - Revert 'x86/mm: Expand the exception table logic to\n allow new handling options' (stable-4.1.36).\n\n - tunnels: Remove encapsulation offloads on decap\n (bsc#1001486).\n\n - usbhid: add ATEN CS962 to list of quirky devices\n (bsc#1007615).\n\n - vmxnet3: Wake queue from reset work (bsc#999907).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=934067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=995968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=999907\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drbd-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lttng-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lttng-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lttng-modules-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lttng-modules-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lttng-modules-kmp-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:lttng-modules-kmp-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-debugsource-1.28-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-kmp-default-1.28_k4.1.36_38-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k4.1.36_38-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-kmp-pae-1.28_k4.1.36_38-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k4.1.36_38-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-kmp-pv-1.28_k4.1.36_38-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-kmp-pv-debuginfo-1.28_k4.1.36_38-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-kmp-xen-1.28_k4.1.36_38-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k4.1.36_38-28.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-6.25.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-debuginfo-6.25.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-debugsource-6.25.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-devel-6.25.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-kmp-default-6.25.1_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-kmp-default-debuginfo-6.25.1_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-kmp-pae-6.25.1_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-kmp-pae-debuginfo-6.25.1_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-kmp-pv-6.25.1_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-kmp-pv-debuginfo-6.25.1_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-kmp-xen-6.25.1_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ipset-kmp-xen-debuginfo-6.25.1_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.36-38.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.36-38.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.36-38.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.36-38.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libipset3-6.25.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libipset3-debuginfo-6.25.1-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-0.44-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-debuginfo-0.44-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-debugsource-0.44-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-kmp-default-0.44_k4.1.36_38-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k4.1.36_38-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-kmp-pae-0.44_k4.1.36_38-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k4.1.36_38-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-kmp-pv-0.44_k4.1.36_38-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"pcfclock-kmp-pv-debuginfo-0.44_k4.1.36_38-270.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-debugsource-20140928-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-default-20140928_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-default-debuginfo-20140928_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-pae-20140928_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-pae-debuginfo-20140928_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-pv-20140928_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-pv-debuginfo-20140928_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-xen-20140928_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"vhba-kmp-xen-debuginfo-20140928_k4.1.36_38-9.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"drbd-8.4.6-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"drbd-debugsource-8.4.6-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"drbd-kmp-default-8.4.6_k4.1.36_38-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"drbd-kmp-default-debuginfo-8.4.6_k4.1.36_38-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"drbd-kmp-pv-8.4.6_k4.1.36_38-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"drbd-kmp-pv-debuginfo-8.4.6_k4.1.36_38-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"drbd-kmp-xen-8.4.6_k4.1.36_38-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"drbd-kmp-xen-debuginfo-8.4.6_k4.1.36_38-12.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.36-38.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"lttng-modules-2.7.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"lttng-modules-debugsource-2.7.0-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-2.7.0_k4.1.36_38-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-debuginfo-2.7.0_k4.1.36_38-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-pv-2.7.0_k4.1.36_38-6.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-pv-debuginfo-2.7.0_k4.1.36_38-6.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hdjmod-debugsource / hdjmod-kmp-default / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:21", "description": "The 4.8.6 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-08T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2016-96d276367e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9083", "CVE-2016-9084"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-96D276367E.NASL", "href": "https://www.tenable.com/plugins/nessus/94617", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-96d276367e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94617);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9083\", \"CVE-2016-9084\");\n script_xref(name:\"FEDORA\", value:\"2016-96d276367e\");\n\n script_name(english:\"Fedora 24 : kernel (2016-96d276367e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.6 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-96d276367e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9083\", \"CVE-2016-9084\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-96d276367e\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.8.6-201.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:13", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix ACLs (bsc#1021258).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device NOTE: this vulnerability existed because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-5696: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#989152).\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provided an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. (bnc#1014746).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).\n\n - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).\n\n - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832).\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).\n\n - CVE-2013-6368: The KVM subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (bnc#853052).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467).\n\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-10T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0230", "CVE-2012-6704", "CVE-2013-6368", "CVE-2015-1350", "CVE-2015-8962", "CVE-2015-8964", "CVE-2016-10088", "CVE-2016-5696", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7916", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-8633", "CVE-2016-8646", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9685", "CVE-2016-9756", "CVE-2016-9793", "CVE-2017-5551"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0437-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97097", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0437-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97097);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-0230\", \"CVE-2012-6704\", \"CVE-2013-6368\", \"CVE-2015-1350\", \"CVE-2015-8962\", \"CVE-2015-8964\", \"CVE-2016-10088\", \"CVE-2016-5696\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7916\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-8633\", \"CVE-2016-8646\", \"CVE-2016-9555\", \"CVE-2016-9576\", \"CVE-2016-9685\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2017-5551\");\n script_bugtraq_id(10183, 64291);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix\n ACLs (bsc#1021258).\n\n - CVE-2016-10088: The sg implementation in the Linux\n kernel did not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device NOTE: this vulnerability existed because of an\n incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2016-5696: TCP, when using a large Window Size, made\n it easier for remote attackers to guess sequence numbers\n and cause a denial of service (connection loss) to\n persistent TCP connections by repeatedly injecting a TCP\n RST packet, especially in protocols that use long-lived\n connections, such as BGP (bnc#989152).\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x\n provided an incomplete set of requirements for setattr\n operations that underspecified removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bnc#1008831).\n\n - CVE-2016-8399: An elevation of privilege vulnerability\n in the kernel networking subsystem could enable a local\n malicious application to execute arbitrary code within\n the context of the kernel. This issue is rated as\n Moderate because it first requires compromising a\n privileged process and current compiler optimizations\n restrict access to the vulnerable code. (bnc#1014746).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n\n - CVE-2012-6704: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1) SO_SNDBUF or\n (2) SO_RCVBUF option (bnc#1013542).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux\n kernel did not properly initialize Code Segment (CS) in\n certain error cases, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application (bnc#1013038).\n\n - CVE-2016-9685: Multiple memory leaks in error paths in\n fs/xfs/xfs_attr_list.c in the Linux kernel allowed local\n users to cause a denial of service (memory consumption)\n via crafted XFS filesystem operations (bnc#1012832).\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacked\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-7910: Use-after-free vulnerability in the\n disk_seqf_stop function in block/genhd.c in the Linux\n kernel allowed local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed\n (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio\n function in block/ioprio.c in the Linux kernel allowed\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get system\n call (bnc#1010711).\n\n - CVE-2013-6368: The KVM subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (system crash) via a VAPIC synchronization\n operation involving a page-end address (bnc#853052).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7916: Race condition in the environ_read\n function in fs/proc/base.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a /proc/*/environ file during a\n process-setup time interval in which\n environment-variable copying is incomplete\n (bnc#1010467).\n\n - CVE-2016-8646: The hash_accept function in\n crypto/algif_hash.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) by attempting\n to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel, in certain unusual hardware configurations,\n allowed remote attackers to execute arbitrary code via\n crafted fragmented packets (bnc#1008833).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010150\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010467\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015848\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016320\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016688\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=748806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=786036\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=790588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=795297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=800999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=821612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=824171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=851603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=853052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=871728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913387\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=919382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=924708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=925065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=961589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973691\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2004-0230/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6704/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2013-6368/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8962/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10088/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5696/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7910/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7911/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7916/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8399/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8632/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8646/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9685/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9756/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5551/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170437-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?900c1584\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-12977=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-12977=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-12977=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-12977=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-94.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-94.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:10", "description": "Andrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555)\n\nIt was discovered that multiple memory leaks existed in the XFS implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2016-9685).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-03T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-3187-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9555", "CVE-2016-9685"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank"], "id": "UBUNTU_USN-3187-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96979", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3187-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96979);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9555\", \"CVE-2016-9685\");\n script_xref(name:\"USN\", value:\"3187-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-3187-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Andrey Konovalov discovered that the SCTP implementation in the Linux\nkernel improperly handled validation of incoming data. A remote\nattacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555)\n\nIt was discovered that multiple memory leaks existed in the XFS\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (memory consumption). (CVE-2016-9685).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3187-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9555\", \"CVE-2016-9685\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3187-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-121-generic\", pkgver:\"3.2.0-121.164\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-121-generic-pae\", pkgver:\"3.2.0-121.164\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-121-highbank\", pkgver:\"3.2.0-121.164\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-121-virtual\", pkgver:\"3.2.0-121.164\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic\", pkgver:\"3.2.0.121.136\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-generic-pae\", pkgver:\"3.2.0.121.136\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-highbank\", pkgver:\"3.2.0.121.136\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-virtual\", pkgver:\"3.2.0.121.136\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:50", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2012-6704, CVE-2016-9793\n\nEric Dumazet found that a local user with CAP_NET_ADMIN capability could set a socket's buffer size to be negative, leading to a denial of service or other security impact. Additionally, in kernel versions prior to 3.5, any user could do this if sysctl net.core.rmem_max was changed to a very large value.\n\nCVE-2015-1350 / #770492\n\nBen Harris reported that local users could remove set-capability attributes from any file visible to them, allowing a denial of service.\n\nCVE-2015-8962\n\nCalvin Owens fouund that removing a SCSI device while it was being accessed through the SCSI generic (sg) driver led to a double- free, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could be exploited by local users with permision to access a SCSI device node.\n\nCVE-2015-8963\n\nSasha Levin reported that hot-unplugging a CPU resulted in a use-after-free by the performance events (perf) subsystem, possibly causing a denial of service (crash or memory corruption) or privilege escalation. This could by exploited by any local user.\n\nCVE-2015-8964\n\nIt was found that the terminal/serial (tty) subsystem did not reliably reset the terminal buffer state when the terminal line discipline was changed. This could allow a local user with access to a terminal device to read sensitive information from kernel memory.\n\nCVE-2016-7097\n\nJan Kara found that changing the POSIX ACL of a file never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner.\n\nCVE-2016-7910\n\nVegard Nossum discovered that a memory allocation failure while handling a read of /proc/diskstats or /proc/partitions could lead to a use-after-free, possibly causing a denial of service (crash or memory corruption) or privilege escalation.\n\nCVE-2016-7911\n\nDmitry Vyukov reported that a race between ioprio_get() and ioprio_set() system calls could result in a use-after-free, possibly causing a denial of service (crash) or leaking sensitive information.\n\nCVE-2016-7915\n\nBenjamin Tissoires found that HID devices could trigger an out-of- bounds memory access in the HID core. A physically present user could possibly use this for denial of service (crash) or to leak sensitive information.\n\nCVE-2016-8399\n\nQidan He reported that the IPv4 ping socket implementation did not validate the length of packets to be sent. A user with permisson to use ping sockets could cause an out-of-bounds read, possibly resulting in a denial of service or information leak. However, on Debian systems no users have permission to create ping sockets by default.\n\nCVE-2016-8633\n\nEyal Itkin reported that the IP-over-Firewire driver (firewire-net) did not validate the offset or length in link-layer fragmentation headers. This allowed a remote system connected by Firewire to write to memory after a packet buffer, leading to a denial of service (crash) or remote code execution.\n\nCVE-2016-8645\n\nMarco Grassi reported that if a socket filter (BPF program) attached to a TCP socket truncates or removes the TCP header, this could cause a denial of service (crash). This was exploitable by any local user.\n\nCVE-2016-8655\n\nPhilip Pettersson found that the implementation of packet sockets (AF_PACKET family) had a race condition between enabling a transmit ring buffer and changing the version of buffers used, which could result in a use-after-free. A local user with the CAP_NET_ADMIN capability could exploit this for privilege escalation.\n\nCVE-2016-9178\n\nAl Viro found that a failure to read data from user memory might lead to a information leak on the x86 architecture (amd64 or i386).\n\nCVE-2016-9555\n\nAndrey Konovalov reported that the SCTP implementation does not validate 'out of the blue' packet chunk lengths early enough. A remote system able could use this to cause a denial of service (crash) or other security impact for systems using SCTP.\n\nCVE-2016-9576, CVE-2016-10088\n\nDmitry Vyukov reported that using splice() with the SCSI generic driver led to kernel memory corruption. Local users with permision to access a SCSI device node could exploit this for privilege escalation.\n\nCVE-2016-9756\n\nDmitry Vyukov reported that KVM for the x86 architecture (amd64 or i386) did not correctly handle the failure of certain instructions that require software emulation on older processors. This could be exploited by guest systems to leak sensitive information or for denial of service (log spam).\n\nCVE-2016-9794\n\nBaozeng Ding reported a race condition in the ALSA (sound) subsystem that could result in a use-after-free. Local users with access to a PCM sound device could exploit this for denial of service (crash or memory corruption) or other security impact.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.84-1. This version also includes bug fixes from upstream version 3.2.84 and updates the PREEMPT_RT featureset to version 3.2.84-rt122.\nFinally, this version adds the option to mitigate security issues in the performance events (perf) subsystem by disabling use by unprivileged users. This can be done by setting sysctl kernel.perf_event_paranoid=3.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.39-1 which will be included in the next point release (8.6).\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "Debian DLA-772-1 : linux security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-6704", "CVE-2015-1350", "CVE-2015-8962", "CVE-2015-8963", "CVE-2015-8964", "CVE-2016-10088", "CVE-2016-7097", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7915", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8655", "CVE-2016-9178", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9756", "CVE-2016-9793", "CVE-2016-9794"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-772.NASL", "href": "https://www.tenable.com/plugins/nessus/96188", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-772-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96188);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6704\", \"CVE-2015-1350\", \"CVE-2015-8962\", \"CVE-2015-8963\", \"CVE-2015-8964\", \"CVE-2016-10088\", \"CVE-2016-7097\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7915\", \"CVE-2016-8399\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-8655\", \"CVE-2016-9178\", \"CVE-2016-9555\", \"CVE-2016-9576\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2016-9794\");\n\n script_name(english:\"Debian DLA-772-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2012-6704, CVE-2016-9793\n\nEric Dumazet found that a local user with CAP_NET_ADMIN capability\ncould set a socket's buffer size to be negative, leading to a denial\nof service or other security impact. Additionally, in kernel versions\nprior to 3.5, any user could do this if sysctl net.core.rmem_max was\nchanged to a very large value.\n\nCVE-2015-1350 / #770492\n\nBen Harris reported that local users could remove set-capability\nattributes from any file visible to them, allowing a denial of\nservice.\n\nCVE-2015-8962\n\nCalvin Owens fouund that removing a SCSI device while it was being\naccessed through the SCSI generic (sg) driver led to a double- free,\npossibly causing a denial of service (crash or memory corruption) or\nprivilege escalation. This could be exploited by local users with\npermision to access a SCSI device node.\n\nCVE-2015-8963\n\nSasha Levin reported that hot-unplugging a CPU resulted in a\nuse-after-free by the performance events (perf) subsystem, possibly\ncausing a denial of service (crash or memory corruption) or privilege\nescalation. This could by exploited by any local user.\n\nCVE-2015-8964\n\nIt was found that the terminal/serial (tty) subsystem did not reliably\nreset the terminal buffer state when the terminal line discipline was\nchanged. This could allow a local user with access to a terminal\ndevice to read sensitive information from kernel memory.\n\nCVE-2016-7097\n\nJan Kara found that changing the POSIX ACL of a file never cleared its\nset-group-ID flag, which should be done if the user changing it is not\na member of the group-owner. In some cases, this would allow the\nuser-owner of an executable to gain the privileges of the group-owner.\n\nCVE-2016-7910\n\nVegard Nossum discovered that a memory allocation failure while\nhandling a read of /proc/diskstats or /proc/partitions could lead to a\nuse-after-free, possibly causing a denial of service (crash or memory\ncorruption) or privilege escalation.\n\nCVE-2016-7911\n\nDmitry Vyukov reported that a race between ioprio_get() and\nioprio_set() system calls could result in a use-after-free, possibly\ncausing a denial of service (crash) or leaking sensitive information.\n\nCVE-2016-7915\n\nBenjamin Tissoires found that HID devices could trigger an out-of-\nbounds memory access in the HID core. A physically present user could\npossibly use this for denial of service (crash) or to leak sensitive\ninformation.\n\nCVE-2016-8399\n\nQidan He reported that the IPv4 ping socket implementation did not\nvalidate the length of packets to be sent. A user with permisson to\nuse ping sockets could cause an out-of-bounds read, possibly resulting\nin a denial of service or information leak. However, on Debian systems\nno users have permission to create ping sockets by default.\n\nCVE-2016-8633\n\nEyal Itkin reported that the IP-over-Firewire driver (firewire-net)\ndid not validate the offset or length in link-layer fragmentation\nheaders. This allowed a remote system connected by Firewire to write\nto memory after a packet buffer, leading to a denial of service\n(crash) or remote code execution.\n\nCVE-2016-8645\n\nMarco Grassi reported that if a socket filter (BPF program) attached\nto a TCP socket truncates or removes the TCP header, this could cause\na denial of service (crash). This was exploitable by any local user.\n\nCVE-2016-8655\n\nPhilip Pettersson found that the implementation of packet sockets\n(AF_PACKET family) had a race condition between enabling a transmit\nring buffer and changing the version of buffers used, which could\nresult in a use-after-free. A local user with the CAP_NET_ADMIN\ncapability could exploit this for privilege escalation.\n\nCVE-2016-9178\n\nAl Viro found that a failure to read data from user memory might lead\nto a information leak on the x86 architecture (amd64 or i386).\n\nCVE-2016-9555\n\nAndrey Konovalov reported that the SCTP implementation does not\nvalidate 'out of the blue' packet chunk lengths early enough. A remote\nsystem able could use this to cause a denial of service (crash) or\nother security impact for systems using SCTP.\n\nCVE-2016-9576, CVE-2016-10088\n\nDmitry Vyukov reported that using splice() with the SCSI generic\ndriver led to kernel memory corruption. Local users with permision to\naccess a SCSI device node could exploit this for privilege escalation.\n\nCVE-2016-9756\n\nDmitry Vyukov reported that KVM for the x86 architecture (amd64 or\ni386) did not correctly handle the failure of certain instructions\nthat require software emulation on older processors. This could be\nexploited by guest systems to leak sensitive information or for denial\nof service (log spam).\n\nCVE-2016-9794\n\nBaozeng Ding reported a race condition in the ALSA (sound) subsystem\nthat could result in a use-after-free. Local users with access to a\nPCM sound device could exploit this for denial of service (crash or\nmemory corruption) or other security impact.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.84-1. This version also includes bug fixes from upstream version\n3.2.84 and updates the PREEMPT_RT featureset to version 3.2.84-rt122.\nFinally, this version adds the option to mitigate security issues in\nthe performance events (perf) subsystem by disabling use by\nunprivileged users. This can be done by setting sysctl\nkernel.perf_event_paranoid=3.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.39-1 which will be included in the next point release (8.6).\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/01/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.84-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:12:47", "description": "Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2015-8964)\n\nIt was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568)\n\nCAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)\n\nIt was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a NULL pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630)\n\nEyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges.\n(CVE-2016-8633)\n\nMarco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2016-8645)\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux vulnerabilities (USN-3161-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8964", "CVE-2016-4568", "CVE-2016-6213", "CVE-2016-8630", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9555"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3161-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95995", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3161-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95995);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8964\", \"CVE-2016-4568\", \"CVE-2016-6213\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9555\");\n script_xref(name:\"USN\", value:\"3161-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux vulnerabilities (USN-3161-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Tilman Schmidt and Sasha Levin discovered a use-after-free condition\nin the TTY implementation in the Linux kernel. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2015-8964)\n\nIt was discovered that the Video For Linux Two (v4l2) implementation\nin the Linux kernel did not properly handle multiple planes when\nprocessing a VIDIOC_DQBUF ioctl(). A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2016-4568)\n\nCAI Qian discovered that shared bind mounts in a mount namespace\nexponentially added entries without restriction to the Linux kernel's\nmount table. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2016-6213)\n\nIt was discovered that the KVM implementation for x86/x86_64 in the\nLinux kernel could dereference a NULL pointer. An attacker in a guest\nvirtual machine could use this to cause a denial of service (system\ncrash) in the KVM host. (CVE-2016-8630)\n\nEyal Itkin discovered that the IP over IEEE 1394 (FireWire)\nimplementation in the Linux kernel contained a buffer overflow when\nhandling fragmented packets. A remote attacker could use this to\npossibly execute arbitrary code with administrative privileges.\n(CVE-2016-8633)\n\nMarco Grassi discovered that the TCP implementation in the Linux\nkernel mishandles socket buffer (skb) truncation. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-8645)\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux\nkernel improperly handled validation of incoming data. A remote\nattacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3161-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8964\", \"CVE-2016-4568\", \"CVE-2016-6213\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9555\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3161-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-57-generic\", pkgver:\"4.4.0-57.78\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-57-generic-lpae\", pkgver:\"4.4.0-57.78\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-57-lowlatency\", pkgver:\"4.4.0-57.78\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.57.60\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.57.60\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.57.60\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:00", "description": "USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nTilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2015-8964)\n\nIt was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl(). A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568)\n\nCAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)\n\nIt was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a NULL pointer. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630)\n\nEyal Itkin discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets. A remote attacker could use this to possibly execute arbitrary code with administrative privileges.\n(CVE-2016-8633)\n\nMarco Grassi discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2016-8645)\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3161-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8964", "CVE-2016-4568", "CVE-2016-6213", "CVE-2016-8630", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-9555"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3161-2.NASL", "href": "https://www.tenable.com/plugins/nessus/95996", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3161-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(95996);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2015-8964\", \"CVE-2016-4568\", \"CVE-2016-6213\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9555\");\n script_xref(name:\"USN\", value:\"3161-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3161-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3161-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nTilman Schmidt and Sasha Levin discovered a use-after-free condition\nin the TTY implementation in the Linux kernel. A local attacker could\nuse this to expose sensitive information (kernel memory).\n(CVE-2015-8964)\n\nIt was discovered that the Video For Linux Two (v4l2) implementation\nin the Linux kernel did not properly handle multiple planes when\nprocessing a VIDIOC_DQBUF ioctl(). A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2016-4568)\n\nCAI Qian discovered that shared bind mounts in a mount namespace\nexponentially added entries without restriction to the Linux kernel's\nmount table. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2016-6213)\n\nIt was discovered that the KVM implementation for x86/x86_64 in the\nLinux kernel could dereference a NULL pointer. An attacker in a guest\nvirtual machine could use this to cause a denial of service (system\ncrash) in the KVM host. (CVE-2016-8630)\n\nEyal Itkin discovered that the IP over IEEE 1394 (FireWire)\nimplementation in the Linux kernel contained a buffer overflow when\nhandling fragmented packets. A remote attacker could use this to\npossibly execute arbitrary code with administrative privileges.\n(CVE-2016-8633)\n\nMarco Grassi discovered that the TCP implementation in the Linux\nkernel mishandles socket buffer (skb) truncation. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-8645)\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux\nkernel improperly handled validation of incoming data. A remote\nattacker could use this to cause a denial of service (system crash).\n(CVE-2016-9555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3161-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2023 Canonical, Inc. / NASL script (C) 2016-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-8964\", \"CVE-2016-4568\", \"CVE-2016-6213\", \"CVE-2016-8630\", \"CVE-2016-8633\", \"CVE-2016-8645\", \"CVE-2016-9555\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3161-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-57-generic\", pkgver:\"4.4.0-57.78~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-57-generic-lpae\", pkgver:\"4.4.0-57.78~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-57-lowlatency\", pkgver:\"4.4.0-57.78~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.57.44\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.57.44\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.57.44\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:53", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - ocfs2: fix trans extend while free cached blocks (Junxiao Bi) \n\n - ocfs2: fix trans extend while flush truncate log (Junxiao Bi) \n\n - ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (Xue jiufei) [Orabug: 25136991]\n\n - mpi: Fix NULL ptr dereference in mpi_powm [ver #3] (Andrey Ryabinin) [Orabug: 25154096] (CVE-2016-8650) (CVE-2016-8650)\n\n - mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25159035]\n\n - NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25144380]\n\n - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142868] (CVE-2016-9555)\n\n - rebuild bumping release", "cvss3": {}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0174)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8650", "CVE-2016-9555"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0174.NASL", "href": "https://www.tenable.com/plugins/nessus/95621", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0174.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95621);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9555\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0174)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - ocfs2: fix trans extend while free cached blocks\n (Junxiao Bi) \n\n - ocfs2: fix trans extend while flush truncate log\n (Junxiao Bi) \n\n - ocfs2: extend enough credits for freeing one truncate\n record while replaying truncate records (Xue jiufei)\n [Orabug: 25136991]\n\n - mpi: Fix NULL ptr dereference in mpi_powm [ver #3]\n (Andrey Ryabinin) [Orabug: 25154096] (CVE-2016-8650)\n (CVE-2016-8650)\n\n - mlx4: avoid multiple free on id_map_ent (Wengang Wang)\n [Orabug: 25159035]\n\n - NVMe: reduce queue depth as workaround for Samsung EPIC\n SQ errata (Ashok Vairavan) [Orabug: 25144380]\n\n - sctp: validate chunk len before actually using it\n (Marcelo Ricardo Leitner) [Orabug: 25142868]\n (CVE-2016-9555)\n\n - rebuild bumping release\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000601.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e63f9df4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-61.1.22.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-61.1.22.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:11", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3648 advisory.\n\n - The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. (CVE-2016-8650)\n\n - The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. (CVE-2016-9555)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-12-08T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3648)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8650", "CVE-2016-9555"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.22.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.22.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2016-3648.NASL", "href": "https://www.tenable.com/plugins/nessus/95617", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3648.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95617);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9555\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3648)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2016-3648 advisory.\n\n - The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory\n is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption\n and panic) via an add_key system call for an RSA key with a zero exponent. (CVE-2016-8650)\n\n - The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length\n checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds\n slab access) or possibly have unspecified other impact via crafted SCTP data. (CVE-2016-9555)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2016-3648.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9555\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.22.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.22.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.22.el6uek', '4.1.12-61.1.22.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2016-3648');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.22.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.22.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.22.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.22.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.22.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.22.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.22.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.22.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.22.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.22.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.22.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.22.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.22.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.22.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.22.el6uek / dtrace-modules-4.1.12-61.1.22.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:36", "description": "An update of the linux package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2016-0012", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9083", "CVE-2016-9555"], "modified": "2019-03-08T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2016-0012_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121650", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2016-0012. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121650);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/03/08\");\n\n script_cve_id(\"CVE-2016-9083\", \"CVE-2016-9555\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2016-0012\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-12.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9555\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-api-headers-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.35-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-debuginfo-4.4.35-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:08:45", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).\n\n - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption.\n (bsc#1013531).\n\n - CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-01-18T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1350", "CVE-2015-8964", "CVE-2016-7039", "CVE-2016-7042", "CVE-2016-7425", "CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8645", "CVE-2016-8666", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9793", "CVE-2016-9919"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0181-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0181-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96603);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1350\", \"CVE-2015-8964\", \"CVE-2016-7039\", \"CVE-2016-7042\", \"CVE-2016-7425\", \"CVE-2016-7913\", \"CVE-2016-7917\", \"CVE-2016-8645\", \"CVE-2016-8666\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9793\", \"CVE-2016-9919\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x\n provides an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7039: The IP stack in the Linux kernel allowed\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for large\n crafted packets, as demonstrated by packets that contain\n only VLAN headers, a related issue to CVE-2016-8666\n (bnc#1001486).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux kernel through 4.8.2,\n when the GNU Compiler Collection (gcc) stack protector\n is enabled, uses an incorrect buffer size for certain\n timeout data, which allowed local users to cause a\n denial of service (stack memory corruption and panic) by\n reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did\n not restrict a certain length field, which allowed local\n users to gain privileges or cause a denial of service\n (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data\n structure (bnc#1010478).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in\n net/netfilter/nfnetlink.c in the Linux kernel did not\n check whether a batch message's length field is large\n enough, which allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (infinite loop or out-of-bounds read) by\n leveraging the CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8645: The TCP stack in the Linux kernel\n mishandled skb truncation, which allowed local users to\n cause a denial of service (system crash) via a crafted\n application that made sendto system calls, related to\n net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c\n (bnc#1009969).\n\n - CVE-2016-8666: The IP stack in the Linux kernel allowed\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039 (bnc#1003964).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux\n kernel allowed local users to bypass integer overflow\n checks, and cause a denial of service (memory\n corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a\n VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine\n confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the\n Linux kernel misuses the kzalloc function, which allowed\n local users to cause a denial of service (integer\n overflow) or have unspecified other impact by leveraging\n access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE\n setsockopt() implementation was fixed, which allowed\n CAP_NET_ADMIN users to cause memory corruption.\n (bsc#1013531).\n\n - CVE-2016-9919: The icmp6_send function in\n net/ipv6/icmp.c in the Linux kernel omits a certain\n check of the dst data structure, which allowed remote\n attackers to cause a denial of service (panic) via a\n fragmented IPv6 packet (bnc#1014701).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000776\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006267\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006528\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969475\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969756\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986987\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=992555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=994881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=995278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=999932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7039/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7042/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7425/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7913/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7917/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8645/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8666/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9083/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9084/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9793/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9919/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170181-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78a2e8c9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-87=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-87=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-87=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.38-93.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.38-93.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:55", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3651 advisory.\n\n - The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent. (CVE-2016-8650)\n\n - The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data. (CVE-2016-9555)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3651)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8650", "CVE-2016-9555"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.15.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.15.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2016-3651.NASL", "href": "https://www.tenable.com/plugins/nessus/95758", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-3651.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95758);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9555\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3651)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2016-3651 advisory.\n\n - The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory\n is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption\n and panic) via an add_key system call for an RSA key with a zero exponent. (CVE-2016-8650)\n\n - The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length\n checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds\n slab access) or possibly have unspecified other impact via crafted SCTP data. (CVE-2016-9555)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2016-3651.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9555\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.15.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.15.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.15.1.el6uek', '3.8.13-118.15.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2016-3651');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.15.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.15.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.15.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.15.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.15.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.15.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.15.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.15.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.15.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.15.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.15.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.15.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.15.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.15.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.15.1.el6uek / dtrace-modules-3.8.13-118.15.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:17", "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012754).\n\n - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1001486).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-9794: A use-after-free in alsa pcm could lead to crashes or allowed local users to potentially gain privileges (bsc#1013533).\n\nThe following non-security bugs were fixed :\n\n - acpi / pad: do not register acpi_pad driver if running as Xen dom0 (bnc#995278).\n\n - Add power key support for PMIcs which are already included in the configs (boo#1012477). Arm64 already has these so no need to patch it.\n\n - alsa: hda - Bind with i915 only when Intel graphics is present (bsc#1012767).\n\n - alsa: hda - Clear the leftover component assignment at snd_hdac_i915_exit() (bsc#1012767).\n\n - alsa: hda - Degrade i915 binding failure message (bsc#1012767).\n\n - alsa: hda - Fix yet another i915 pointer leftover in error path (bsc#1012767).\n\n - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365).\n\n - arm64/efi: Enable runtime call flag checking (bsc#1005745).\n\n - arm64/efi: Move to generic (__,)efi_call_virt() (bsc#1005745).\n\n - arm64: Refuse to install 4k kernel on 64k system\n\n - arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576)\n\n - arm: bcm2835: add CPU node for ARM core (boo#1012094).\n\n - arm: bcm2835: Split the DT for peripherals from the DT for the CPU (boo#1012094).\n\n - asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690).\n\n - asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690).\n\n - asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690).\n\n - asoc: intel: add function stub when ACPI is not enabled (bsc#1010690).\n\n - asoc: Intel: add fw name to common dsp context (bsc#1010690).\n\n - asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail (bsc#1010690).\n\n - asoc: Intel: Add module tags for common match module (bsc#1010690).\n\n - asoc: Intel: add NULL test (bsc#1010690).\n\n - asoc: Intel: Add quirks for MinnowBoard MAX (bsc#1010690).\n\n - asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690).\n\n - asoc: Intel: Atom: add 24-bit support for media playback and capture (bsc#1010690).\n\n - asoc: Intel: Atom: add deep buffer definitions for atom platforms (bsc#1010690).\n\n - asoc: Intel: Atom: add definitions for modem/SSP0 interface (bsc#1010690).\n\n - asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690).\n\n - asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690).\n\n - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690).\n\n - asoc: Intel: Atom: add support for RT5642 (bsc#1010690).\n\n - asoc: Intel: Atom: add terminate entry for dmi_system_id tables (bsc#1010690).\n\n - asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690).\n\n - asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690).\n\n - asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690).\n\n - asoc: Intel: atom: fix 0-day warnings (bsc#1010690).\n\n - asoc: Intel: Atom: fix boot warning (bsc#1010690).\n\n - asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690).\n\n - asoc: Intel: atom: fix missing breaks that would cause the wrong operation to execute (bsc#1010690).\n\n - asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690).\n\n - asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690).\n\n - asoc: Intel: atom: Make some messages to debug level (bsc#1010690).\n\n - asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690).\n\n - asoc: Intel: atom: statify cht_quirk (bsc#1010690).\n\n - asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW (bsc#1010690).\n\n - asoc: Intel: boards: align pin names between byt-rt5640 drivers (bsc#1010690).\n\n - asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver (bsc#1010690).\n\n - asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690).\n\n - asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690).\n\n - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR (bsc#1010690).\n\n - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690).\n\n - asoc: Intel: cht: fix uninit variable warning (bsc#1010690).\n\n - asoc: Intel: common: add translation from HID to codec-name (bsc#1010690).\n\n - asoc: Intel: common: filter ACPI devices with _STA return value (bsc#1010690).\n\n - asoc: Intel: common: increase the loglevel of 'FW Poll Status' (bsc#1010690).\n\n - asoc: Intel: Create independent acpi match module (bsc#1010690).\n\n - asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690).\n\n - asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690).\n\n - asoc: Intel: Load the atom DPCM driver only (bsc#1010690).\n\n - asoc: intel: make function stub static (bsc#1010690).\n\n - asoc: Intel: Move apci find machine routines (bsc#1010690).\n\n - asoc: intel: Replace kthread with work (bsc#1010690).\n\n - asoc: Intel: Skylake: Always acquire runtime pm ref on unload (bsc#1005917).\n\n - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue (bsc#1010690).\n\n - asoc: rt5640: add ASRC support (bsc#1010690).\n\n - asoc: rt5640: add internal clock source support (bsc#1010690).\n\n - asoc: rt5640: add master clock handling for rt5640 (bsc#1010690).\n\n - asoc: rt5640: add supplys for dac power (bsc#1010690).\n\n - asoc: rt5640: remove unused variable (bsc#1010690).\n\n - asoc: rt5640: Set PLL src according to source (bsc#1010690).\n\n - asoc: rt5645: add DAC1 soft volume func control (bsc#1010690).\n\n - asoc: rt5645: Add dmi_system_id 'Google Setzer' (bsc#1010690).\n\n - asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690).\n\n - asoc: rt5645: fix reg-2f default value (bsc#1010690).\n\n - asoc: rt5645: improve headphone pop when system resumes from S3 (bsc#1010690).\n\n - asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690).\n\n - asoc: rt5645: merge DMI tables of google projects (bsc#1010690).\n\n - asoc: rt5645: patch reg-0x8a (bsc#1010690).\n\n - asoc: rt5645: polling jd status in all conditions (bsc#1010690).\n\n - asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690).\n\n - asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690).\n\n - asoc: rt5645: use polling to support HS button (bsc#1010690).\n\n - asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work and cancel_delayed_work_sync (bsc#1010690).\n\n - asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690).\n\n - asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040 (bsc#1010690).\n\n - asoc: rt5670: fix HP Playback Volume control (bsc#1010690).\n\n - asoc: rt5670: patch reg-0x8a (bsc#1010690).\n\n - blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The code layout upstream that motivated this patch is completely different to what is in SLE 12 SP2 as schedutil was not backported.\n\n - bna: Add synchronization for tx ring (bsc#993739).\n\n - btrfs: allocate root item at snapshot ioctl time (bsc#1012452).\n\n - btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452).\n\n - btrfs: Check metadata redundancy on balance (bsc#1012452).\n\n - btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452).\n\n - btrfs: cleanup, stop casting for extent_map->lookup everywhere (bsc#1012452).\n\n - btrfs: cleanup, use enum values for btrfs_path reada (bsc#1012452).\n\n - btrfs: deal with duplicates during extent_map insertion in btrfs_get_extent (bsc#1001171).\n\n - btrfs: deal with existing encompassing extent map in btrfs_get_extent() (bsc#1001171).\n\n - btrfs: do an allocation earlier during snapshot creation (bsc#1012452).\n\n - btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881).\n\n - btrfs: do not leave dangling dentry if symlink creation failed (bsc#1012452).\n\n - btrfs: do not use slab cache for struct btrfs_delalloc_work (bsc#1012452).\n\n - btrfs: drop duplicate prefix from scrub workqueues (bsc#1012452).\n\n - btrfs: drop unused parameter from lock_extent_bits (bsc#1012452).\n\n - btrfs: Enhance chunk validation check (bsc#1012452).\n\n - btrfs: Enhance super validation check (bsc#1012452).\n\n - btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666).\n\n - btrfs: Expoert and move leaf/subtree qgroup helpers to qgroup.c (bsc983087, bsc986255).\n\n - btrfs: fix incremental send failure caused by balance (bsc#985850).\n\n - btrfs: fix locking bugs when defragging leaves (bsc#1012452).\n\n - btrfs: fix memory leaks after transaction is aborted (bsc#1012452).\n\n - btrfs: fix output of compression message in btrfs_parse_options() (bsc#1012452).\n\n - btrfs: fix race between free space endio workers and space cache writeout (bsc#1012452).\n\n - btrfs: fix races on root_log_ctx lists (bsc#1007653).\n\n - btrfs: fix race when finishing dev replace leading to transaction abort (bsc#1012452).\n\n - btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n\n - btrfs: fix typo in log message when starting a balance (bsc#1012452).\n\n - btrfs: fix unprotected list operations at btrfs_write_dirty_block_groups (bsc#1012452).\n\n - btrfs: handle quota reserve failure properly (bsc#1005666).\n\n - btrfs: make btrfs_close_one_device static (bsc#1012452).\n\n - btrfs: make clear_extent_bit helpers static inline (bsc#1012452).\n\n - btrfs: make clear_extent_buffer_uptodate return void (bsc#1012452).\n\n - btrfs: make end_extent_writepage return void (bsc#1012452).\n\n - btrfs: make extent_clear_unlock_delalloc return void (bsc#1012452).\n\n - btrfs: make extent_range_clear_dirty_for_io return void (bsc#1012452).\n\n - btrfs: make extent_range_redirty_for_io return void (bsc#1012452).\n\n - btrfs: make lock_extent static inline (bsc#1012452).\n\n - btrfs: make set_extent_bit helpers static inline (bsc#1012452).\n\n - btrfs: make set_extent_buffer_uptodate return void (bsc#1012452).\n\n - btrfs: make set_range_writeback return void (bsc#1012452).\n\n - btrfs: preallocate path for snapshot creation at ioctl time (bsc#1012452).\n\n - btrfs: put delayed item hook into inode (bsc#1012452).\n\n - btrfs: qgroup: Add comments explaining how btrfs qgroup works (bsc983087, bsc986255).\n\n - btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc983087, bsc986255).\n\n - btrfs: qgroup: Rename functions to make it follow reserve, trace, account steps (bsc983087, bsc986255).\n\n - btrfs: remove a trivial helper btrfs_set_buffer_uptodate (bsc#1012452).\n\n - btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns (bsc#1007653).\n\n - btrfs: remove unused inode argument from uncompress_inline() (bsc#1012452).\n\n - btrfs: remove wait from struct btrfs_delalloc_work (bsc#1012452).\n\n - btrfs: send, do not bug on inconsistent snapshots (bsc#985850).\n\n - btrfs: sink parameter wait to btrfs_alloc_delalloc_work (bsc#1012452).\n\n - btrfs: Support convert to -d dup for btrfs-convert (bsc#1012452).\n\n - btrfs: Update patches.suse/btrfs-8401-fix-qgroup-accounting-when-creat ing-snap.patch (bsc#972993).\n\n - btrfs: use GFP_KERNEL for allocations in ioctl handlers (bsc#1012452).\n\n - btrfs: use GFP_KERNEL for allocations of workqueues (bsc#1012452).\n\n - btrfs: use GFP_KERNEL for xattr and acl allocations (bsc#1012452).\n\n - btrfs: use smaller type for btrfs_path locks (bsc#1012452).\n\n - btrfs: use smaller type for btrfs_path lowest_level (bsc#1012452).\n\n - btrfs: use smaller type for btrfs_path reada (bsc#1012452).\n\n - btrfs: verbose error when we find an unexpected item in sys_array (bsc#1012452).\n\n - config: i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and\n *_BAYTRAIL (bsc#1010690) Realtek codecs on CHT platform require this i2c bus driver.\n\n - config: select new CONFIG_SND_SOC_INTEL_SST_* helpers\n\n - config: Update config files. (boo#1012094)\n\n - config: Update config files (bsc#1009454) Do not set CONFIG_EFI_SECURE_BOOT_SECURELEVEL in x86_64/default and x86_64/debug. We do not need to set CONFIG_EFI_SECURE_BOOT_SECURELEVEL in openSUSE kernel because openSUSE does not enable kernel module signature check (bsc#843661). Without kernel module signature check, the root account is allowed to load arbitrary kernel module to kernel space. Then lock functions by securelevel is pointless.\n\n - cxgbi: fix uninitialized flowi6 (bsc#963904 FATE#320115).\n\n - Delete patches.fixes/Add-a-missed-complete-in-iscsit_close_conn ection.patch. remove patch Add-a-missed-complete-in-iscsit_close_connection.patch add bsc#997807 bsc#992555 in patch-4.4.27-28 references\n\n - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052).\n\n - dell-wmi: Check if Dell WMI descriptor structure is valid (bsc#1004052).\n\n - dell-wmi: Clean up hotkey table size check (bsc#1004052).\n\n - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052).\n\n - dell-wmi: Improve unknown hotkey handling (bsc#1004052).\n\n - dell-wmi: Process only one event on devices with interface version 0 (bsc#1004052).\n\n - dell-wmi: Stop storing pointers to DMI tables (bsc#1004052).\n\n - dell-wmi: Support new hotkeys on the XPS 13 9350 (Skylake) (bsc#1004052).\n\n - dell_wmi: Use a C99-style array for bios_to_linux_keycode (bsc#1004052).\n\n - drm/i915: Add missing ring_mask to Pineview (bsc#1005917).\n\n - drm/i915: Calculate watermark related members in the crtc_state, v4 (bsc#1011176).\n\n - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to atomic check (bsc#1011176).\n\n - drm/i915: Move disable_cxsr to the crtc_state (bsc#1011176).\n\n - drm/mgag200: fix error return code in mgag200fb_create() (bsc#1005917).\n\n - drm/radeon: Also call cursor_move_locked when the cursor size changes (bsc#1000433).\n\n - drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values (bsc#1000433).\n\n - drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on (bsc#998054)\n\n - drm/radeon: Hide the HW cursor while it's out of bounds (bsc#1000433).\n\n - drm/radeon: Switch to drm_vblank_on/off (bsc#998054).\n\n - Drop kernel-obs-qa-xen unconditionally (bsc#1010040) The IBS cannot build it, even if there is a xen-capable kernel-obs-build.\n\n - edac/mce_amd: Add missing SMCA error descriptions (fate#320474, bsc#1013700).\n\n - edac/mce_amd: Use SMCA prefix for error descriptions arrays (fate#320474, bsc#1013700).\n\n - efi/runtime-wrappers: Add (__,)efi_call_virt() templates (bsc#1005745).\n\n - efi/runtime-wrappers: Detect firmware IRQ flag corruption (bsc#1005745).\n\n - efi/runtime-wrappers: Remove redundant #ifdefs (bsc#1005745).\n\n - ext4: fix data exposure after a crash (bsc#1012829).\n\n - fs, block: force direct-I/O for dax-enabled block devices (bsc#1012992).\n\n - fs/cifs: cifs_get_root shouldn't use path with tree name (bsc#963655, bsc#979681).\n\n - fs/cifs: Compare prepaths when comparing superblocks (bsc#799133).\n\n - fs/cifs: Fix memory leaks in cifs_do_mount() (bsc#799133).\n\n - fs/cifs: Move check for prefix path to within cifs_get_root() (bsc#799133).\n\n - fuse: Fixup buggy conflict resolution in patches.fixes/fuse-Propagate-dentry-down-to-inode_change\n _ok.patch.\n\n - genirq: Add untracked irq handler (bsc#1006827).\n\n - genirq: Use a common macro to go through the actions list (bsc#1006827).\n\n - gre: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU (bsc#1001486).\n\n - gro: Allow tunnel stacking in the case of FOU/GUE (bsc#1001486).\n\n - hpsa: fallback to use legacy REPORT PHYS command (bsc#1006175).\n\n - hpsa: use bus '3' for legacy HBA devices (bsc#1010665).\n\n - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665).\n\n - hv: do not lose pending heartbeat vmbus packets (bnc#1006918).\n\n - i2c: designware-baytrail: Work around Cherry Trail semaphore errors (bsc#1011913).\n\n - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576).\n\n - i40e: fix an uninitialized variable bug (bsc#969476 FATE#319648).\n\n - i40e: fix broken i40e_config_rss_aq function (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i40e: Remove redundant memset (bsc#969476 FATE#319648 bsc#969477 FATE#319816).\n\n - i810: Enable Intel i810 audio driver used in OpenQA VMs.\n\n - Import kabi files for x86_64/default from 4.4.27-2.1\n\n - iommu/arm-smmu: Add support for 16 bit VMID (fate#319978).\n\n - iommu/arm-smmu: Workaround for ThunderX erratum #27704 (fate#319978).\n\n - ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062).\n\n - kABI: protect struct mmc_packed (kabi).\n\n - kABI: protect struct mmc_packed (kabi).\n\n - kABI: reintroduce sk_filter (kabi).\n\n - kABI: reintroduce strtobool (kabi).\n\n - kABI: reintroduce strtobool (kabi).\n\n - kABI: restore ip_cmsg_recv_offset parameters (kabi).\n\n - kabi/severities: Ignore kABI for asoc Intel SST drivers (bsc#1010690) These drivers are self-contained, not for 3rd party drivers.\n\n - kernel-module-subpackage: Properly quote flavor in expressions That fixes a parse error if the flavor starts with a digit or contains other non-alphabetic characters.\n\n - kgr: ignore zombie tasks during the patching (bnc#1008979).\n\n - md/raid1: fix: IO can block resync indefinitely (bsc#1001310).\n\n - mm: do not use radix tree writeback tags for pages in swap cache (bnc#971975 VM performance -- swap).\n\n - mm/filemap: generic_file_read_iter(): check for zero reads unconditionally (bnc#1007955).\n\n - mm/mprotect.c: do not touch single threaded PTEs which are on the right node (bnc#971975 VM performance -- numa balancing).\n\n - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices (bsc#1006809).\n\n - net: sctp, forbid negative length (bnc#1005921).\n\n - netvsc: fix incorrect receive checksum offloading (bnc#1006915).\n\n - overlayfs: allow writing on read-only btrfs subvolumes (bsc#1010158)\n\n - pci/ACPI: Allow all PCIe services on non-ACPI host bridges (bsc#1006827).\n\n - pci: Allow additional bus numbers for hotplug bridges (bsc#1006827).\n\n - pci: correctly cast mem_base in pci_read_bridge_mmio_pref() (bsc#1001888).\n\n - pci: pciehp: Allow exclusive userspace control of indicators (bsc#1006827).\n\n - pci: Remove return values from pcie_port_platform_notify() and relatives (bsc#1006827).\n\n - perf/x86: Add perf support for AMD family-17h processors (fate#320473).\n\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813).\n\n - proc: much faster /proc/vmstat (bnc#971975 VM performance -- vmstat).\n\n - qede: Correctly map aggregation replacement pages (bsc#966318 FATE#320158 bsc#966316 FATE#320159).\n\n - qed: FLR of active VFs might lead to FW assert (bsc#966318 FATE#320158 bsc#966316 FATE#320159).\n\n - Reformat spec files according to the format_spec_file osc helper\n\n - Replace patches.kabi/kabi-hide-new-member-recursion_counter-in-s truct-sk_.patch by patches.kabi/kabi-hide-bsc-1001486-changes-in-struct-nap i_gro_cb.patch\n\n - Revert 'ACPI / LPSS: allow to use specific PM domain during ->probe()' (bsc#1005917).\n\n - Revert 'fix minor infoleak in get_user_ex()' (p.k.o).\n\n - REVERT fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)\n\n - Revert 'x86/mm: Expand the exception table logic to allow new handling options' (p.k.o).\n\n - rpm/config.sh: Build against SP2 in the OBS as well\n\n - rpm/constraints.in: increase disk for kernel-syzkaller The kernel-syzkaller build now consumes around 30G. This causes headache in factory where the package rebuilds over and over. Require 35G disk size to successfully build the flavor.\n\n - rpm/kernel-binary.spec.in: Build the -base package unconditionally (bsc#1000118)\n\n - rpm/kernel-binary.spec.in: Do not create KMPs with CONFIG_MODULES=n\n\n - rpm/kernel-binary.spec.in: Only build -base and -extra with CONFIG_MODULES (bsc#1000118)\n\n - rpm/kernel-binary.spec.in: Simplify debug info switch Any CONFIG_DEBUG_INFO sub-options are answered in the configs nowadays.\n\n - rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)\n\n - rpm/mkspec: Read a default release string from rpm/config.sh (bsc997059)\n\n - rpm/package-descriptions: Add 64kb kernel flavor description\n\n - rpm/package-descriptions: add kernel-syzkaller\n\n - rpm/package-descriptions: pv has been merged into\n -default (fate#315712)\n\n - rpm/package-descriptions: the flavor is 64kb, not 64k\n\n - sched/core: Optimize __schedule() (bnc#978907 Scheduler performance -- context switch).\n\n - sched/fair: Optimize find_idlest_cpu() when there is no choice (bnc#978907 Scheduler performance -- idle search).\n\n - supported.conf: Add overlay.ko to -base (fate#321903) Also, delete the stale entry for the old overlayfs.\n\n - supported.conf: Mark vmx-crypto as supported (fate#319564)\n\n - tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#963609 FATE#320143).\n\n - usbhid: add ATEN CS962 to list of quirky devices (bsc#1007615).\n\n - Whitelist KVM KABI changes resulting from adding a hcall. caused by 5246adec59458b5d325b8e1462ea9ef3ead7f6ae powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec No problem is expected as result of changing KVM KABI so whitelisting for now. If we get some additional input from IBM we can back out the patch.\n\n - writeback: initialize inode members that track writeback history (bsc#1012829).\n\n - x86/apic: Order irq_enter/exit() calls correctly vs.\n ack_APIC_irq() (bsc#1013479).\n\n - x86/efi: Enable runtime call flag checking (bsc#1005745).\n\n - x86/efi: Move to generic (__,)efi_call_virt() (bsc#1005745).\n\n - x86/mce/AMD, EDAC/mce_amd: Define and use tables for known SMCA IP types (fate#320474, bsc#1013700). Exclude removed symbols from kABI check. They're AMD Zen relevant only and completely useless to other modules - only edac_mce_amd.ko.\n\n - x86/mce/AMD: Increase size of the bank_map type (fate#320474, bsc#1013700).\n\n - x86/mce/AMD: Read MSRs on the CPU allocating the threshold blocks (fate#320474, bsc#1013700).\n\n - x86/mce/AMD: Update sysfs bank names for SMCA systems (fate#320474, bsc#1013700).\n\n - x86/mce/AMD: Use msr_ops.misc() in allocate_threshold_blocks() (fate#320474, bsc#1013700).\n\n - x86/PCI: VMD: Attach VMD resources to parent domain's resource tree (bsc#1006827).\n\n - x86/PCI: VMD: Document code for maintainability (bsc#1006827).\n\n - x86/PCI: VMD: Fix infinite loop executing irq's (bsc#1006827).\n\n - x86/PCI: VMD: Initialize list item in IRQ disable (bsc#1006827).\n\n - x86/PCI: VMD: Request userspace control of PCIe hotplug indicators (bsc#1006827).\n\n - x86/PCI: VMD: Select device dma ops to override (bsc#1006827).\n\n - x86/PCI: VMD: Separate MSI and MSI-X vector sharing (bsc#1006827).\n\n - x86/PCI: VMD: Set bus resource start to 0 (bsc#1006827).\n\n - x86/PCI: VMD: Use lock save/restore in interrupt enable path (bsc#1006827).\n\n - x86/PCI/VMD: Use untracked irq handler (bsc#1006827).\n\n - x86/PCI: VMD: Use x86_vector_domain as parent domain (bsc#1006827).\n\n - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing (bnc#1005169).\n\n - zram: Fix unbalanced idr management at hot removal (bsc#1010970).", "cvss3": {}, "published": "2016-12-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1350", "CVE-2015-8964", "CVE-2016-7039", "CVE-2016-7042", "CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8632", "CVE-2016-8655", "CVE-2016-8666", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9555", "CVE-2016-9794"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1426.NASL", "href": "https://www.tenable.com/plugins/nessus/95701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1426.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95701);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1350\", \"CVE-2015-8964\", \"CVE-2016-7039\", \"CVE-2016-7042\", \"CVE-2016-7913\", \"CVE-2016-7917\", \"CVE-2016-8632\", \"CVE-2016-8655\", \"CVE-2016-8666\", \"CVE-2016-9083\", \"CVE-2016-9084\", \"CVE-2016-9555\", \"CVE-2016-9794\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)\");\n script_summary(english:\"Check for the openSUSE-2016-1426 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x\n provides an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux kernel through 4.8.2,\n when the GNU Compiler Collection (gcc) stack protector\n is enabled, uses an incorrect buffer size for certain\n timeout data, which allowed local users to cause a\n denial of service (stack memory corruption and panic) by\n reading the /proc/keys file (bnc#1004517).\n\n - CVE-2016-7913: The xc2028_set_config function in\n drivers/media/tuners/tuner-xc2028.c in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (use-after-free) via vectors involving\n omission of the firmware name from a certain data\n structure (bnc#1010478).\n\n - CVE-2016-7917: The nfnetlink_rcv_batch function in\n net/netfilter/nfnetlink.c in the Linux kernel did not\n check whether a batch message's length field is large\n enough, which allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (infinite loop or out-of-bounds read) by\n leveraging the CAP_NET_ADMIN capability (bnc#1010444).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bnc#1008831).\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012754).\n\n - CVE-2016-8666: The IP stack in the Linux kernel allowed\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039 (bnc#1001486).\n\n - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux\n kernel allowed local users to bypass integer overflow\n checks, and cause a denial of service (memory\n corruption) or have unspecified other impact, by\n leveraging access to a vfio PCI device file for a\n VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine\n confusion bug (bnc#1007197).\n\n - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the\n Linux kernel misuses the kzalloc function, which allowed\n local users to cause a denial of service (integer\n overflow) or have unspecified other impact by leveraging\n access to a vfio PCI device file (bnc#1007197).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-9794: A use-after-free in alsa pcm could lead\n to crashes or allowed local users to potentially gain\n privileges (bsc#1013533).\n\nThe following non-security bugs were fixed :\n\n - acpi / pad: do not register acpi_pad driver if running\n as Xen dom0 (bnc#995278).\n\n - Add power key support for PMIcs which are already\n included in the configs (boo#1012477). Arm64 already has\n these so no need to patch it.\n\n - alsa: hda - Bind with i915 only when Intel graphics is\n present (bsc#1012767).\n\n - alsa: hda - Clear the leftover component assignment at\n snd_hdac_i915_exit() (bsc#1012767).\n\n - alsa: hda - Degrade i915 binding failure message\n (bsc#1012767).\n\n - alsa: hda - Fix yet another i915 pointer leftover in\n error path (bsc#1012767).\n\n - alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO\n (bsc#1004365).\n\n - arm64/efi: Enable runtime call flag checking\n (bsc#1005745).\n\n - arm64/efi: Move to generic (__,)efi_call_virt()\n (bsc#1005745).\n\n - arm64: Refuse to install 4k kernel on 64k system\n\n - arm64: Update config files. Disable\n CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576)\n\n - arm: bcm2835: add CPU node for ARM core (boo#1012094).\n\n - arm: bcm2835: Split the DT for peripherals from the DT\n for the CPU (boo#1012094).\n\n - asoc: cht_bsw_rt5645: Enable jack detection\n (bsc#1010690).\n\n - asoc: cht_bsw_rt5645: Fix writing to string literal\n (bsc#1010690).\n\n - asoc: cht_bsw_rt5672: Use HID translation unit\n (bsc#1010690).\n\n - asoc: intel: add function stub when ACPI is not enabled\n (bsc#1010690).\n\n - asoc: Intel: add fw name to common dsp context\n (bsc#1010690).\n\n - asoc: Intel: Add missing 10EC5672 ACPI ID matching for\n Cherry Trail (bsc#1010690).\n\n - asoc: Intel: Add module tags for common match module\n (bsc#1010690).\n\n - asoc: Intel: add NULL test (bsc#1010690).\n\n - asoc: Intel: Add quirks for MinnowBoard MAX\n (bsc#1010690).\n\n - asoc: Intel: Add surface3 entry in CHT-RT5645 machine\n (bsc#1010690).\n\n - asoc: Intel: Atom: add 24-bit support for media playback\n and capture (bsc#1010690).\n\n - asoc: Intel: Atom: add deep buffer definitions for atom\n platforms (bsc#1010690).\n\n - asoc: Intel: Atom: add definitions for modem/SSP0\n interface (bsc#1010690).\n\n - asoc: Intel: Atom: Add quirk for Surface 3\n (bsc#1010690).\n\n - asoc: Intel: Atom: add support for CHT w/ RT5640\n (bsc#1010690).\n\n - asoc: Intel: Atom: Add support for HP ElitePad 1000 G2\n (bsc#1010690).\n\n - asoc: Intel: Atom: add support for RT5642 (bsc#1010690).\n\n - asoc: Intel: Atom: add terminate entry for dmi_system_id\n tables (bsc#1010690).\n\n - asoc: Intel: Atom: auto-detection of Baytrail-CR\n (bsc#1010690).\n\n - asoc: Intel: Atom: clean-up compressed DAI definition\n (bsc#1010690).\n\n - asoc: Intel: atom: enable configuration of SSP0\n (bsc#1010690).\n\n - asoc: Intel: atom: fix 0-day warnings (bsc#1010690).\n\n - asoc: Intel: Atom: fix boot warning (bsc#1010690).\n\n - asoc: Intel: Atom: Fix message handling during drop\n stream (bsc#1010690).\n\n - asoc: Intel: atom: fix missing breaks that would cause\n the wrong operation to execute (bsc#1010690).\n\n - asoc: Intel: Atom: fix regression on compress DAI\n (bsc#1010690).\n\n - asoc: Intel: Atom: flip logic for gain Switch\n (bsc#1010690).\n\n - asoc: Intel: atom: Make some messages to debug level\n (bsc#1010690).\n\n - asoc: Intel: Atom: move atom driver to common acpi match\n (bsc#1010690).\n\n - asoc: Intel: atom: statify cht_quirk (bsc#1010690).\n\n - asoc: Intel: boards: add DEEP_BUFFER support for\n BYT/CHT/BSW (bsc#1010690).\n\n - asoc: Intel: boards: align pin names between byt-rt5640\n drivers (bsc#1010690).\n\n - asoc: Intel: boards: merge DMI-based quirks in\n bytcr-rt5640 driver (bsc#1010690).\n\n - asoc: Intel: boards: start merging byt-rt5640 drivers\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt56040: additional routing quirks\n (bsc#1010690).\n\n - asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: add MCLK support\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air\n 3G tablet (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: change quirk position\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: default routing and quirks on\n Baytrail-CR (bsc#1010690).\n\n - asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: enable differential mic quirk\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0\n routing (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: quirk for mono speaker\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch\n (bsc#1010690).\n\n - asoc: Intel: bytcr_rt5640: use HID translation util\n (bsc#1010690).\n\n - asoc: Intel: cht: fix uninit variable warning\n (bsc#1010690).\n\n - asoc: Intel: common: add translation from HID to\n codec-name (bsc#1010690).\n\n - asoc: Intel: common: filter ACPI devices with _STA\n return value (bsc#1010690).\n\n - asoc: Intel: common: increase the loglevel of 'FW Poll\n Status' (bsc#1010690).\n\n - asoc: Intel: Create independent acpi match module\n (bsc#1010690).\n\n - asoc: intel: Fix sst-dsp dependency on dw stuff\n (bsc#1010690).\n\n - asoc: Intel: Keep building old baytrail machine drivers\n (bsc#1010690).\n\n - asoc: Intel: Load the atom DPCM driver only\n (bsc#1010690).\n\n - asoc: intel: make function stub static (bsc#1010690).\n\n - asoc: Intel: Move apci find machine routines\n (bsc#1010690).\n\n - asoc: intel: Replace kthread with work (bsc#1010690).\n\n - asoc: Intel: Skylake: Always acquire runtime pm ref on\n unload (bsc#1005917).\n\n - asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x\n bytes issue (bsc#1010690).\n\n - asoc: rt5640: add ASRC support (bsc#1010690).\n\n - asoc: rt5640: add internal clock source support\n (bsc#1010690).\n\n - asoc: rt5640: add master clock handling for rt5640\n (bsc#1010690).\n\n - asoc: rt5640: add supplys for dac power (bsc#1010690).\n\n - asoc: rt5640: remove unused variable (bsc#1010690).\n\n - asoc: rt5640: Set PLL src according to source\n (bsc#1010690).\n\n - asoc: rt5645: add DAC1 soft volume func control\n (bsc#1010690).\n\n - asoc: rt5645: Add dmi_system_id 'Google Setzer'\n (bsc#1010690).\n\n - asoc: rt5645: extend delay time for headphone pop noise\n (bsc#1010690).\n\n - asoc: rt5645: fix reg-2f default value (bsc#1010690).\n\n - asoc: rt5645: improve headphone pop when system resumes\n from S3 (bsc#1010690).\n\n - asoc: rt5645: improve IRQ reaction time for HS button\n (bsc#1010690).\n\n - asoc: rt5645: merge DMI tables of google projects\n (bsc#1010690).\n\n - asoc: rt5645: patch reg-0x8a (bsc#1010690).\n\n - asoc: rt5645: polling jd status in all conditions\n (bsc#1010690).\n\n - asoc: rt5645: Separate regmap for rt5645 and rt5650\n (bsc#1010690).\n\n - asoc: rt5645: set RT5645_PRIV_INDEX as volatile\n (bsc#1010690).\n\n - asoc: rt5645: use polling to support HS button\n (bsc#1010690).\n\n - asoc: rt5645: Use the mod_delayed_work instead of the\n queue_delayed_work and cancel_delayed_work_sync\n (bsc#1010690).\n\n - asoc: rt5670: Add missing 10EC5072 ACPI ID\n (bsc#1010690).\n\n - asoc: rt5670: Enable Braswell platform workaround for\n Dell Wyse 3040 (bsc#1010690).\n\n - asoc: rt5670: fix HP Playback Volume control\n (bsc#1010690).\n\n - asoc: rt5670: patch reg-0x8a (bsc#1010690).\n\n - blacklist.conf: Remove intel_pstate potential patch that\n SLE 12 SP2 The code layout upstream that motivated this\n patch is completely different to what is in SLE 12 SP2\n as schedutil was not backported.\n\n - bna: Add synchronization for tx ring (bsc#993739).\n\n - btrfs: allocate root item at snapshot ioctl time\n (bsc#1012452).\n\n - btrfs: better packing of btrfs_delayed_extent_op\n (bsc#1012452).\n\n - btrfs: Check metadata redundancy on balance\n (bsc#1012452).\n\n - btrfs: clean up an error code in btrfs_init_space_info()\n (bsc#1012452).\n\n - btrfs: cleanup, stop casting for extent_map->lookup\n everywhere (bsc#1012452).\n\n - btrfs: cleanup, use enum values for btrfs_path reada\n (bsc#1012452).\n\n - btrfs: deal with duplicates during extent_map insertion\n in btrfs_get_extent (bsc#1001171).\n\n - btrfs: deal with existing encompassing extent map in\n btrfs_get_extent() (bsc#1001171).\n\n - btrfs: do an allocation earlier during snapshot creation\n (bsc#1012452).\n\n - btrfs: do not create or leak aliased root while cleaning\n up orphans (bsc#994881).\n\n - btrfs: do not leave dangling dentry if symlink creation\n failed (bsc#1012452).\n\n - btrfs: do not use slab cache for struct\n btrfs_delalloc_work (bsc#1012452).\n\n - btrfs: drop duplicate prefix from scrub workqueues\n (bsc#1012452).\n\n - btrfs: drop unused parameter from lock_extent_bits\n (bsc#1012452).\n\n - btrfs: Enhance chunk validation check (bsc#1012452).\n\n - btrfs: Enhance super validation check (bsc#1012452).\n\n - btrfs: Ensure proper sector alignment for\n btrfs_free_reserved_data_space (bsc#1005666).\n\n - btrfs: Expoert and move leaf/subtree qgroup helpers to\n qgroup.c (bsc983087, bsc986255).\n\n - btrfs: fix incremental send failure caused by balance\n (bsc#985850).\n\n - btrfs: fix locking bugs when defragging leaves\n (bsc#1012452).\n\n - btrfs: fix memory leaks after transaction is aborted\n (bsc#1012452).\n\n - btrfs: fix output of compression message in\n btrfs_parse_options() (bsc#1012452).\n\n - btrfs: fix race between free space endio workers and\n space cache writeout (bsc#1012452).\n\n - btrfs: fix races on root_log_ctx lists (bsc#1007653).\n\n - btrfs: fix race when finishing dev replace leading to\n transaction abort (bsc#1012452).\n\n - btrfs: fix relocation incorrectly dropping data\n references (bsc#990384).\n\n - btrfs: fix typo in log message when starting a balance\n (bsc#1012452).\n\n - btrfs: fix unprotected list operations at\n btrfs_write_dirty_block_groups (bsc#1012452).\n\n - btrfs: handle quota reserve failure properly\n (bsc#1005666).\n\n - btrfs: make btrfs_close_one_device static (bsc#1012452).\n\n - btrfs: make clear_extent_bit helpers static inline\n (bsc#1012452).\n\n - btrfs: make clear_extent_buffer_uptodate return void\n (bsc#1012452).\n\n - btrfs: make end_extent_writepage return void\n (bsc#1012452).\n\n - btrfs: make extent_clear_unlock_delalloc return void\n (bsc#1012452).\n\n - btrfs: make extent_range_clear_dirty_for_io return void\n (bsc#1012452).\n\n - btrfs: make extent_range_redirty_for_io return void\n (bsc#1012452).\n\n - btrfs: make lock_extent static inline (bsc#1012452).\n\n - btrfs: make set_extent_bit helpers static inline\n (bsc#1012452).\n\n - btrfs: make set_extent_buffer_uptodate return void\n (bsc#1012452).\n\n - btrfs: make set_range_writeback return void\n (bsc#1012452).\n\n - btrfs: preallocate path for snapshot creation at ioctl\n time (bsc#1012452).\n\n - btrfs: put delayed item hook into inode (bsc#1012452).\n\n - btrfs: qgroup: Add comments explaining how btrfs qgroup\n works (bsc983087, bsc986255).\n\n - btrfs: qgroup: Fix qgroup data leaking by using subtree\n tracing (bsc983087, bsc986255).\n\n - btrfs: qgroup: Rename functions to make it follow\n reserve, trace, account steps (bsc983087, bsc986255).\n\n - btrfs: remove a trivial helper btrfs_set_buffer_uptodate\n (bsc#1012452).\n\n - btrfs: remove root_log_ctx from ctx list before\n btrfs_sync_log returns (bsc#1007653).\n\n - btrfs: remove unused inode argument from\n uncompress_inline() (bsc#1012452).\n\n - btrfs: remove wait from struct btrfs_delalloc_work\n (bsc#1012452).\n\n - btrfs: send, do not bug on inconsistent snapshots\n (bsc#985850).\n\n - btrfs: sink parameter wait to btrfs_alloc_delalloc_work\n (bsc#1012452).\n\n - btrfs: Support convert to -d dup for btrfs-convert\n (bsc#1012452).\n\n - btrfs: Update\n patches.suse/btrfs-8401-fix-qgroup-accounting-when-creat\n ing-snap.patch (bsc#972993).\n\n - btrfs: use GFP_KERNEL for allocations in ioctl handlers\n (bsc#1012452).\n\n - btrfs: use GFP_KERNEL for allocations of workqueues\n (bsc#1012452).\n\n - btrfs: use GFP_KERNEL for xattr and acl allocations\n (bsc#1012452).\n\n - btrfs: use smaller type for btrfs_path locks\n (bsc#1012452).\n\n - btrfs: use smaller type for btrfs_path lowest_level\n (bsc#1012452).\n\n - btrfs: use smaller type for btrfs_path reada\n (bsc#1012452).\n\n - btrfs: verbose error when we find an unexpected item in\n sys_array (bsc#1012452).\n\n - config: i2c: Enable CONFIG_I2C_DESIGNWARE_PLATFORM and\n *_BAYTRAIL (bsc#1010690) Realtek codecs on CHT platform\n require this i2c bus driver.\n\n - config: select new CONFIG_SND_SOC_INTEL_SST_* helpers\n\n - config: Update config files. (boo#1012094)\n\n - config: Update config files (bsc#1009454) Do not set\n CONFIG_EFI_SECURE_BOOT_SECURELEVEL in x86_64/default and\n x86_64/debug. We do not need to set\n CONFIG_EFI_SECURE_BOOT_SECURELEVEL in openSUSE kernel\n because openSUSE does not enable kernel module signature\n check (bsc#843661). Without kernel module signature\n check, the root account is allowed to load arbitrary\n kernel module to kernel space. Then lock functions by\n securelevel is pointless.\n\n - cxgbi: fix uninitialized flowi6 (bsc#963904\n FATE#320115).\n\n - Delete\n patches.fixes/Add-a-missed-complete-in-iscsit_close_conn\n ection.patch. remove patch\n Add-a-missed-complete-in-iscsit_close_connection.patch\n add bsc#997807 bsc#992555 in patch-4.4.27-28 references\n\n - dell-laptop: Fixate rfkill work on CPU#0 (bsc#1004052).\n\n - dell-wmi: Check if Dell WMI descriptor structure is\n valid (bsc#1004052).\n\n - dell-wmi: Clean up hotkey table size check\n (bsc#1004052).\n\n - dell-wmi: Ignore WMI event code 0xe045 (bsc#1004052).\n\n - dell-wmi: Improve unknown hotkey handling (bsc#1004052).\n\n - dell-wmi: Process only one event on devices with\n interface version 0 (bsc#1004052).\n\n - dell-wmi: Stop storing pointers to DMI tables\n (bsc#1004052).\n\n - dell-wmi: Support new hotkeys on the XPS 13 9350\n (Skylake) (bsc#1004052).\n\n - dell_wmi: Use a C99-style array for\n bios_to_linux_keycode (bsc#1004052).\n\n - drm/i915: Add missing ring_mask to Pineview\n (bsc#1005917).\n\n - drm/i915: Calculate watermark related members in the\n crtc_state, v4 (bsc#1011176).\n\n - drm/i915/ivb: Move WaCxSRDisabledForSpriteScaling w/a to\n atomic check (bsc#1011176).\n\n - drm/i915: Move disable_cxsr to the crtc_state\n (bsc#1011176).\n\n - drm/mgag200: fix error return code in mgag200fb_create()\n (bsc#1005917).\n\n - drm/radeon: Also call cursor_move_locked when the cursor\n size changes (bsc#1000433).\n\n - drm/radeon: Always store CRTC relative\n radeon_crtc->cursor_x/y values (bsc#1000433).\n\n - drm/radeon: Ensure vblank interrupt is enabled on DPMS\n transition to on (bsc#998054)\n\n - drm/radeon: Hide the HW cursor while it's out of bounds\n (bsc#1000433).\n\n - drm/radeon: Switch to drm_vblank_on/off (bsc#998054).\n\n - Drop kernel-obs-qa-xen unconditionally (bsc#1010040) The\n IBS cannot build it, even if there is a xen-capable\n kernel-obs-build.\n\n - edac/mce_amd: Add missing SMCA error descriptions\n (fate#320474, bsc#1013700).\n\n - edac/mce_amd: Use SMCA prefix for error descriptions\n arrays (fate#320474, bsc#1013700).\n\n - efi/runtime-wrappers: Add (__,)efi_call_virt() templates\n (bsc#1005745).\n\n - efi/runtime-wrappers: Detect firmware IRQ flag\n corruption (bsc#1005745).\n\n - efi/runtime-wrappers: Remove redundant #ifdefs\n (bsc#1005745).\n\n - ext4: fix data exposure after a crash (bsc#1012829).\n\n - fs, block: force direct-I/O for dax-enabled block\n devices (bsc#1012992).\n\n - fs/cifs: cifs_get_root shouldn't use path with tree name\n (bsc#963655, bsc#979681).\n\n - fs/cifs: Compare prepaths when comparing superblocks\n (bsc#799133).\n\n - fs/cifs: Fix memory leaks in cifs_do_mount()\n (bsc#799133).\n\n - fs/cifs: Move check for prefix path to within\n cifs_get_root() (bsc#799133).\n\n - fuse: Fixup buggy conflict resolution in\n patches.fixes/fuse-Propagate-dentry-down-to-inode_change\n _ok.patch.\n\n - genirq: Add untracked irq handler (bsc#1006827).\n\n - genirq: Use a common macro to go through the actions\n list (bsc#1006827).\n\n - gre: Disable segmentation offloads w/ CSUM and we are\n encapsulated via FOU (bsc#1001486).\n\n - gro: Allow tunnel stacking in the case of FOU/GUE\n (bsc#1001486).\n\n - hpsa: fallback to use legacy REPORT PHYS command\n (bsc#1006175).\n\n - hpsa: use bus '3' for legacy HBA devices (bsc#1010665).\n\n - hpsa: use correct DID_NO_CONNECT hostbyte (bsc#1010665).\n\n - hv: do not lose pending heartbeat vmbus packets\n (bnc#1006918).\n\n - i2c: designware-baytrail: Work around Cherry Trail\n semaphore errors (bsc#1011913).\n\n - i2c: xgene: Avoid dma_buffer overrun (bsc#1006576).\n\n - i40e: fix an uninitialized variable bug (bsc#969476\n FATE#319648).\n\n - i40e: fix broken i40e_config_rss_aq function (bsc#969476\n FATE#319648 bsc#969477 FATE#319816).\n\n - i40e: Remove redundant memset (bsc#969476 FATE#319648\n bsc#969477 FATE#319816).\n\n - i810: Enable Intel i810 audio driver used in OpenQA VMs.\n\n - Import kabi files for x86_64/default from 4.4.27-2.1\n\n - iommu/arm-smmu: Add support for 16 bit VMID\n (fate#319978).\n\n - iommu/arm-smmu: Workaround for ThunderX erratum #27704\n (fate#319978).\n\n - ipmi_si: create hardware-independent softdep for\n ipmi_devintf (bsc#1009062).\n\n - kABI: protect struct mmc_packed (kabi).\n\n - kABI: protect struct mmc_packed (kabi).\n\n - kABI: reintroduce sk_filter (kabi).\n\n - kABI: reintroduce strtobool (kabi).\n\n - kABI: reintroduce strtobool (kabi).\n\n - kABI: restore ip_cmsg_recv_offset parameters (kabi).\n\n - kabi/severities: Ignore kABI for asoc Intel SST drivers\n (bsc#1010690) These drivers are self-contained, not for\n 3rd party drivers.\n\n - kernel-module-subpackage: Properly quote flavor in\n expressions That fixes a parse error if the flavor\n starts with a digit or contains other non-alphabetic\n characters.\n\n - kgr: ignore zombie tasks during the patching\n (bnc#1008979).\n\n - md/raid1: fix: IO can block resync indefinitely\n (bsc#1001310).\n\n - mm: do not use radix tree writeback tags for pages in\n swap cache (bnc#971975 VM performance -- swap).\n\n - mm/filemap: generic_file_read_iter(): check for zero\n reads unconditionally (bnc#1007955).\n\n - mm/mprotect.c: do not touch single threaded PTEs which\n are on the right node (bnc#971975 VM performance -- numa\n balancing).\n\n - net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported\n devices (bsc#1006809).\n\n - net: sctp, forbid negative length (bnc#1005921).\n\n - netvsc: fix incorrect receive checksum offloading\n (bnc#1006915).\n\n - overlayfs: allow writing on read-only btrfs subvolumes\n (bsc#1010158)\n\n - pci/ACPI: Allow all PCIe services on non-ACPI host\n bridges (bsc#1006827).\n\n - pci: Allow additional bus numbers for hotplug bridges\n (bsc#1006827).\n\n - pci: correctly cast mem_base in\n pci_read_bridge_mmio_pref() (bsc#1001888).\n\n - pci: pciehp: Allow exclusive userspace control of\n indicators (bsc#1006827).\n\n - pci: Remove return values from\n pcie_port_platform_notify() and relatives (bsc#1006827).\n\n - perf/x86: Add perf support for AMD family-17h processors\n (fate#320473).\n\n - powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table\n during kexec (bsc#1003813).\n\n - proc: much faster /proc/vmstat (bnc#971975 VM\n performance -- vmstat).\n\n - qede: Correctly map aggregation replacement pages\n (bsc#966318 FATE#320158 bsc#966316 FATE#320159).\n\n - qed: FLR of active VFs might lead to FW assert\n (bsc#966318 FATE#320158 bsc#966316 FATE#320159).\n\n - Reformat spec files according to the format_spec_file\n osc helper\n\n - Replace\n patches.kabi/kabi-hide-new-member-recursion_counter-in-s\n truct-sk_.patch by\n patches.kabi/kabi-hide-bsc-1001486-changes-in-struct-nap\n i_gro_cb.patch\n\n - Revert 'ACPI / LPSS: allow to use specific PM domain\n during ->probe()' (bsc#1005917).\n\n - Revert 'fix minor infoleak in get_user_ex()' (p.k.o).\n\n - REVERT fs/cifs: fix wrongly prefixed path to root\n (bsc#963655, bsc#979681)\n\n - Revert 'x86/mm: Expand the exception table logic to\n allow new handling options' (p.k.o).\n\n - rpm/config.sh: Build against SP2 in the OBS as well\n\n - rpm/constraints.in: increase disk for kernel-syzkaller\n The kernel-syzkaller build now consumes around 30G. This\n causes headache in factory where the package rebuilds\n over and over. Require 35G disk size to successfully\n build the flavor.\n\n - rpm/kernel-binary.spec.in: Build the -base package\n unconditionally (bsc#1000118)\n\n - rpm/kernel-binary.spec.in: Do not create KMPs with\n CONFIG_MODULES=n\n\n - rpm/kernel-binary.spec.in: Only build -base and -extra\n with CONFIG_MODULES (bsc#1000118)\n\n - rpm/kernel-binary.spec.in: Simplify debug info switch\n Any CONFIG_DEBUG_INFO sub-options are answered in the\n configs nowadays.\n\n - rpm/kernel-spec-macros: Ignore too high rebuild counter\n (bsc#1012060)\n\n - rpm/mkspec: Read a default release string from\n rpm/config.sh (bsc997059)\n\n - rpm/package-descriptions: Add 64kb kernel flavor\n description\n\n - rpm/package-descriptions: add kernel-syzkaller\n\n - rpm/package-descriptions: pv has been merged into\n -default (fate#315712)\n\n - rpm/package-descriptions: the flavor is 64kb, not 64k\n\n - sched/core: Optimize __schedule() (bnc#978907 Scheduler\n performance -- context switch).\n\n - sched/fair: Optimize find_idlest_cpu() when there is no\n choice (bnc#978907 Scheduler performance -- idle\n search).\n\n - supported.conf: Add overlay.ko to -base (fate#321903)\n Also, delete the stale entry for the old overlayfs.\n\n - supported.conf: Mark vmx-crypto as supported\n (fate#319564)\n\n - tg3: Avoid NULL pointer dereference in\n tg3_io_error_detected() (bsc#963609 FATE#320143).\n\n - usbhid: add ATEN CS962 to list of quirky devices\n (bsc#1007615).\n\n - Whitelist KVM KABI changes resulting from adding a\n hcall. caused by\n 5246adec59458b5d325b8e1462ea9ef3ead7f6ae\n powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table\n during kexec No problem is expected as result of\n changing KVM KABI so whitelisting for now. If we get\n some additional input from IBM we can back out the\n patch.\n\n - writeback: initialize inode members that track writeback\n history (bsc#1012829).\n\n - x86/apic: Order irq_enter/exit() calls correctly vs.\n ack_APIC_irq() (bsc#1013479).\n\n - x86/efi: Enable runtime call flag checking\n (bsc#1005745).\n\n - x86/efi: Move to generic (__,)efi_call_virt()\n (bsc#1005745).\n\n - x86/mce/AMD, EDAC/mce_amd: Define and use tables for\n known SMCA IP types (fate#320474, bsc#1013700). Exclude\n removed symbols from kABI check. They're AMD Zen\n relevant only and completely useless to other modules -\n only edac_mce_amd.ko.\n\n - x86/mce/AMD: Increase size of the bank_map type\n (fate#320474, bsc#1013700).\n\n - x86/mce/AMD: Read MSRs on the CPU allocating the\n threshold blocks (fate#320474, bsc#1013700).\n\n - x86/mce/AMD: Update sysfs bank names for SMCA systems\n (fate#320474, bsc#1013700).\n\n - x86/mce/AMD: Use msr_ops.misc() in\n allocate_threshold_blocks() (fate#320474, bsc#1013700).\n\n - x86/PCI: VMD: Attach VMD resources to parent domain's\n resource tree (bsc#1006827).\n\n - x86/PCI: VMD: Document code for maintainability\n (bsc#1006827).\n\n - x86/PCI: VMD: Fix infinite loop executing irq's\n (bsc#1006827).\n\n - x86/PCI: VMD: Initialize list item in IRQ disable\n (bsc#1006827).\n\n - x86/PCI: VMD: Request userspace control of PCIe hotplug\n indicators (bsc#1006827).\n\n - x86/PCI: VMD: Select device dma ops to override\n (bsc#1006827).\n\n - x86/PCI: VMD: Separate MSI and MSI-X vector sharing\n (bsc#1006827).\n\n - x86/PCI: VMD: Set bus resource start to 0 (bsc#1006827).\n\n - x86/PCI: VMD: Use lock save/restore in interrupt enable\n path (bsc#1006827).\n\n - x86/PCI/VMD: Use untracked irq handler (bsc#1006827).\n\n - x86/PCI: VMD: Use x86_vector_domain as parent domain\n (bsc#1006827).\n\n - xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid\n NUMA balancing (bnc#1005169).\n\n - zram: Fix unbalanced idr management at hot removal\n (bsc#1010970).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1000433\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001310\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001486\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1001888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1003813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1005929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006809\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006827\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1006918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1008979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010040\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010478\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1010970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=843661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=964462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=969477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=987805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=991414\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=992555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=993739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=994881\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=995278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998054\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-base-debuginfo-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debuginfo-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-debugsource-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-debug-devel-debuginfo-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-base-debuginfo-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debuginfo-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-debugsource-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-default-devel-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-devel-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-html-4.4.36-5.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-docs-pdf-4.4.36-5.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-macros-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-build-debugsource-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-obs-qa-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-source-vanilla-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-syms-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-base-debuginfo-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debuginfo-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-debugsource-4.4.36-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"kernel-vanilla-devel-4.4.36-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:18", "description": "This update for the Linux Kernel 3.12.60-52_49 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3113-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_49-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_49-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3113-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95803", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3113-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95803);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3113-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_49 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bsc#1012183).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163113-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f33673fe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1808=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1808=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_49-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_49-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_49-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_49-xen-4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:31:12", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Revert 'i40e: Set defport behavior for the Main VSI when in promiscuous mode' (Jack Vogel) [Orabug: 22683573]\n\n - mlx4: avoid multiple free on id_map_ent (Wengang Wang)\n\n - xen-netfront: cast grant table reference first to type int (Dongli Zhang)\n\n - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)\n\n - RDS: Drop the connection as part of cancel to avoid hangs (Avinash Repaka) [Orabug: 25045360]\n\n - sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142879] (CVE-2016-9555)\n\n - mpi: Fix NULL ptr dereference in mpi_powm [ver #3] (Andrey Ryabinin) [Orabug: 25154098] (CVE-2016-8650) (CVE-2016-8650)", "cvss3": {}, "published": "2016-12-13T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0175)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8650", "CVE-2016-9555"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2016-0175.NASL", "href": "https://www.tenable.com/plugins/nessus/95760", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0175.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95760);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8650\", \"CVE-2016-9555\");\n\n script_name(english:\"OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0175)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Revert 'i40e: Set defport behavior for the Main VSI when\n in promiscuous mode' (Jack Vogel) [Orabug: 22683573]\n\n - mlx4: avoid multiple free on id_map_ent (Wengang Wang)\n\n - xen-netfront: cast grant table reference first to type\n int (Dongli Zhang)\n\n - xen-netfront: do not cast grant table reference to\n signed short (Dongli Zhang)\n\n - RDS: Drop the connection as part of cancel to avoid\n hangs (Avinash Repaka) [Orabug: 25045360]\n\n - sctp: validate chunk len before actually using it\n (Marcelo Ricardo Leitner) [Orabug: 25142879]\n (CVE-2016-9555)\n\n - mpi: Fix NULL ptr dereference in mpi_powm [ver #3]\n (Andrey Ryabinin) [Orabug: 25154098] (CVE-2016-8650)\n (CVE-2016-8650)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2016-December/000602.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?511fc0e1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-3.8.13-118.15.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"kernel-uek-firmware-3.8.13-118.15.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:25", "description": "This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3197-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3197-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95989", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3197-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95989);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3197-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bsc#1012183).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163197-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?634af629\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1855=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1855=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_54-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_54-xen-4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:42", "description": "This update for the Linux Kernel 3.12.60-52_57 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet packet_set_ring function could be used by local attackers to crash the kernel or gain privileges (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacks chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bsc#1012183).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3247-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-8655", "CVE-2016-9555"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_57-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_57-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3247-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96088", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3247-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96088);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-8655\", \"CVE-2016-9555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3247-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for the Linux Kernel 3.12.60-52_57 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-8655: A race condition in the af_packet\n packet_set_ring function could be used by local\n attackers to crash the kernel or gain privileges\n (bsc#1012759).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacks\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bsc#1012183).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012759\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8655/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9555/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163247-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7792f26\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2016-1892=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2016-1892=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET chocobo_root Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_57-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_57-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_57-default-2-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_60-52_57-xen-2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:07:50", "description": "A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650)\n\nThe blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. (CVE-2016-9576)\n\nThe sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.\n(CVE-2016-9793)\n\nA flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out of bounds read by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399)\n\nAlgorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a 'mcryptd(alg)' name construct. This causes mcryptd to crash the kernel if an arbitrary 'alg' is incompatible and not intended to be used with mcryptd.\n(CVE-2016-10147)\n\n(Updated on 2017-01-19: CVE-2016-8399 was fixed in this release but was previously not part of this errata.)\n\n(Updated on 2017-02-22: CVE-2016-10147 was fixed in this release but was previously not part of this errata.)", "cvss3": {}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10147", "CVE-2016-8399", "CVE-2016-8650", "CVE-2016-9576", "CVE-2016-9793"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-782.NASL", "href": "https://www.tenable.com/plugins/nessus/96284", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-782.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96284);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2016-10147\", \"CVE-2016-8399\", \"CVE-2016-8650\", \"CVE-2016-9576\", \"CVE-2016-9793\");\n script_xref(name:\"ALAS\", value:\"2017-782\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-782)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel key management subsystem in which\na local attacker could crash the kernel or corrupt the stack and\nadditional memory (denial of service) by supplying a specially crafted\nRSA key. This flaw panics the machine during the verification of the\nRSA key. (CVE-2016-8650)\n\nThe blk_rq_map_user_iov function in block/blk-map.c in the Linux\nkernel before 4.8.14 does not properly restrict the type of iterator,\nwhich allows local users to read or write to arbitrary kernel memory\nlocations or cause a denial of service (use-after-free) by leveraging\naccess to a /dev/sg device. (CVE-2016-9576)\n\nThe sock_setsockopt function in net/core/sock.c in the Linux kernel\nbefore 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf,\nwhich allows local users to cause a denial of service (memory\ncorruption and system crash) or possibly have unspecified other impact\nby leveraging the CAP_NET_ADMIN capability for a crafted setsockopt\nsystem call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.\n(CVE-2016-9793)\n\nA flaw was found in the Linux networking subsystem where a local\nattacker with CAP_NET_ADMIN capabilities could cause an out of bounds\nread by creating a smaller-than-expected ICMP header and sending to\nits destination via sendto(). (CVE-2016-8399)\n\nAlgorithms not compatible with mcryptd could be spawned by mcryptd\nwith a direct crypto_alloc_tfm invocation using a 'mcryptd(alg)' name\nconstruct. This causes mcryptd to crash the kernel if an arbitrary\n'alg' is incompatible and not intended to be used with mcryptd.\n(CVE-2016-10147)\n\n(Updated on 2017-01-19: CVE-2016-8399 was fixed in this release but\nwas previously not part of this errata.)\n\n(Updated on 2017-02-22: CVE-2016-10147 was fixed in this release but\nwas previously not part of this errata.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-782.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.39-34.54.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.39-34.54.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:09:44", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux kernel did not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that did not supply a key, related to the lrw_crypt function in crypto/lrw.c (bnc#1008374).\n\n - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix ACLs (bsc#1021258).\n\n - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).\n\n - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831).\n\n - CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could have enabled a local malicious application to execute arbitrary code within the context of the kernel bnc#1014746).\n\n - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).\n\n - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).\n\n - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566).\n\n - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832).\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).\n\n - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467).\n\n - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel in certain unusual hardware configurations allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux, when the GNU Compiler Collection (gcc) stack protector is enabled, used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file (bnc#994759).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-02-21T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2004-0230", "CVE-2012-6704", "CVE-2015-1350", "CVE-2015-8956", "CVE-2015-8962", "CVE-2015-8964", "CVE-2015-8970", "CVE-2016-0823", "CVE-2016-10088", "CVE-2016-3841", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-7117", "CVE-2016-7425", "CVE-2016-7910", "CVE-2016-7911", "CVE-2016-7916", "CVE-2016-8399", "CVE-2016-8632", "CVE-2016-8633", "CVE-2016-8646", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9685", "CVE-2016-9756", "CVE-2016-9793", "CVE-2017-5551"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0494-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0494-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97297);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-0230\", \"CVE-2012-6704\", \"CVE-2015-1350\", \"CVE-2015-8956\", \"CVE-2015-8962\", \"CVE-2015-8964\", \"CVE-2015-8970\", \"CVE-2016-0823\", \"CVE-2016-10088\", \"CVE-2016-3841\", \"CVE-2016-6828\", \"CVE-2016-7042\", \"CVE-2016-7097\", \"CVE-2016-7117\", \"CVE-2016-7425\", \"CVE-2016-7910\", \"CVE-2016-7911\", \"CVE-2016-7916\", \"CVE-2016-8399\", \"CVE-2016-8632\", \"CVE-2016-8633\", \"CVE-2016-8646\", \"CVE-2016-9555\", \"CVE-2016-9576\", \"CVE-2016-9685\", \"CVE-2016-9756\", \"CVE-2016-9793\", \"CVE-2017-5551\");\n script_bugtraq_id(10183);\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2015-8970: crypto/algif_skcipher.c in the Linux\n kernel did not verify that a setkey operation has been\n performed on an AF_ALG socket before an accept system\n call is processed, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) via a crafted application that did not supply a\n key, related to the lrw_crypt function in crypto/lrw.c\n (bnc#1008374).\n\n - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix\n ACLs (bsc#1021258).\n\n - CVE-2016-7097: The filesystem implementation in the\n Linux kernel preserves the setgid bit during a setxattr\n call, which allowed local users to gain group privileges\n by leveraging the existence of a setgid program with\n restrictions on execute permissions (bnc#995968).\n\n - CVE-2016-10088: The sg implementation in the Linux\n kernel did not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allowed local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete\n fix for CVE-2016-9576 (bnc#1017710).\n\n - CVE-2004-0230: TCP, when using a large Window Size, made\n it easier for remote attackers to guess sequence numbers\n and cause a denial of service (connection loss) to\n persistent TCP connections by repeatedly injecting a TCP\n RST packet, especially in protocols that use long-lived\n connections, such as BGP (bnc#969340).\n\n - CVE-2016-8632: The tipc_msg_build function in\n net/tipc/msg.c in the Linux kernel did not validate the\n relationship between the minimum fragment length and the\n maximum packet size, which allowed local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) by leveraging the CAP_NET_ADMIN\n capability (bnc#1008831).\n\n - CVE-2016-8399: An elevation of privilege vulnerability\n in the kernel networking subsystem could have enabled a\n local malicious application to execute arbitrary code\n within the context of the kernel bnc#1014746).\n\n - CVE-2016-9793: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1)\n SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option\n (bnc#1013531).\n\n - CVE-2012-6704: The sock_setsockopt function in\n net/core/sock.c in the Linux kernel mishandled negative\n values of sk_sndbuf and sk_rcvbuf, which allowed local\n users to cause a denial of service (memory corruption\n and system crash) or possibly have unspecified other\n impact by leveraging the CAP_NET_ADMIN capability for a\n crafted setsockopt system call with the (1) SO_SNDBUF or\n (2) SO_RCVBUF option (bnc#1013542).\n\n - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux\n kernel did not properly initialize Code Segment (CS) in\n certain error cases, which allowed local users to obtain\n sensitive information from kernel stack memory via a\n crafted application (bnc#1013038).\n\n - CVE-2016-3841: The IPv6 stack in the Linux kernel\n mishandled options data, which allowed local users to\n gain privileges or cause a denial of service\n (use-after-free and system crash) via a crafted sendmsg\n system call (bnc#992566).\n\n - CVE-2016-9685: Multiple memory leaks in error paths in\n fs/xfs/xfs_attr_list.c in the Linux kernel allowed local\n users to cause a denial of service (memory consumption)\n via crafted XFS filesystem operations (bnc#1012832).\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel\n provided an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2015-8962: Double free vulnerability in the\n sg_common_write function in drivers/scsi/sg.c in the\n Linux kernel allowed local users to gain privileges or\n cause a denial of service (memory corruption and system\n crash) by detaching a device during an SG_IO ioctl call\n (bnc#1010501).\n\n - CVE-2016-9555: The sctp_sf_ootb function in\n net/sctp/sm_statefuns.c in the Linux kernel lacked\n chunk-length checking for the first chunk, which allowed\n remote attackers to cause a denial of service\n (out-of-bounds slab access) or possibly have unspecified\n other impact via crafted SCTP data (bnc#1011685).\n\n - CVE-2016-7910: Use-after-free vulnerability in the\n disk_seqf_stop function in block/genhd.c in the Linux\n kernel allowed local users to gain privileges by\n leveraging the execution of a certain stop operation\n even if the corresponding start operation had failed\n (bnc#1010716).\n\n - CVE-2016-7911: Race condition in the get_task_ioprio\n function in block/ioprio.c in the Linux kernel allowed\n local users to gain privileges or cause a denial of\n service (use-after-free) via a crafted ioprio_get system\n call (bnc#1010711).\n\n - CVE-2015-8964: The tty_set_termios_ldisc function in\n drivers/tty/tty_ldisc.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a tty data structure (bnc#1010507).\n\n - CVE-2016-7916: Race condition in the environ_read\n function in fs/proc/base.c in the Linux kernel allowed\n local users to obtain sensitive information from kernel\n memory by reading a /proc/*/environ file during a\n process-setup time interval in which\n environment-variable copying is incomplete\n (bnc#1010467).\n\n - CVE-2016-8646: The hash_accept function in\n crypto/algif_hash.c in the Linux kernel allowed local\n users to cause a denial of service (OOPS) by attempting\n to trigger use of in-kernel hash algorithms for a socket\n that has received zero bytes of data (bnc#1010150).\n\n - CVE-2016-8633: drivers/firewire/net.c in the Linux\n kernel in certain unusual hardware configurations\n allowed remote attackers to execute arbitrary code via\n crafted fragmented packets (bnc#1008833).\n\n - CVE-2016-7042: The proc_keys_show function in\n security/keys/proc.c in the Linux, when the GNU Compiler\n Collection (gcc) stack protector is enabled, used an\n incorrect buffer size for certain timeout data, which\n allowed local users to cause a denial of service (stack\n memory corruption and panic) by reading the /proc/keys\n file (bnc#1004517).\n\n - CVE-2015-8956: The rfcomm_sock_bind function in\n net/bluetooth/rfcomm/sock.c in the Linux kernel allowed\n local users to obtain sensitive information or cause a\n denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM\n socket (bnc#1003925).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-0823: The pagemap_open function in\n fs/proc/task_mmu.c in the Linux kernel allowed local\n users to obtain sensitive physical-address information\n by reading a pagemap file (bnc#994759).\n\n - CVE-2016-7425: The arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did\n not restrict a certain length field, which allowed local\n users to gain privileges or cause a denial of service\n (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).\n\n - CVE-2016-6828: The tcp_check_send_head function in\n include/net/tcp.h in the Linux kernel did not properly\n maintain certain SACK state after a failed data copy,\n which allowed local users to cause a denial of service\n (tcp_xmit_retransmit_queue use-after-free and system\n crash) via a crafted SACK option (bnc#994296).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1001419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1002165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008833\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008850\"\n );\n script_se